Jump to content

Talk:Vault 7

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

WikiLeaks' assassination claims

[edit]

I don't think we need to repeat everything WikiLeaks claims in its press release, especially since they've recently started promoting conspiracy theories to promote their leaks. Accusing any organization of murder is a serious deal, and hacking a car does not automatically mean the CIA uses hacked cars to kill people. In addition, we should add more details on UMBRAGE beyond what WikiLeaks claims; so far I see the Daily Dot has examined what the documents say about the group and what they don't. FallingGravity 22:48, 7 March 2017 (UTC)[reply]

It's just hyperbole for a press release. The claims were bracketed by could etc. No Swan So Fine (talk) 13:33, 8 March 2017 (UTC)[reply]
Does the new Vault 7 revelation about hacking vehicles warrant another look into the Hastings’ car-crash-accident-theory? Michael Hastings - one of the fiercest critics of the surveillance state and the Obama administration’s response to whistleblowers, particularly efforts to coerce journalists into revealing their sources. His final story, “Why Democrats Love To Spy on Americans,” was published just weeks before his death; Hastings perished in a fiery single-car accident in Los Angeles. Hastings was working on a profile of CIA director John Brennan, which never went to press. Hastings' family can now demand subpoenable evidence from the CIA, proving who murdered him. --87.159.126.239 (talk) 00:48, 8 March 2017 (UTC)[reply]
This isn't a forum. No Swan So Fine (talk) 13:33, 8 March 2017 (UTC)[reply]
Hi Swan, how much is the CIA paying you to shill for them? — Preceding unsigned comment added by 142.161.93.186 (talk) 23:49, 9 March 2017 (UTC)[reply]
This is neither a forum, nor an opportunity to practice ad hominem replies. And please sign your comments. JohndanR (talk) 02:51, 12 March 2017 (UTC)[reply]

This should be stricken out—>"This statement brought renewed attention to conspiracy theories surrounding the death of Michael Hastings." JohndanR (talk) 03:15, 12 March 2017 (UTC)[reply]

5.2 Vehicle control systems. Until and unless Wikileaks publishes uncommented material that better substantiates CIA offensive (and defensive) interest in 'hacking' vehicles, I'd rather the whole section were mothballed for the present. The amount of press dedicated to such a tiny fraction—of uncertain motivation—of the Vault 7 corpus is already extreme, and putting such a larded entry can only exacerbate widespread media speculation and hyperbole. Wikipedia needs to maintain encyclopedic standards for entries, even if its material does not (yet) meet the level of stringency that academia would like before it permits its use more widely in marked essays, or that the media can actually rely on for quotes JohndanR (talk) 03:15, 12 March 2017 (UTC)[reply]

Keeping us safe

[edit]

We should probably add a "reactions" section. Ralph Peters was just saying on Fox News that the CIA was doing this to keep US citizens and allies safe.Zigzig20s (talk) 20:02, 8 March 2017 (UTC)[reply]

Is't that pretty much always a government entity's go-to excuse violating the rights of the very people they claim to be protecting? Seems seems irrelevant/redundant b/c this is what the government claimed about the USA PATRIOT ACT, putting German & Japanese-American citizens into internment camps, the TSA, the NSA, the DHS, etc. It'd be more noteworthy to find an instance where the government didn't use the same b.s. excuse to cover it's ass while grossly violating the bounds of power entrusted to it by the taxpayers. It's not like they're actually gonna come right out & admit something like "yeah, we're just being Orwellian dicks who wanna destroy everything America stands for - we don't actually care about protecting any of you plebes, haha, no - this was always about the power, suckers."CitationKneaded (talk) 00:58, 9 March 2017 (UTC)[reply]
I agree with above user. It is the norm for the government to default to the "but we were keeping you safe" excuse when they are caught breaking the law. If ANY other organization were found to be doing this, they would either A) Be forced to sign a contract with the government to purchase their exploits, or more likely B) Be charge with multiple felonies, and all their exploits taken and hoarded for the US Gov't.... When Gov't branches are caught doing something wrong, they are not going to say Whoops! My Bad US!! How many amendments/laws did we break? Were Sorry... Theyre going to say Muh Security!!99.185.4.21 (talk) 16:31, 9 March 2017 (UTC)[reply]
I don't think it's our job to omit the CIA's response because we believe it's the "usual" or "expected" response. It's kind of like saying, "Well of course John Doe pleaded 'not guilty', he just said that because he doesn't want to go to jail. Therefore, we shouldn't include John Doe's statement." That's not the way WP:NPOV works. FallingGravity 00:13, 10 March 2017 (UTC)[reply]
FallingGravity makes an interesting point, I must admit. However, as with any case making an analogy between discrete individuals & governments (or components thereof), there are limitations to this thought-model. For instance, no matter how rich & powerful John Doe is, as an individual, when accused of breaking the law, he can, at most (legally), hire a lawyer - he does not have a built-in bureaucracy to do various circus acts of ass-covering on his behalf, including refusal to prosecute or outright ignoring his alleged crimes. John Doe certainly does not get to partake in countless acts of international terrorism[1] & drug trafficking[2] over the decades, fight against US forces[3], and then come home to a chorus of "DinnduNuffins".CitationKneaded (talk) 14:16, 10 March 2017 (UTC)[reply]
@CitationKneaded: What does that have to do with Vault 7? This isn't the place to right the great wrongs of the CIA. FallingGravity 01:03, 11 March 2017 (UTC)[reply]
@FallingGravity: That's not what I was saying at all. However, is Wikipedia not the place to chronicle the myriad already well-documented great wrongs of the CIA & let people come to their own conclusions? CitationKneaded (talk) 20:30, 11 March 2017 (UTC)[reply]
Yes, but that stuff should go in the CIA article, not here, unless it's somehow relevant. FallingGravity 04:52, 12 March 2017 (UTC)[reply]

References

Dubious relevance image

[edit]

Hi @Pantherfly: Please stop re-adding your image to the article. It is of dubious relevance and seriously does not belong in the article. If you keep adding it, you could end up getting blocked from editing. So I'd recommend stopping. Thank you. -Kamran Mackey (talk) 23:28, 9 March 2017 (UTC)[reply]

Criticisms that the exploits don't break encryption apps are absurd because the payloads keylog and screengrab

[edit]

I strongly object to this revert. How should I cite the descriptions of most if not almost all of the attack payloads performing keylogging and screengrabing? 184.96.138.160 (talk) 12:38, 10 March 2017 (UTC)[reply]

On Wikipedia, we use reliable sources. We don't add unsourced text and original research: https://wiki.riteme.site/wiki/Wikipedia:No_original_research . Snooganssnoogans (talk) 12:40, 10 March 2017 (UTC)[reply]
Is [1], throughout sufficient? 184.96.138.160 (talk) 12:59, 10 March 2017 (UTC)[reply]
No, you have to use a reliable secondary source (e.g. the Washington Post, the Guardian). Snooganssnoogans (talk) 13:01, 10 March 2017 (UTC)[reply]
Oh, sure. Do you personally doubt the primary sources? Why do you think the critique of unrelated Wikileaks releases is appropriate here? How is your section header neutral? 184.96.138.160 (talk) 13:14, 10 March 2017 (UTC)[reply]

"WikiLeaks agenda"

[edit]

Is it either "notable" or the purview of Wikipedia to be a platform for speculation on the motives of a given article subject? o_O? I know this is a "hot-button issue"/current events, but do we regularly do this for other articles, say, historical ones? The whole bottom paragraph taking quotes from Zeynep Tufekci cites no outside sources but an opinion piece (twice), which seems rather flimsy Wikipedia editing, IMO. CitationKneaded (talk) 16:11, 10 March 2017 (UTC)[reply]

I agree. if anything the quotes by Zeynep Tufekci should be moved over to the wikileaks artice. The content had nothing to do with the Vault 7 release as it was wholly on the subject of Wikileaks, it had nothing to do with Vault 7 specifically. As such, I deleted the section and I suggest that it be moved to the wikileaks article somewhere. It was simply to broad to be here in the Vault 7 article. Simply put, Zeynep Tufekci's quotes were not about Vault 7 whatsoever.
99.185.4.21 (talk) 18:50, 10 March 2017 (UTC)[reply]
Tufekci sort of has a point about the "bypassing of encryption" being a non-story. As she says, if someone can look over your shoulder or hack your phone it is obvious that they'll get your data regardless of what apps you use. She accused Wikileaks of playing it up in their press release. But to me, her story looks like even more of a non-story than what WL wrote about "bypassing encryption". So the commentary is might be UNDUE at this point. Guccisamsclub (talk) 08:08, 12 March 2017 (UTC)[reply]

"Criticism"

[edit]

The only nominally relevant chunk out of that whole section is this:

"When WikiLeaks released its Vault 7 documents, it suggested that the CIA had the means to bypass the encryption on messaging apps such as WhatsApp and Signal and hack into iPhones. Some security experts have said that there is no evidence for that in the leaks, while others have claimed that the direct capture of user input (through keylogging and recording of the user interface) can capture the information before it is sent, and therefore before it has been encrypted by the app.[12][24][22][26][27][28][25]"

— Wiki

The rest of the section contains no discussion of Vault7, so it stands or fall based on the above text. Unfortunately, this is just transparent nonsense, poorly masked by WP:CITEKILL.

Wikileaks said that the CIA can "effectively bypass encryption" apps by simply reading the data directly off the device's camera and mic by infecting the OS. They explained it further in their cover story:

The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone. (...) These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.

Now, let's take your very first citation [12]:

That has done little to prevent confusion on the matter, something WikiLeaks itself contributed to with a carelessly worded tweet: WikiLeaks #Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption https://wikileaks.org/ciav7p1"

The end-to-end encryption protocols underpinning these private messaging apps protect all communications as they pass between devices. No one, not even the companies providing the service, can read or see that data while it is in transit. Nothing in the CIA leak disputes that. The underlying software remains every bit as trustworthy now as it was before WikiLeaks released the documents.

Of course, the CIA can compromise the devices sending or receiving those messages. By taking control of a so-called end point, spies can access everything on a smartphone, be it texts, videos, the camera, or the microphone. “It isn’t about ‘defeating encryption,’ despite the hype,” says Nicholas Weaver, a computer security researcher at the International Computer Science Institute. “If you compromise a target’s phone, you don’t care about encryption anymore.”

— Wired

Wired is simply cautioning people against the possible misunderstanding that the "CIA can read encrypted communications traffic." Wikileaks never actually claimed that, and Wired never claimed that Wikileaks claimed that. This is a FACT. You have just manufactured a controversy out thin air. In an effort to build up this fake controversy, your text further states that "Some security experts have said that there is no evidence for that in the leaks". Who are these "some" and what is this "that"? This is false, misleading and needlessly vague: in reality, all security experts and Wikileaks (or anyone minimally aware of the issues) agree that Vault 7 does not demonstrate the CIA's ability to decipher encrypted traffic(from Signal, Telegram etc.) Naturally, this is wrong too: "others have claimed that the direct capture of user input (through keylogging and recording of the user interface) can capture the information before it is sent, and therefore before it has been encrypted by the app. Again, everyone agrees that Vault 7 does showcase the CIA's ability to hack Android and IOS directly, allowing them to read data straight off the device. They do not need to break encruption to do that. One of your own sources says so right in the headline: "WikiLeaks Documents Show CIA Can Hack iOS And Android, But Not Encrypted Messaging Apps" — Forbes. There is no debate: these two "claims" are fully compatible and completely uncontroversial. According to your own sources, these "some" and "others" are actually one and same.

I don't know why I had to write a whole essay explaining something so rudimentary. Guccisamsclub (talk) 20:35, 10 March 2017 (UTC)[reply]

"...misunderstandings and neglect create more confusion in this world than trickery and malice. At any rate, the last two are certainly much less frequent." Appreciated your essay ;-) --87.156.233.199 (talk) 21:22, 10 March 2017 (UTC)[reply]

Add two purposes: False flag hack, and obfuscate antivirus

[edit]

I suggest to include the two main purposes to part 3. Draft for discussion below.

On 31 March 2017 WikiLeaks published Vault 7 part 3 "Marble". Which contains 676 source code files.[1] According to analysts, the Marble toolkit is used as a malware with two main purposes, first to fool forensic investigators from attributing viruses, trojans, and hacking attacks to the CIA, and second as an obfuscator to avoid detection by antivirus programs.[2][3]

References

  1. ^ Dwilson, Stephanie Dube (2017-03-31). "WikiLeaks Vault 7 Part 3 Reveals CIA Tool Might Mask Hacks as Russian, Chinese, Arabic". Heavy.com. Retrieved 2017-03-31. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  2. ^ Supervizer, Payman (2017-03-31). "Wikileaks Releases the "Marble Framework"". Huffington Post. Retrieved 2017-03-31. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  3. ^ Uchill, Joe (31 March 2017). "WikiLeaks' latest leak shows how CIA avoids antivirus programs". The Hill (newspaper). Retrieved 31 March 2017. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

Francewhoa (talk) 19:22, 31 March 2017 (UTC)[reply]

I don't think the Huffington Post article is written by a cybersecurity expert. From what I've seen, most experts reject the idea that the code was meant to throw off forensic investigators using false flags. See: [2] [3] FallingGravity 01:43, 1 April 2017 (UTC)[reply]
Yeah, CIA would never do cyber "false flag" attack... *smirk*
  • Security expert Bruce Schneier in la Repubblica [4]: "Il fatto che la Cia usi la tecnica delle "false flag", nel tentativo di depistare ed attribuire la creazione di certi software malevoli ad altri paesi, non è certo unica."
  • Bernard Barbier, DGSE in Libération [5]: «ces virus que les pays développent, vous pouvez les récupérer, les analyser et les réutiliser pour attaquer un autre pays. A ce titre, les Chinois ont bon dos : beaucoup de pays se font passer pour des Chinois !» ... Sorte de double jeu, ou de billard à trois bandes, qu’affectionnent tout particulièrement les services de renseignement. --87.159.119.44 (talk) 07:09, 1 April 2017 (UTC)[reply]

I'm not an expert in Italian or French, but I don't see where those sources say Marble is evidence that the CIA does "false flag" attacks. The second source you cite is a quote from September 2015. Here are the sources I'm looking at:

  • However, experts said WikiLeaks went too far in alleging this data included evidence that the CIA was performing cyberattacks intended to be blamed on other agents, also known as "false flag attacks."TechTarget
  • WikiLeaks, in its news release, suggested that the obfuscation tool might be used to conduct a “forensic attribution double game” or false-flag operation because it included test samples in Chinese, Russian, Korean, Arabic and Farsi.
But Williams explained that the tests were to ensure that hacking operations using code written in those languages could be hidden. “If you’re trying to false-flag an operation as Chinese, you wouldn’t want to hide those code strings, you’d want everyone to see them,” he said. Moreover, other experts said, attribution is based on more than just malware analysis.Washington Post
  • However, some experts noted that although the framework does include tools to add foreign languages to the malware code, they seem to be for obfuscation purposes rather than to mis-attribute or frame another nation or actor. Others pointed out that the Russian and Arabic sample text were essentially gibberish.IBTimes
  • Many news agencies incorrectly reported that Marble allows CIA's operators to plant false flags inside the malware they create thanks to a feature that inserts code comments written in various languages such as Chinese, Russian, Korean, Arabic, and Farsi.
In reality, the Marble framework is a banal code obfuscation utility, like many other tools on the malware market.Bleeping Computer
  • In its release, WikiLeaks describes the primary purpose of Marble as being to insert foreign language text into the malware to cause malware analysts to falsely attribute code to the wrong nation.
This appears to be an inaccurate description of the primary purpose of the code, however.The Hill

I believe that presenting expert opinions are more important than regurgitating WikiLeaks's press releases. The Hill contradicts the assertion made by FranceWhoa about the purpose of the Marble framework. FallingGravity 16:16, 3 April 2017 (UTC)[reply]

Where exactly did WikiLeaks state that it was used for cyber false flags? first to fool forensic investigators from attributing viruses, trojans, and hacking attacks to the CIA isn't saying that they're using it for such. Maybe they were implying they could be used for such but where exactly did they so far allege CIA cyber false flags getting planned or carried out? --Fixuture (talk) 21:15, 4 May 2017 (UTC)[reply]

Unreliable sources

[edit]

Regarding these edits: neither Breitbart nor RT nor "TheNewAmerican.com" is a reliable source. Breitbart is well-known for promotion of fringe conspiracy theories, RT is a Russian propaganda outlet, and "TheNewAmerican.com" is a website whose parent organization is the fringe, far-right John Birch Society. None of these three is reliable, especially on a highly contentious topic. Neutralitytalk 01:56, 13 May 2017 (UTC)[reply]


Hi @Neutrality:) Thanks for your message. Are you interested to contribute better source(s) for part 8? How about the U.S. SANS Institute instructor Jake Williams and cyber security expert and ENISA member Pierluigi Paganini as reputable source(s)? The U.S. SANS Institute is specializes in information security and cybersecurity. Their field of expertise includes "cyber and network defenses, penetration testing, incident response, digital forensics, and audit." As for ENISA it is an agency of the European Union. Their focus is with network and information security. Which as you know is one of the central topic of part 8 publication.
About part 8 previous suggested sources Breitbart and The New American, you mentioned twice RT, but RT was not included in neither of my suggested sources. Could you please clarify your two reference to RT?
Here is a part 8 suggested draft based on those two reliable sources. How does that sound? Your contributions and suggestions are always welcome :)

On 5 May 2017 WikiLeaks published Vault 7 part 8 "Archimedes". According to U.S. SANS Institute instructor Jake Williams, who analyzed the published documents, Archimedes is a virus previously codenamed "Fulcrum". According to cyber security expert and ENISA member Pierluigi Paganini, the CIA operators use Archimedes to redirect local area network (LAN) web browser sessions from a targeted computer through a computer controlled by the CIA before the sessions are routed to the users. This type of attack is known as man-in-the-middle (MitM). With their publication WikiLeaks included a number of hashes that they claim can be used to potentially identify the Archimedes virus and guard against it in the future. Paganini stated that potential targeted computers can search for those hashes on their systems to check if their systems had been attacked by the CIA.[1]

With infinite Wikipedia love ♥ Francewhoa (talk) 04:01, 13 May 2017 (UTC)[reply]

References

  1. ^ Paganini, Pierluigi (2017-05-05). "WikiLeaks leaked documents that detail the Archimedes tool used by the CIA in MitM attacks". Security Affairs. Retrieved 2017-05-13. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
RT was in your edit. You might not have originally added that material, but it was in the version you restored. As for "securityaffairs.co/wordpress," I am inclined not to think it usable as a source. It's almost definitely better than the other three sources, but it still appears to be a personal website of Paganini. It doesn't have an "about us" page, just a "contact me" page that lists the author's email. If this blog has been relied upon in the past in the mainstream media or in scholarly sources, then this might be usable. See WP:USEBYOTHERS. Neutralitytalk 04:08, 13 May 2017 (UTC)[reply]

@Neutrality:) Thanks for clarifying your edits

It doesn't have an "about us" page, just a "contact me" page that lists the author's email.

Same here. That was one of my first reaction when I read his article. I agree it's important to get information about the author. His about page is there but at an unusual location. Around the top of his article he added that link on his name. With details about his qualification. Including titles and organizations. Here is a text copy for your convenience:

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Paganini's Linkedin public professional profile contains more information about him

RT was in your edit. You might not have originally added that material, but it was in the version you restored.

I was assuming our discussion was about part 8 sources. Before posting my previous comment, I searched my edits related to part 8 for RT reference but found none. Maybe you were referring to a RT reference in part 7? I noticed now that there was a RT source in that previous revision #780109963 and then that revert #780113785. My revert was meant for part 8 not part 7. If you were referring to part 7 are you interested to suggest better source(s) for part 7?
Francewhoa note to myself: About part 8 I'm referring to these two edits:
1. 2017-05-12T18:15:20‎ with Breitbart source
2. 2017-05-12T18:15:20‎ with The New American source
Francewhoa (talk) 06:25, 13 May 2017 (UTC)[reply]
Pierluigi's credentials are fine, but it's still a self-published work. Neutralitytalk 06:29, 13 May 2017 (UTC)[reply]

CherryBlossom and coverage

[edit]

Since WikiLeaks announced the leak of 'Cherry Blossom', eventually RSes will pop up... Anyone seen anything yet? (WL article: https://wikileaks.org/vault7/#Cherry%20Blossom) 2001:980:1234:1:7D84:1372:CC01:DBAC (talk) 21:23, 15 June 2017 (UTC)[reply]

CIA-Stuxnet

[edit]

conviction added to article

[edit]

In July 2022 former CIA software Joshua Schulte was convicted of leaking the documents to WikiLeaks.

I added this. 666hopedieslast (talk) 02:48, 18 July 2022 (UTC)[reply]

Vault 8

[edit]

Vault 8 doesnt have its own article, and probably doesnt have enough content or notability to get one. Since its a sister release or whatever, I added it here as a short section because it should be mentioned somewhere.

No objection to moving it or splitting if anyone thinks thats better Softlemonades (talk) 15:54, 6 August 2022 (UTC)[reply]

I created a Vault 8 redirect to the Vault 7 page Softlemonades (talk) 16:48, 6 August 2022 (UTC)[reply]