Select Page

Wikileaks Releases NSA Hacking Tools – What’s the Impact on You?

 


Transcript

TTWCP-DAILY-50_2017-03-10_Wikileaks-Releases-NSA-Hacking

Below is a rush transcript of this segment, it might contain errors.

Airing date: 03/10/2017
Wikileaks Releases NSA Hacking Tools – What’s the Impact on You?
Craig Peterson: We got a doozy TechSanity check today. You’ve heard of Wikileaks, I am absolutely sure. They’ve been all over the place. They’ve been criticized directly by President Obama. There are a lot of people who aren’t quite sure which way they come down when it comes to Wikileaks coz these are the guys that are taking secrets and releasing them. And we’re talking about government secrets. That’s really where they aim. And boy, is this a doozy episode. You heard about what happened to the NSA. We’ll be talking about that so stick around for a TechSanity check.

(TTWCP EARWORM)

Well, Wikileaks has announced that they have their hands on the CIA’s hacking tools, at least many of these things. And they are putting it on their website, in what they’re calling Vault 7. This is really something if it’s true. They’ve exposed something called Weeping Angel and others. I’ve had a look at it on their website. You’ll find a link to that website right here on my podcast and to that particular Wikileak document. Now, it’s not just documents, and by the way, we are talking about documents. Tons and tons of documents that are out there. They’re from the CIA’s Center for Cyber Intelligence, dated from 2013 to 2016. And Wikileaks is saying the largest ever publication of confidential documents on the agency. They released these documents as well as tools. Now that’s amazing. There’s 7800 plus pages with 943 attachments. Now we’re talking about web pages. So this isn’t just a printed page. This is a lot of information. And with 943 attachments, we’re seeing all kinds of computer code. In fact the entire archive of the CIA material consists of several hundred million lines of computer code. That is absolutely amazing.

So they have started leaking this stuff out. They’ve started publishing it. And this really is a big, big deal. The US probably has some of the best tools for hacking into systems of any government that’s out there. So now that they’re releasing them, I expect 2 things to happen. First of all, hackers are gonna jump on some of these stuff coz it’s worth a lot of money to them. And secondarily, we’re gonna find the vendors cleaning up their act with some of these bugs. Some of these problems that the CIA has been exploiting. One of the things that really concerns me about this from a technical standpoint is that apparently the CIA and the various allied intelligence services have managed to crack and bypass encryption on messaging services such as Signal, WhatsApp, and Telegram. Now I knew about WhatsApp. WhatsApp was compromisable. Signal is a bit of a surprise to me. So now, what’s safe? What’s compromisable? And also included in this, by the way, for android phones, is the ability for the NSA, the CIA, anyone who uses these, they can listen on your microphone on android phones. There’s a whole hack in there about how to do that. They have a software to do that without your knowledge. So it’s able to pick up the data stream coming from your microphone before it gets encrypted and sent off of the device.

So what does this mean to national security? Because a lot of our systems that are being used in the Department of Defense, that are being used in the White House, that are being used in all kinds of critical operations. The Secretary of State’s department, they have these vulnerabilities. It’s not as though the NSA said hey, we found a bug, or we found a vulnerability so let’s make sure we use it to hack various foreign intelligence computers, but let’s also do one more thing. Let’s inform everyone out there in the computer world about the bug so that no one else will be able to use this bug, right? And obviously, that’s the part they don’t do because they want to use the bug. They want to use the vulnerability. Particularly like zero day exploits. Exploits that no one else knows about. And I get it right? I understand that. They wanna be able to hack in. So what are we to do now? Because with this information out, our business systems are compromised. Well, it basically includes all systems. I mentioned android, right? Obviously, Windows. But there’s hacks in there for various versions of Linux as well, which is used in a lot of servers, server farms.

My last daily I talked about using some of these cloud services to store our confidential files including HIPAA related files, our medical files. So what are we gonna do? The bad guys are gonna be able to get at it. Foreign governments are gonna be able to get it. Now, let’s talk about the Russians hacking right? They’re gonna be able to get at it. Iran. North Korea. All kinds of people who consider themselves enemies of the United States. They’re all gonna be able to get at this data and use this data against us. The information is in there, as well as the millions of lines of computer code that are used to compromise our computers. So expect a lot of patches from a lot of vendors. Dell, just last week released some patches for major security vulnerabilities in Dell’s Enterprise Storage servers. Major, major stuff here so make sure you upgrade. Make sure you patch. Make sure you keep everything as secure as you can get it because you don’t want to go through the hassle of having to restore your identity. Of having to fight with the credit reporting companies and others about something that just isn’t correct or someone stole your identity. They bought a house, they bought a car. Identity thieves are now using your identity when they commit crimes. They get caught by the police, they just give your identity. And so people have been stopped for traffic tickets and it turns into a felony arrest because someone used their identity to commit a felony in another state. So this is a very, very, very big deal.

Now how about the other side? How about our intelligence services? If all of their tools are out in the open, you can bet that the other guys are gonna patch everything up at least as best as they can. They know about the vulnerabilities so they will use other software that doesn’t have the same vulnerabilities. So how does our intelligence gather information? It ties right back into what happened here with Donald Trump and his accusations about being wiretapped. You know he was wiretapped. Everybody knows the country’s wiretapped. Everyone in Canada is wiretapped. In Australia, in the UK, in Germany. Everybody’s wiretapped. So we know that much. But how much other information can they get beyond just wiretaps with these new tools that have come out of the National Security Agency. That’s a question. That’s a problem. Well, of course we’ll kinda keep tabs on these as we go forward. But it’s a very big deal. I think everyone needs to be aware of, cautious of, and we have to have a national discussion. Are these people who are releasing information, who are telling us about what the government is doing that may be unconstitutional in their eyes? Maybe illegal even in their eyes. Do they have the right to get that information out? Now, look back to journalists, right? Journalists who used to do their job of investigating power, right? Investigating the government. Truth to power, right? To quote Al Gore’s latest movie. You know, are those journalists guilty of committing crimes because they used confidential sources and they got information about misconduct by government agents, by government agencies? By the people who are supposed to be working for us and in our favor, right? Of course, we’ve praised these people. Some of them have gone to jail because they refuse to give up their sources in the past. But it’s the only job that’s mentioned in the constitution, right? The freedom of the press.

Well, where does it begin and where does it end? Is Wikileaks the press? Do they have the freedom to release confidential information from the United States? From our various agencies? How about the code that the NSA uses, do they have the right to release that? What are the reporters reporting on that? A lot of questions here and a lot of problems and as usual, our laws are far behind where technology sits. And we gotta update those. As I said, we’ll keep tabs on them. If you have any information, I’d love to hear from you. Let me know. Get your advice on what you think I should be doing on this show. If you have any topics you’d like us to cover. Always love to get advice from our listeners. So, think about it and visit us online. Or just send me an email, producer@craigpeterson.com with a little advice. I always appreciate that. And you can also just text it to me if you have something that you come across, you can just send it right straight to my cellphone, 855-385-5553.

Have a great day. We will be back tomorrow with another TechSanity check. Visit online at http://CraigPeterson.com. Bye-bye.

Show Notes:

Wikileaks announced that they have their hands on the CIA’s hacking tools, and they are putting it on their website in what they call “Vault 7”.

They’ve exposed something called “Weeping Angel”, from 7,800 plus pages with 943 attachments of confidential documents. These documents were from the CIA’s Center for Cyber Intelligences dating back 2013, and this is the largest publication of confidential documents on the agency. Together with the documents were tools as well.

Find out more today!

Related articles:

More stories and tech updates at:

Don’t miss an episode from Craig. Subscribe and give us a rating:

Follow me on Twitter for the latest in tech at:

For questions, call or text:

  • 855-385-5553

 

Thanks, everyone, for listening and sharing our podcasts. We’re really hitting it out of the park. This will be a great year!

Download your "Special Report on Passwords and Password Security"

You have Successfully Subscribed!

The Next Masterclass is Coming Soon!

Fill out the form below and be notified as soon as the registration for the next Masterclass opens.

Thank you, we'll notify you as soon as the Masterclass registration opens!