| |
|
|
| |
|
|
WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks
WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports:
Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a simple DLL file.
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC.
Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network.
Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information.
Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools.
Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy. |
|
|
|
| |
|
| There are no conversations. |
| |
|
|
|
|
| Lisa Gansky |
At the global level, there are a growing number of city-based bike-sharing programs that take advantage of mobile devices to reserve your bike, keep track of it, and collect data that helps to improve the service. |
| Lisa Gansky |
Cities are ripe for redesign, and many are already well on that path. Cloud-based networks that provide easy and inexpensive access to and tracking of services like transportation, energy, waste management, bill pay, citizen engagement and more are testing and enriching their services. |
| Thomas R. Insel |
Nearly every business collects metrics on inventory, sales, and workplace process. Health care has been slow to measure these kinds of outcomes. Increasingly, general medicine, via either managed care or large practice settings, is improving by collecting data through electronic records and refining practice based on what works. |
| Dan Farmer |
Even if it was a difficult operation to copy a song, it only takes one person to do it. After that the spread of the song via the Internet or other means of propagation is only limited by the honesty of the users. |
| Naveen Jain |
The human brain works as a binary computer and can only analyze the exact information-based zeros and ones (or black and white). Our heart is more like a chemical computer that uses fuzzy logic to analyze information that can't be easily defined in zeros and ones. |
| Suzanne Farrell |
The steps must be second nature to me, so that the music seems to be drawing the steps out of me and I don't look as if I'm struggling to fit the steps to the music. |
| Bulent Ecevit |
There was expectations that the fights there, the operation there might be extended for several months, even for several years. But within a few weeks it ended, because obviously the Taliban wasn't a real force. |
| Stephen Cambone |
There is a reasonable concern that posting raw data can be misleading for those who are not trained in its use and who do not have the broader perspective within which to place a particular piece of data that is raw. |
| Georgina Haig |
When Disney was creating Elsa, they based a lot of her movements on that of a ballerina, which was interesting for me to find out because I actually did ballet years ago. That definitely informed some of the ways I made her walk and move. |
| Danny Elfman |
I think that's one of the things that has always put me in kind of an odd niche. It's that all of my understanding of orchestral music is via film, not via classical music like it's supposed to be. To me it's the same, it doesn't make any difference. |
|
|
|
|
NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet (
The Shadow Brokers -- the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency's weaponized software exploits -- just published its most significant release yet. Friday's dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world. Friday's release -- which came as much of the computing world was planning a long weekend to observe the Easter holiday -- contains close to 300 megabytes of materials the leakers said were stolen from the NSA. The contents (a convenient overview is here) included compiled binaries for exploits that targeted vulnerabilities in a long line of Windows operating systems, including Windows 8 and Wi...
|
| |
|
|
|
Hacker Group Leaks 'NSA's Top Secret Arsenal of Digital Weapons'
Hacker group 'The Shadow Brokers', which last year allegedly released top-secret tools that the National Security Agency had used to break into the networks of foreign governments and other espionage targets, today said it is disappointed with President Donald Trump, and released more such alleged tools. From a report on Motherboard:
On Saturday, The Shadow Brokers, a hacker or group of hackers that has previously dumped NSA hacking tools, released more alleged exploits. The group published a password for an encrypted cache of files they distributed last year. "Be considering this our form of protest," the group wrote in a r...
|
| |
|
|
|
Today, WikiLeaks publishes the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits.
Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US.
...
|
| |
|
|
|
Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report.
1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, T...
|
| |
|
|
|
WPA2 Security Flaw Puts Almost Every Wi-Fi Device at Risk of Hijack, Eavesdropping
A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. From a report:
The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an atta...
|
| |
|
|
|
CIA, FBI launch manhunt for leaker who gave top-secret documents to WikiLeaks
Last Updated Apr 20, 2017 1:38 PM EDT
WASHINGTON -- CBS News has learned that a manhunt is underway for a traitor inside the Central Intelligence Agency.
The CIA and FBI are conducting a joint investigation into one of the worst security breaches in CIA history, which exposed thousands of top-secret documents that de...
|
| |
|
|
|
Facebook Filed a Patent To Calculate Your Future Location
Facebook has filed several patent applications with the U.S. Patent and Trademark Office for technology that uses your location data to predict where you're going and when you're going to be offline. BuzzFeed News reports:
A May 30, 2017, Facebook application titled "Offline Trajectories" describes a method to predict where you'll go next based on your location data. The technology described in the patent would calculate a "transition probability based at least in part on previously logged location data associated with a plurality of users who were at the current location." In other words, the technology could also use the data of ...
|
| |
|
|
|
The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.
To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency?s term for the interception of electronic communications. Instead, it sought to broaden ?active? surveillance methods ? tactics designed to directly infiltrate a target?s computers or network devic...
This post is a comment.
|
| |
|
|
|
We are impressed by five prisoners in the US who built two personal computers from parts, hid them behind a plywood board in the ceiling of a closet, and then connected those computers to the Ohio Department of Rehabilitation and Correction's (ODRC) network to engage in cybershenanigans.
Compliments are less forthcoming from the State of Ohio's Office of the Inspector General, which published its 50-page report [PDF] into this incident yesterday, following a lengthy investigation.
The Inspector General was alerted to the issue after ODRC's IT team migrated the Marion Correctional Institutio...
This post is a comment.
|
| |
|
|
|
Phones Can Now Tell Who Is Carrying Them From Their Users' Gaits (economist.com)
Most online fraud involves identity theft, which is why businesses that operate on the web have a keen interest in distinguishing impersonators from genuine customers. Passwords help. But many can be guessed or are jotted down imprudently. Newer phones, tablets, and laptop and desktop computers often have beefed-up security with fingerprint and facial recognition. But these can be spoofed. To overcome these shortcomings the next level of security is likely to identify people using things which are harder to copy, such as the way they walk. Many online security services already use a system called device fingerprinting. This employs software to note things like the model type of a gadget employed by a partic...
|
| |