This is why, when it comes to nation-states, attribution is wishful thinking. Spy masters have invested the resources in technology and operational planning necessary to thwart investigators. Witness the CIA's Hive software:
"Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA..."
"Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated."
What? The CIA is masquerading as Kaspersky to launch attacks? Who would've guessed?... -BB(2017-11-09)
A campaign involving hundreds of journalists has spent the better part of a year wading through 13.4 million files acquired by the German newspaper Süddeutsche Zeitung. Here's a nutshell summary:
"[The investigation] reveals offshore interests and activities of more than 120 politicians and world leaders, including Queen Elizabeth II, and 13 advisers, major donors and members of U.S. President Donald J. Trump"
"One of the Kremlin-owned firms, VTB Bank, quietly directed $191 million into an investment fund, DST Global, that used the money to buy a large stake in Twitter in 2011. They also show that a subsidiary of the Kremlin-controlled energy giant Gazprom heavily funded an offshore company that partnered with DST Global in a large investment in Facebook."
Think of these documents every time you hear the political class mention "shared sacrifice". -BB(2017-11-05)
A WikiLeaks press release describes the CIA's efforts to develop firmware-level rootkits:
"Included in this release is the manual for the CIA's 'NightSkies 1.2' a 'beacon/loader/implant tool' for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.
"While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."
The notion that all of Silicon Valley's secret deals somehow ended in 2013 is delusional. In a recent interview Julian Assange calls out the usual suspects:
"Other companies affected by the CIA's hacking tools, such as Google, Microsoft and Apple, in contrast, simply forwarded WikiLeaks' offer to provide further information to their legal departments. Assange claims that this was done because these companies work with US intelligence agencies. It is also the reason that so many employees at such companies have US government security clearance, especially those who work in cybersecurity departments."
The bitter pill is this: you cannot have your cake and eat it too regardless of how much money the C-suites in the Bay Area throw at public relations and overt gestures of defiance. -BB(2017-03-23)
"By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified."
Cryptome has a history of being correct about spies and their ops. And so I'll repeat a prescient observation from John Young:
"The last thing CIA and its supporters want is a revelation of its manipulation of civilian leaders institutionalized by the 1947 National Security Act (also opposed by the military)."
Note the mention of anti-forensic techniques. Does this raise a few questions about allegations of Russian hacking? There's a reason why President Truman regretted the cloak and dagger authorization he granted the CIA. -BB(2017-03-07)
Update: The CIA has responded with an official statement. Which is essentially a pack of lies. The CIA's job is to implement policy which is mandated primarily by economic elites and organized groups representing business interests. It exists to assist in opening up markets and providing access to resources on behalf of oligarchic factions. Executive Order 12333 enables CIA operations within our borders. As Dennis Kucinich correctly notes "we are sliding down the slippery slope toward totalitarianism."
Several weeks ago, an exec at Microsoft called for a "Digital Geneva Convention." This may be interpreted as a public relations gesture by a documented NSA partner. Arms control in the cyber realm is nothing more than pleasant fiction.