[kictanet] WikiLeaks CIA Leaks
Mwendwa Kivuva
Kivuva at transworldafrica.com
Wed Mar 8 15:32:26 EAT 2017
Wikileaks released CA hacking tools codenamed Vault 7.
Basically, everybody that maters has been hacked ... even if they use
Signal, Telegram, or the best security tools. Funny how Telegram tried
to console its users "The good news is that for the moment all of this
is irrelevant for the majority of Telegram users. If the CIA is not on
your back, you shouldn't start worrying just yet. And if it is, it
doesn't matter which messaging apps you use as long as your device is
running iOS or Android."
Now we are in the age of another new-normal - that encryption only
protects you from parochial entities.
Below is the full release by Telegram: http://telegra.ph/Wikileaks-Vault7-NEWS
What does the "Year Zero" and "Vault 7" stuff from Wikileaks mean?
TelegramMarch 7, 2017
Wikileaks has released a new set of documents they called "Year Zero".
According to these documents, the CIA had created "its own NSA" with
"even less accountability". The newly discovered hacking arsenal of
the agency includes techniques that reportedly permit the CIA to go
around the encryption of messaging apps like WhatsApp or Signal by
hacking people's smartphones and collecting audio and message traffic
before encryption is applied.
This is not an app issue. It is relevant on the level of devices and
operating systems like iOS and Android. For this reason, naming any
particular app in this context is misleading.
Say what?
To put "Year Zero" into familiar terms, imagine a castle on a
mountainside. That castle is a secure messaging app. The device and
its OS are the mountain. Your castle can be strong, but if the
mountain below is an active volcano, there's little your engineers can
do.
So in the case of "Year Zero", it doesn't matter which messenger you
use. No app can stop your keyboard from knowing what keys you press.
No app can hide what shows up on your screen from the system. And none
of this is an issue of the app.
So who can fix this?
It is now up to the device and OS manufacturers, like Apple, Google,
or Samsung, to fix their volcanoes back into mountains.
Luckily, in the case of "Year Zero", the mountain isn't exactly a
volcano. It's rather just a big mountain that is full of secret
tunnels and passages. The tools from "Vault 7" are like a map of those
tunnels. Now that device and OS manufacturers like Apple and Google
will get this map, they can start filling in the holes and boarding up
the passages. This will require many hours of work and many security
updates, but eventually they should be able to take care of most of
the problems.
Who is affected?
The good news is that for the moment all of this is irrelevant for the
majority of Telegram users. If the CIA is not on your back, you
shouldn't start worrying just yet. And if it is, it doesn't matter
which messaging apps you use as long as your device is running iOS or
Android.
The published docs did not include details on how to recreate and use
the CIA cyberweapons. Wikileaks said they will hold off such
publications until it becomes clear how these weapons should be
"analyzed, disarmed and published."
This means that your neighbor next door won't likely get access to the
newly discovered tools before they are neutralized.
What can I do?
There are some general steps you can take to increase the security of
your device:
Don't use rooted or jailbroken devices unless you're 400% sure you
know what you're doing.
Never install apps from unknown or untrusted sources.
Keep your device up to date and always install the security updates it offers.
Pick a manufacturer that offers long term updates for their products.
Remember that devices that aren't supported anymore have an increased
risk of being vulnerable.
These measures will only protect you from "Year Zero" exploits when
your device and OS manufacturers implement the relevant fixes, but
following these tips can already make you much safer against many of
the known security threats you'd be otherwise exposed to.
To sum up
"Year Zero" is not an app issue. It applies to devices and operating
systems and will require security updates from their respective
manufacturers to mitigate the threats. Naming any particular app in
this context is misleading.
Wikileaks claims that the CIA has had a map of undiscovered secret
tunnels and passages in your mountain for several years. The CIA could
use them to look inside your castle and read data from your phone
screen, before any app gets a chance to encrypt it. It is possible
that some of the tunnels from the secret maps have been or will be
discovered by actors other than the CIA.
The most important news is that after this leak, the device and OS
manufacturers will finally get these maps as well. And so Samsung,
Apple, Google, and others will be able to get to work and make their
mountains impassable for the CIA and anyone who tries to follow in
their footsteps.
______________________
Mwendwa Kivuva, Nairobi, Kenya
twitter.com/lordmwesh
On 8 March 2017 at 11:11, Ngigi Waithaka via kictanet
<kictanet at lists.kictanet.or.ke> wrote:
> Hi,
>
> Anyone interested in top-notch cyber-war tools and techniques, it doesn't
> get better than this...
>
> https://wikileaks.org/ciav7p1/
>
> As we discuss Internet privacy etc, it's important to know friendly
> countries have such an arsenal of tools that are or could be used to spy on
> us.
>
> --
> Regards,
>
> Waithaka Ngigi
> Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
> T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000
> www.at.co.ke
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafrica.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for
> people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
More information about the KICTANet
mailing list