Err, yes, and?

WikiLeaks has published thousands of documents claiming to reveal top CIA hacking secrets, including the agency’s ability to infiltrate encrypted apps like Whatsapp, break into smart TVs and phones and program self-driving cars.
WikiLeaks said the files released on Tuesday – mysteriously dubbed ‘ Vault 7’ – are the most comprehensive release of U.S. spying files ever made public.
The leak purportedly includes 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.

It details intelligence information on CIA-developed software intended to hack iPhones, Android phones, smart TVs and Microsoft, Mac and Linux operating systems.
WikiLeaks alleges that some of the remote hacking programs can turn these electronic devices into recording and transmitting stations to spy on their targets.
It also claims the CIA can bypass the encryption of Whatsapp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the smart phones the applications run on.

Who didn’t think they were doing this? And the NSA, the FSB, MI6, GCHQ, whatever the Frog spiers call themselves and so on around the world?

That’s what spies do, spy. That’s actually why we have them. And of course, in order to be able to spy on the bad guys, the reason we pay them in the first place, they need to develop the tools that could be used to spy upon all of us.

Shrug, it has always been possible for a spy agency to devote its utmost resources against any one of us and fit us up whatever the hell it is we do. The electronic world hasn’t changed that in the slightest.

38 comments on “Err, yes, and?

  1. The documents are not a surprise.

    But they can serve as a pretext to punish a crew who are increasingly out of control and whose ultimate goals–power for their masters and quite possibly to themselves become the masters- are very likely far away from what most decent people (who finance the spook scum) want.

  2. I hope the CIA hacked into my wife’s Whatsapp group’s account. I hope their agents read every single email those girls sent each other. That’ll teach them to go snooping around.

  3. “Shrug, it has always been possible for a spy agency to devote its utmost resources against any one of us and fit us up whatever the hell it is we do. ”

    The problem being that, much like the modern police force finding it easier to target the law abiding rather than the lawbreaking, the spy’s have an easier time fitting up ‘us’, and not ‘them’. So that’s what they do.

  4. Don’t know about anyone else, here, but I wouldn’t dream of using an attributable smartfone for anything I would want to deny or put any sort of personal data into one. Never mind the CIA, I’d be making my life an open book to Google. And it getting into other hands….
    I just presume that anything can be cracked & will be cracked.

  5. Ted S. – “And yet when Trump says the Obama administration spied on him, idiots act shocked.”

    It is worse than that. The Democrats have been screaming for weeks that Trump was in bed with the Russians. They knew this because of leaks of telephone intercepts among other things. Including those of people like Flynn who was talking to the Russians.

    So after claiming the Trump camp was being tapped many times over several weeks, when Trump turns around and says he was tapped, the Left do their usual ape sh!t outrage act.

    Either he was monitored or he was not. If he was, where does the buck stop? With Putin? George W.?

  6. You can’t export classified information or technology outside of the US, these trojans/virii/exploits were not classified because they were exported and implanted on foreign devices, they are also not subject to copyright.
    (classifying the information would also alert other agencies as to the CIA capabilities)

    The CIA did not inform the American people that their kit was vulnerable and allowed the exploits of that kit to escape into the wild because there was no punishment for doing so.

    They also have the capability to plant false information and leave false trails (it was the Russians wot dun’it).

    None of this was done with any oversight.

  7. That’s what spies do, spy. That’s actually why we have them. And of course, in order to be able to spy on the bad guys, the reason we pay them in the first place, they need to develop the tools that could be used to spy upon all of us.

    Right, but aren’t they prohibited from spying on US citizens without a warrant? Or isn’t this a big deal any more?

  8. “The electronic world hasn’t changed that in the slightest.”

    Apart from now being able to spy on everyone, simultaneously, at the flick of a switch.

    Compare ‘1984’ style spying ability with some blokes having to take the time, effort and risk to install a hidden microphone in a room in your house. Bit fucking different if you ask me.

  9. Correct, Rob, they now spy on everyone. NSA should be shut down and their records destroyed.

    The electronic world, and government corruption, has changed them from targeting individuals, with legal warrants, to targeting everyone with illegal blanket warrants.

  10. They should be prohibited from using anything they discover as evidence for anything other than a fairly narrow category of crimes for which they have a warrant.

  11. Tim,

    You’re far too relaxed about this. Re current legislation being enacted, consider:

    1) Difference between targeted and mass (surveillance) and 2) collected mass information being used not just by the spies (rightly to protect the Realm), but by all sort of other agencies and for all sort of (often very) trivial purposes.

    Sure, we can’t un-invent the means, but we seem way too relaxed about something being created that the Stasi or other totalitarian equivalents would have had wet dreams over being able to access had it been available.

    Or, to put it a different way, would you willingly pay extra taxes for the sole purpose being that the state could use that tax increasingly to monitor your every move? “Just in case”, you see?

  12. “They should be prohibited from using anything they discover as evidence for anything other than a fairly narrow category of crimes for which they have a warrant.”

    No. It has to be stopped even happening, because you know people will leak this stuff to tame media supporters to attack political opponents, and then everyone will pretend that leak never happened while using that information.

    Just like what is happening in the USA right now.

    A State that mass monitors its population will use that information against political opponents of the governing party of that State. Ten years ago you could be called paranoid for saying that, but now it is reality.

  13. If we leave aside what the alphabet soup of American agencies will do with this information, the leaking of them having this capability is arguably improving the security of everyone. Because you can be darned sure that if they could do it, so could the Chinese, and maybe even the North Koreans, amongst others. For their own purposes they’re quite happy to leave you open to attack by all and sundry.

  14. There’s an old maxim in intelligence circles to the effect that there’s a big difference between being able to monitor _anyone_ and being able to monitor _everyone_. The former requires access to all kinds of communications, and is what we’ve had for centuries. The latter requires an army of analysts at least as large as the group being watched.

    So, the government is not watching us all because to do so is completely impossible. And incredibly boring.

    “Who didn’t think they were doing this?”

    As usual, anyone who actually took any interest in privacy and freedom knew this was going on. It’s like with all the Wikileaks/Snowden stuff, the people now protesting their outrage are merely revealing that they didn’t actually care enough about their liberties and privacy to have paid even the slightest attention to the subject before now.

    So, let’s run a quick straw poll here: who will admit they’ve never heard of Echelon?

  15. Rob>

    “Compare ‘1984’ style spying ability with some blokes having to take the time, effort and risk to install a hidden microphone in a room in your house”

    Why not try actually doing that comparison? It might help clear up some of your misconceptions.

    Think about what’s involved. In both cases, it’s not gathering data that’s the hard part, it’s monitoring the data source and working out which bits constitute intelligence and which are fluff. The easier it gets to gather data, the harder it gets to make any sense out of it.

    It’s one thing to have suspicions about a Facebook account, quite another to actually link that to the right real live person and analyse the data in light of all the other data you have gathered.

    You also need to consider the cost of the analysts your suggestion requires. It’s going to be much higher than the cost of having a plain-clothes policeman follow you everywhere you go, so let’s not be misty-eyed about how there was no possibility of invading your privacy in the past.

    We’re actually all much safer from invasive techniques now we produce so much more text. A couple of decades ago anyone wanting to spy on my communications would have had to read a few letters a week. Now there are thousands of words a day to plough through.

  16. Right, but aren’t they prohibited from spying on US citizens without a warrant? Or isn’t this a big deal any more?

    That’s why they team up with GCHQ. Our spooks spy on the septics, the CIA spies on us, and then they share (some of) the data.

  17. I remember reading an article by one of the greats of science fiction – I’m pretty sure it was Asimov – discussing the problem of the complete lack of privacy that arose from the invention of this kind of total surveillance ability when utilised by the state.

    His solution was that everyone must have access to all the data collected by this apparatus.

    Want to know where the wife is and what she’s doing? Log into Univac. Where’s my boss? What’s my congressman upto? Is the president playing golf again?

    His point being that since we can’t uninvent these tools, we must all have access to them and we must learn to live with the consequences.

    I think Vernor Vinge also wrote about a universe where this sort of solution was necessary and also David Brin.

  18. Rob – “A State that mass monitors its population will use that information against political opponents of the governing party of that State.”

    The issue right now in the US seems to be the unelected government using the information against it’s political opponent, aka the elected government.

  19. Dave – “The latter requires an army of analysts at least as large as the group being watched. ”

    I disagree, Google monitors every website in the world with just a few people. Algorithms do the work.

    Similarly a security service can monitor everyone and by checking who you speak to, the words, you say, the locations you use, they can pinpoint exactly who they want to pay more attention to.

  20. Magnus>

    But the algorithms just aren’t that good, they can’t do more than narrow it down by maybe 99%. Then a human has to judge what’s important and what’s not. For that to be practical, the algorithms would have to narrow it down by 99.9999% at a minimum.

    Talking of Google, try a little experiment. Google ‘algorithms’. Are those results homogenous and useful? Or are there multiple different types of results all mixed together, requiring a human to pick the most appropriate one depending on what kind of knowledge about algorithms is actually required?

    Data has increased exponentially in the last couple of decades. Monitoring capability has not.

  21. Dave

    So, the government is not watching us all because to do so is completely impossible. And incredibly boring.

    It looks as if some of what you say perhaps conflates what the NSA call “collecting” the data and what a human being would call collecting the data? And perhaps deals more with tactics rather than strategy?

    The NSA define collection as an analyst looking at the data, that was the “trick” used to (effectively) “sidetrack” a US congressional committee, if I recall correctly. Anyone else would understand the normal sense of the word.

    I think we’re all happy that it’s not all being “actively monitored in live time”! But, if it is collected (in the normal sense), it can be examined later at some stage, with the ability for agencies (and, importantly, not just spooks) to back track and examine personal histories.

    And then to complement that, the cost of data storage is increasingly trivial, which places fewer and fewer limits on what that history comprises.

    We are also not dealing with what’s possible today (in terms of data storage and analysis) but what increasingly becomes possible.

    And particularly as the state insists that we carry out more and more of our life online.

    At which point I would simply repeat the question:

    would you willingly pay extra taxes for the sole purpose being that the state could use that tax increasingly to monitor your every move? “Just in case”, you see?

    “Echelon” – With tools such as PRISM et al, the abilities are changing, and will continue to change, quantum style. Software is continually improving the ability to link data.

  22. Dave

    Forget what I said about “conflating collection”, reading your post again. But the rest stands.

  23. “For their own purposes they’re quite happy to leave you open to attack by all and sundry.”

    Exactly. Instead of blocking Muslims from entering the country, they spy on me.

  24. Not exactly the spooks collecting data is it? Just duping the politicians into passing laws making it mandatory for ISPs, Google et al to retain data so govt. agencies can analyse it at some point in the future on demand.

  25. That spies spy isn’t something we should be overly concerned about, that’s what we want them to do. As George Orwell pointed out, people sleep peacefully in their beds at night only because rough men stand ready to do violence on their behalf.

    What we should be concerned about is oversight and how we ensure that they only do what they are legally able to do. The lack of transparency on oversight in the USA is more worrying.

    As to cracking in to iPhones, again so what? Baddies use them so we shouldn’t be surprised. If all the world used the same front door lock we can be pretty certain that spies would be figuring out to pick them, just in case.

    This could also be disinformation. The CIA and NSA certainly wouldn’t want it to be known that they couldn’t infiltrate iPhones, android and whatsapp.

    Not even the Russian Ambassador would be surprised to learn that the CIA was spying on him, and for all his faults Flynn is no fool and knew that and he would also have known that it was OK to collect that information. The crime there was sharing it outside the “need to know” circle and it should be see as treason for sharing it with the press.

  26. ‘What we should be concerned about is oversight and how we ensure that they only do what they are legally able to do.’

    What is legal has been stretched beyond Constitutional boundaries.

  27. @Tim Newman, March 8, 2017 at 11:49 am

    Right, but aren’t they prohibited from spying on US citizens without a warrant? Or isn’t this a big deal any more?

    It is still a big deal, thus CIA ask GCHQ to do the spying. Cornwall does have some valuable resources to harvest.

  28. PF>

    “But, if it is collected (in the normal sense), it can be examined later at some stage, with the ability for agencies (and, importantly, not just spooks) to back track and examine personal histories.”

    Yes, very much so. That’s the ‘monitor anyone’ part. And that still requires a lot of human intervention to get any kind of clear picture.

    Look at it this way: sure, you can collect every bit of CCTV footage in the country, Oyster card swipings, taxi fares, petrol purchases, card transactions, every email, every facebook post, recordings of all phone conversations, text messages, Tindr, Grindr, etc etc. Can you pick out of that mountain of data even something as simple as the Oyster swipe caught on a particular bit of CCTV footage?

    ““Echelon” – With tools such as PRISM et al, the abilities are changing, and will continue to change, quantum style. Software is continually improving the ability to link data.”

    That’s certainly true. The question is whether it’s improving it faster or slower than the difficulty of drawing links from a mountain of data, given the speed with which that mountain of data grows.

    FWIW, current internet traffic is on the order of 4,000 Petabytes a day. Or, maybe $200m worth of hard disks, unless I’ve dropped a zero somewhere. Or $73bn a year. Simply storing that much data is a problem even for the NSA. Creating tools to process it (and providing them with enough processing power) is decidedly non-trivial.

  29. Dave

    If I have this right, some 95%+ (could be 97% or 98%?) of internet traffic comprises video or images being downloaded.

    Just the one act of “filing a header to a (single) stored image or video link” (yep software), rather than file each / every download potentially reduces that 4K petabytes storage by a factor of 20 and more.

    Secondly, as the spooks freely admit, metadata in the first instance can disclose far more than the detail.

    Improvemts faster or slower etc – yes, sure.

    I’m more interested, though, in the bigger picture, rather than the immediate how-to / can we / can’t we, and crucially – not right now, but tomorrow yes, and lots more.

    Which, again, takes me back to my question above?

    We can’t uninvent, and others have mentioned strong oversight – agreed. This is a different issue, but I don’t see any strong oversight.

    I see a lack of competence from politicians (eg, the committee assigned with taking and considering expert evidence on this (draft IPA) struggling to understand properly something as fundamental, in the context of the proposed Act, as ICRs!). Without competence from legislators, including first off at the stage when laws are being drafted / passed, one could argue that any genuine or useful oversight may probably be unlikely.

    And hence, I fear that too many people remain either a) uninterested (with fundamental issues such as privacy), or b) suitably brainwashed into believing “it’s all OK, nothing to see here”.

    Hey ho, as they say – it looks as if that frog may yet become quite palatable…

  30. “Just the one act of “filing a header to a (single) stored image or video link” (yep software), rather than file each / every download potentially reduces that 4K petabytes storage by a factor of 20 and more.”

    Sure, fair enough. I was only trying to illustrate the scale of the problem.

    Now bear in mind that the links between pieces of information increase exponentially with the number of pieces.

    And again, you don’t have to worry about all the links, most are immaterial. But it demonstrates that (at one extreme) it’s impossible to monitor all the links between every bit of data, and that you have to have ways of telling which links are important.

    So we have a definite problem with scale, which technology can mitigate. The question is whether the shifting balance has favoured intelligence gathering or made it harder.

    I can tell you from experience* just how much effort goes into merely keeping up with the news – press cuttings agencies do it, they employ multiple staff full-time to keep up with indexing a good-sized novel’s worth of text every day. (*Actually, more than a decade ago now. It’s possible that particular job is now automated, but I doubt it given the discrimination required to e.g. tell the difference between piece about a platinum album and a precious-metals story.)

    To my mind the balance is very strongly in favour of the mass of data rather than the intelligence agencies. That’s why they’re leaking this stuff to Wikileaks – policing works on the principle of people being afraid there might be a policeman watching them, not on having enough to actually watch them.

  31. Dave is incredibly confident in his claims given that he’s about ten years behind.

    Lots of work has been done in that time on things like natural language processing and network analysis.

    You get machines to sieve data into different buckets. You get human attention on some of the buckets. That any given sieve doesn’t do the complete job perfectly by itself doesn’t make it or the system useless.

Leave a Reply

Name and email are required. Your email address will not be published.