This is nothing new. Many IT departments at security-sensitive companies have been doing this for a while with their own gear. It's quite common for enterprised-managed laptops to scan for SSIDs and report this information back to HQ. This is primarily done to assist in the tracking of stolen laptops.
Many will quietly connect to open APs when they're discovered and use DNS requests to tunnel this information back, thus attempting to work around captive portals. They might, for example, send an A-record query like this:
This is a big issue with the CIA tool leaks. The really interesting part is who they're using the tools against and how often; the tools themselves, devoid of context, aren't really very interesting.
If they're using this to track a dozen intelligence officials in Saudi Arabia, it's very different optics from if they're using this to track, say, tens of thousands of "red-flagged" families in the US. (Especially since the CIA technically shouldn't be performing any sort of surveillance within the US.)
The NSA leaks, or at least part of them, were a much bigger deal because they revealed warrantless, widespread, persistent drag-net surveillance of US citizens. So far, the CIA leaks have not revealed anything relating to surveillance of US citizens or even any civilians living anywhere.
The CIA may very well (still) be evil, but these leaks do not even begin to prove it, so far.
To me, these stories are a) vital, and b) dis-heartening, and c) demonstrative of the fact that we need to continue to build better, open and secure, operating systems and tools for end users.
I think there is definitely something to be said for the fact that if the CIA is doing this, then criminals are too - since the fine line between what the CIA does and what a criminal does is simply, a sheet of paper with someones signature on it.
Most of all, however, I think its very important that we continue to reveal these secrets. For those of us not living under the CIA's nefarious shadow, it is good to see them get their secrets revealed.
> For those of us not living under the CIA's nefarious shadow
The CIA's mission is foreign intelligence meaning they operate outside the US. Since it sounds like you're not in the US, you are far more likely to be targeted by the CIA (still very unlikely unless you work for a government) than people living in the US.
The CIA doesn't work for me. It works for Americans. Not everyone is happy with having an agency for which their sovereign is not responsible, nevertheless influencing their lives in a big way.
The problem I have is that with the same mindset I should be able to say that about GCHQ/MI5/MI6 (intelligence services of my own country) but I cannot in all good conscience support a lot of what they do.
It seems like they exist more to protect the interests of the landed elite, the wealthy, privileged and powerful than they do to protect the nation and its people. The latter is just misdirection.
This honestly doesn't sound very interesting. Just a regular piece of software using a few of many available location services that are based on SSID scanning. Mozilla for example offers the same: https://location.services.mozilla.com/
On page 22: " <wifi-ap>
<ssid>TIPICOS GLORIA</ssid>
<mac>68:7F:74:74:34:2B</mac>
<rssi>-75</rssi>
</wifi-ap>"
The SSID is the name of a Mexican restaurant in western Washington DC...
Unfortunately the document doesn't include API documentation for the geolocation services of Google and Microsoft. Would be interesting to know if CIA is aware of a way around api-key restrictions :)
Why is there a judgement on the CIA's actions everytime a tool is leaked? It's their charter to spy on people, the targets being American or not is just semantic. For instance, if an American is a person of interest, the only thing required is for the FBI to be a (name sake) participant in the investigation.
Outrage against 3 letter security/intelligence agencies is silly, it's like blaming Google for being great at search
right, but not everybody lives in the us. and of course, their spy agencies dont spy :P
it's also interesting hearing the outrage about russian hacking, and the outrage about the cia having the abilities to hack. I hope it's not the same people complaining.
I'm curious what an intercept of Mac Product looks like in the Dark Matter scenario. It's not the first mention I've seen of the CIA intercepting the supply chain of an organization.
If one was to purchase a Mac and it was to be intercepted and infected, what does that resealing process look like?
After reading through the user guide, this appears to contain no vulnerabilities/exploits, just a payload to fulfill a need to track the location pattern of a target.
This is very basic stuff which could be easily replicated with kismet and some scripts. I am guessing this is some sort of intern project.
He's saying for some simple jobs you don't want to use a more complex too because there could be consequences. In this context, you don't need to use a fancy exploit that could get into the wild, lead to discovery and be blocked from other targets, or whatever else, when you can use something as simple as this exploit.
Got it, thank you! I was not trying to criticize this piece of software, just had thought it might be worth mentioning in case folks were curious (As past Vault7 releases had indeed made mention of exploits used).
As someone who is not that savvy about malware or persistent software calling "home," what is the best operating system that will avoid these type of attacks?
vault7 has been announced and partially released, but wikileaks has been releasing a trickle of new documents over time (it seems they learned from the strategic timing of snowden release documents); these documents are new to the public. they seem to release new documents from the vault7 trove every week or two.
So Wikileaks is now in the policy of filtering documents and release timings to shape a narrative?
I seem to recall that their claim to fame was that they were above trying to manipulate the narrative and simply dumped documents when they got them.
Why should we trust a cabal of people who are not telling us the full scope of the situation, and instead filtering what we know based on their desire to shape our opinion over any of the other cabals doing the same thing?
If they are trying to filter something, they are doing a pretty awful job. Everything released so far in Vault 7 appears to simply be a dump of intelligence collection tradecraft/methods.
The vault7 trove could contain documents on CIA minimization and targeting rules, which show that they carefully avoid US targets and only go for high value targets with these tools, and further could contain mostly exploits targeted at industrial/military targets.
Wikileaks has focused on how they could use the (selectively) released tools to target civilians.
By selecting to release only tools that (could) target civilian appliances, hiding the fact that most tools are built for, eg, industrial/military targets, and that CIA procedures focus on industrial/military targets, Wikileaks effectively shapes the narrative to be about how the CIA is targeting civilians, when the reality is that they're targeting high value, perfectly appropriate things (which just happen to occasionally use technology others do as well).
*
Sowing that kind of distrust between US civilians and one of their intel agencies would be a perfectly normal PSYOPs goal, and in-line with what you'd expect from, eg, RT.
That Wikileaks has decided to editorialize their content in such a way means that you now need to evaluate those kinds of scenarios when thinking about the things they release, instead of just focusing on the content. It reduces their brand value significantly.
You make a good point regarding what they might be trying to do. But do you think many people are actually buying it? Anyone could think of malicious uses for all sorts of things, the only noteworthy revelations would be actual proof of misuse.
> Anyone could think of malicious uses for all sorts of things, the only noteworthy revelations would be actual proof of misuse.
Does this same logic apply to the vault7 trove itself?
The entire leak is basically "Spy agency has capability to spy. Yawn." once you take away the angle of "Oooo! Spooky! They might target you!"
So we're already in the case that Wikileaks is trying to editorialize the content for an agenda, which we know is to cause damage to the US intel community. (They haven't been friends for a long time, in well documented ways.)
We also know that Wikileaks is withholding the full extent of what they know or not, and are choosing what to reveal (which is a tactic well know to be used to shape narratives).
Why should we care what Wikileaks has to say on this matter, for the exact reason you so helpfully pointed out?
They're a biased source, not disclosing their full knowledge and seeking to manipulate us, who haven't actually shown any evidence of wrong-doing.
You might be missing that I do fully agree with you. I guess if it is out there anyway though, makes some sense for there to be discussion on HN as it is a technical forum. Probably safe to skip their "analysis" and only pay mind to the source document.
i think the idea is more that they want to keep it in the headlines for a matter of months instead of a single day. the juiciest stuff was in the initial release, anyway.
Many will quietly connect to open APs when they're discovered and use DNS requests to tunnel this information back, thus attempting to work around captive portals. They might, for example, send an A-record query like this:
chrissnell-laptop-DEADBEEFC0W.security.bigcorp.com
where DEADBEEFC0W is the ESSID of a discovered nearby AP and security.bigcorp.com is a specialized DNS server configured to record this data.