WikiLeaks


'WikiLeaks' Articles

WikiLeaks Publishes New 'Vault 7' Exploits Tested on Older Macs Running Snow Leopard and Lion

Earlier in March, WikiLeaks began "Vault 7," a project focused on sharing exploits created and used by the United States Central Intelligence Agency, beginning with leaking 8,761 documents discovered within an isolated network in Langley, Virginia. Following the release of iOS-related documents, as well as some Mac exploits, Vault 7's publications didn't specifically include Apple products for much of the year. Now, the leakers have shared two new exploits that are said to have been created under the codenamed "Imperial" project by the CIA. The first is called "Achilles," and WikiLeaks said it allows an operator to trojan a disk image installer on a Mac computer, giving the operator "one or more desired...executables" for a one-time execution. This means that a .dmg file could be downloaded by a user, containing malicious content, and dragged into their application directory without knowing. In the Achilles user guide, it's explained that the trojaned .dmg file would behave similarly to the original file, and that all of the operator's intended executables would run the first time the app is launched. Afterwards, all traces of Achilles would be "removed securely" from the .app file and that file would "exactly resemble" the original, un-trojaned application. Achilles was only tested on OS X 10.6, which is Apple's Snow Leopard operating system that launched in 2009. Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution. The second

Apple Devices Escape Mention in WikiLeaks' Latest 'Vault 7' CIA Hacking Documents

Wikileaks yesterday published its latest round of allegedly leaked CIA documents, detailing aspects of the U.S. agency's "Cherry Blossom" firmware modification program, which uses modified versions of router firmware to turn networking devices into surveillance tools. The document is the latest in WikiLeaks' "Vault 7" series of publications on CIA hacking methods. Previous leaks have detailed the agency's targeting of iOS devices and Macs, while this manual relates specifically to network routers: Once installed, the Cherry Blossom program can be used to monitor internet traffic, crawl for passwords, and redirect the target user to a particular website. The manual also describes how CIA agents might install the modified firmware. "In typical operation, a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation." While documents have not been made public that detail the "Claymore" tool, the latter tactic refers to the practice of intercepting the target device somewhere between the factory and the end user. The document lists several network products as susceptible to its hacking protocol, including devices from Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics. Apple's AirPort networking equipment does not appear on the list, however. The CIA has struggled to penetrate Apple's network router hardware in the past due to a combination of the company's robust encryption and its use of proprietary hardware. Previous Harpy Eagle documents published by

Apple Says WikiLeaks CIA Documents Are Old and Exploits Have Been Fixed

In response to a series of CIA documents leaked this morning that outline exploits the government used to gain access to Macs and iOS devices, Apple gave a statement to TechCrunch claiming that the documents are old and that the vulnerabilities outlined in the leak have long since been patched. Apple says the iPhone vulnerability only affected the iPhone 3G and was fixed in 2009, while all Mac vulnerabilities were fixed in Macs launched after 2013. We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013. We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn't in the public domain. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.The new documents, part of an ongoing "Vault 7" leak focusing on the United States Central Intelligence Agency, were released by WikiLeaks this morning. Codenamed "Dark Matter," the documents primarily covered techniques for exploiting and accessing Macs through a peripheral device like a USB stick. An iPhone exploit, called "Night Skies 1.2," was also featured,

WikiLeaks Continues 'Vault 7' With New Documents Detailing Mac-Related CIA Exploits

WikiLeaks today continued its "Vault 7" series by leaking details concerning CIA-related programs that were built with the intent to infect iMac and MacBook devices. Today's "Dark Matter" installation of Vault 7 follows a few weeks after WikiLeaks debuted "Year Zero," which focused on exploits that the CIA created for iOS devices. In a response the same day that Year Zero came out, Apple said that many of the vulnerabilities in the leak were already patched. Now, WikiLeaks is shedding light on Mac-related vulnerabilities and exploits, which the leakers claim "persists even if the operating system is re-installed." The project in question, created and spearheaded by the CIA's Embedded Development Branch, is called the "Sonic Screwdriver" and represents a mechanism that can deploy code from a peripheral device -- a USB stick, or the "screwdriver" -- while a Mac is booting up. According to WikiLeaks, this allows an attacker "to boot its attack software" even if the Mac has a password enabled on sign-up. In the report, it's said that the CIA's own Sonic Screwdriver has been stored safely on a modified firmware version of an Apple Thunderbolt-to-Ethernet adapter. Besides the Doctor Who-referencing exploit, Dark Matter points towards yet another bounty of CIA programs aimed at gathering information, infecting, or somehow crippling a Mac device. "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants. Documents on

Apple Says Many of the Vulnerabilities Detailed in 'Vault 7' Leaks Already Patched

Earlier today a new series of WikiLeaks leaks revealed the United States Central Intelligence Agency's efforts to hack iPhones. The leaks detail a number of iOS exploits that can be used to bypass security on devices. Tonight, Apple said in a statement provided to TechCrunch that most of the vulnerabilities detailed in the leaks have been patched. “Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates."Apple says its initial analyses indicates that many of the exploits detailed were patched in the latest version of iOS, and that it will continue to patch identified vulnerabilities. The Cupertino company closes by saying that it always urges users to download and install the latest version of iOS to ensure that they have the most recent security updates. The Vault 7 revelations aren't the first time the CIA has targeted Apple's mobile devices. In 2015 it was reported that the CIA worked on ways to compromise both iPhones

New WikiLeaks Series Details CIA's 'Specialized Unit' Dedicated to Creating iOS Exploits

In a new series of leaks focusing on the United States Central Intelligence Agency, code named "Vault 7," WikiLeaks has revealed 8,761 documents discovered within an isolated network in Langley, Virginia that "amounts to more than several hundred million lines of code." The code contains what WikiLeaks referred to as a "hacking arsenal" of malware, viruses, trojans, and weaponized "zero day" exploits for iOS devices, that could give anyone in possession of the code "the entire hacking capacity of the CIA." This "Year Zero" release is the first in the full Vault 7 series by WikiLeaks, and is said to act as an introduction to the capacity and means of the CIA's covert hacking program. The agency's abilities can take aim at a number of popular consumer products from companies like Apple, Google, Samsung, and Microsoft, turning everything from an iPhone to a smart TV into a "covert microphone." In its analysis of the released documents, WikiLeaks looked at how iPhones and iPads have been targeted by the CIA in the past, and how they can continue to be exploited in the future. Although Android remains a dominant force in the global smartphone market, WikiLeaks argued that a "disproportionate focus" has been placed on iOS devices by the CIA, most likely due to the Apple-branded phone's popularity. Because of this, the agency has a specialized unit in place within the Mobile Development Branch that creates and executes malware to infiltrate, take control of, and exfiltrate sensitive information from iOS products. The MDB's methods are said to include a collection of