A Couple of 3-23-17 RTs about “Dark Matter” (the latest #Vault7 release)… “CIA hacking tactics for Apple products” and “Assange… ‘small example’ of what’s in store”

Well, I do know that “Dark Matter” exists, so maybe this Wikileaks “Dark Matter” will shed some light on what we’ve been told doesn’t exist. We shall see! [Wikileaks “Dark Matter” release page]

#Vault7: WikiLeaks releases ‘Dark Matter’ batch of CIA hacking tactics for Apple products (3-23-17 13:41)

“The release discloses the alleged details of methods employed by the CIA to compromise devices manufactured by Apple including the iPhone and Macbook Air… Techniques named in the release detail methods that could allow devices to be compromised between the manufacturing line and the end user or by a CIA asset in close proximity to a target.

“Within the released tranche is a tool known as NightSkies, which allows the CIA to infiltrate factory fresh iPhones and track and control them remotely, granting “full remote command and control,” to the CIA. NightSkies allows the CIA to take files from iPhones, including details from the owner’s phonebook, text messages and call logs.

“DarkSeaSkies is an implant that is found in the firmware of an Apple MacBook Air that runs in the background and allows the CIA command and control capabilities over a targeted device . A 2009 ‘user requirements’ document on DarkSeaSkies details how assets should install DarkSeaSkies.”

#Vault7: Assange says WikiLeaks ‘Dark Matter’ leak ‘small example’ of what’s in store (3-23-17 14:31)

” Julian Assange answered questions on WikiLeaks latest release in ‘Vault 7,’ named ‘Dark Matter,’ as well as the CIA’s ever-changing role and the impact this has on world affairs… “The second release in the series details the techniques that WikiLeaks claims are employed by CIA assets to compromise Apple devices between the manufacturing line and the end user… ‘Dark Matter’ is just “a small example” of material to come, Assange said, speaking via Periscope.

““These exploits that are used by the CIA can affect millions of people so it has to be done cautiously. There has to be security channels involved and there has to be agreements that the vendors will in fact be responsive.”

“Assange said WikiLeaks did not publish all details of the hacking techniques revealed in the leaks as it would result in both the “good guys” and the “bad guys” getting them at the same time… Assange said any fixes required by tech companies should take a few weeks and that the 90 day timeframe is sufficient. He added that if a company contacted them requesting more time, they’d be open to discussion.”

[Wikileaks “Dark Matter” release page]

—————————————————————-

Text of the release… (from https://wikileaks.org/vault7/darkmatter/)

Dark Matter, 23 March, 2017

Today, March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

“DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.

Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStarke” are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.