Wikileaks, CIA documents and some sober thoughts

mobile apps crowdsourcing via social media network [CW cover - October 2015]

So, my less than favorite topic found itself at the top of my reading list today. Wikileaks released a treasure trove of documents today that purport to outline all manner of CIA related operations.

After I got passed the “what the actual…” moment, I had to pause. On social media and various news outlets there was talk of the CIA’s ability to compromise various encrypted communications. Hold that thought. We’ll come back to it.

The news that I’m seeing is outlining all sorts of commentary about how the CIA can compromise devices and computers right down to TV sets. This may come as a shock to people but, spy agencies…well, they spy. This is their raison d’être. Whinging about there capabilities is absurd in no under certain terms.

From the CIA’s website they have this as part of their missive about what they do, "CIA’s primary mission is to collect, analyze, evaluate, and disseminate foreign intelligence to assist the President and senior US government policymakers in making decisions relating to national security. This is a very complex process and involves a variety of steps.”

This should come as no surprise. We should dispense with the notion that they are running roughshod over people in the absence of evidence. A less than unpopular thought process but, you know, data to substantiate this sort of activity would be nice.

Further down the page they write, “The 1980 Intelligence Oversight Act charged the Senate Select Committee on Intelligence (SSCI) and the House Permanent Select Committee on Intelligence (HPSCI) with authorizing the programs of the intelligence agencies and overseeing their activities.” There is documented oversight. If the CIA wants to surveil a US citizen they actually need a court order. I can well imagine that the good folks at Muckrock are on this, like me on a slice of pizza.

When I peruse the documents as presented I can well imagine that someone is going to get in a world of trouble over this, to state the bloody obvious. This of course assuming that this document treasure chest is proven to be authentic. This sort of information, while salacious, will no doubt set back intelligence gathering activities as foreign adversaries will adjust and adapt to mitigate their risk based on this information.

I know I double checked to make sure my TV had it’s Internet access disabled. Although, I’m sure the poor analyst that might have to listen to me watch a Leaf game would have to receive danger pay as the temptation to slam their head into the keyboard would be palpable.

Going back to my earlier statement about intercepting communications on services like Signal, Confide and the like - we need to be clear. If an adversary has control of your mobile device or computer then of course they can bloody well see your messages. The first article I read about how these services are potentially “compromised” will send me into blind fury.

To further articulate this idea, if someone breaks into your house while you are sleeping, or out of town, they can roam about freely. Similar concept. If they’re hiding in your closet when you come home they can potentially hear everything you say. Let’s dispense with the bull regarding the efficacy of these services. They are very good at what they’re good at but, if your device is compromised then all bets are off.

To put a finer point on it as an example, there was an announcement this week that 11 critical and high vulnerabilities were patched in Android. My query is, how many mobile network operators provided their customers with the ability to patch said devices?

This isn't magic. Let's not give into the machinations and keep our heads about us shall we?


Copyright © 2017 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)