August 3, 2017
— WikiLeaks (@wikileaks) August 3, 2017
These CIA dumps get a little bit boring.
What I always tell everyone is: just assume everything is being monitored.
I agree with weev’s recommendation of Signal as the best end-to-end encryption app, but even that can’t stop a zeroday backdoor on your phone itself, which the CIA has. The FBI probably doesn’t have that, or at least can’t legally use it, but the CIA and the NSA certainly do.
And I mean, there are certain security measures worth taking. Nothing is as leaky as Skype, for instance.
But overall, it’s not even worth being paranoid. Just assume everything you do is being watched, and behave accordingly.
In fact, I would advise you to be skeptical of anyone who is overly concerned about security. They may be trying to get you to feel you’re safe to say things that you are in fact not safe to say.
Details of the CIA’s Dumbo project, a system that manipulates devices such as webcams and microphones on Microsoft Windows-operating systems, have been published by WikiLeaks. The program also corrupts video recordings, according to the leaked documents.
The whistleblowing organization released the files as part of its Vault 7 series on the CIA’s hacking capabilities.
According to Wikileaks, the technology is intended for use where the deployment of a special branch within the CIA’s Center for Cyber Intelligence could be compromised.
Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating system, according to the documents.
The earliest Dumbo document released by WikiLeaks is dated June 25, 2012. The Tool Delivery Review document states that the system’s capabilities are being requested by the CIA’s special branch to “deter home security systems that may identify officers or prevent operations.”
The program has to be executed “directly from a USB thumb drive,” according to a field guide for the system released by WikiLeaks on Thursday. The document indicates that the thumb drive has to be connected to the machine for Dumbo to work: “For the log to be maintained, the thumb drive Dumbo is executed from must remain plugged into the system throughout the duration of the operation.”
“Logging entries are also preceded by a header labeling if the entry is good, bad, or simply informative,” the field guide notes. “The following shows an example log excerpt:”
It identifies installed devices such as webcams and microphones, locally or connected by wireless (Bluetooth, WiFi) or wired networks, and it can block all processes related to the devices, including recording and monitoring.
A user guide dated June 2015 sets out Dumbo’s capacity to mute microphones, disable all network adapters, and suspend camera recording. The program notifies its operator of any files to which those processes were actively writing so that they may be selectively corrupted or deleted.
WikiLeaks suggests that by deleting or manipulating recordings the operator can create fake – or destroy real – evidence of their intrusion into the device.
Again with the making it look like someone else did it.
This seems to be very important to them.
I wonder why…