Posted on 03/23/2017 7:23:23 AM PDT by bigbob
23 March, 2017 Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.
Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.
"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.
Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.
Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.
While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.
Just don’t steal energy from the dark realm.
It irritates Darmammu.
Just don’t steal energy from the dark realm.
It irritates Darmammu.
Yes, firmware compromise is a rather scary business.
Worse than Macs, I wonder whats been done to Windows and Android machines.
And, we are worried...at least the Dems (and McCain)...are worried about the Russians.
Sheesh.
stay tuned, I suspect we will find out as the Vault is explored
And the CIA is one thing, but if they can do this anyone else could have, or these others could have exploited what the CIA was sticking in there.
The America of the Constitution prohibits unlawful search and seizures and guarantees security of person and property.
I miss that America. I suspect it is gone forever.
“DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” ...
Firmware is as deep as you can go short of the hardwired chip instructions. The Deep State has developed an obsession with spying on average American citizens while missing the big picture of islamic terrorism. It’s like some perverse form of corporate death-by-Excel where a company becomes obsessed with detail and fails to think strategically.
The methods disclosed here show us just how badly “someone” wanted this done. Few things are impossible if you have the resources of a nation-state behind you.
Many (not all) Windows computers include a built-in totally opaque proprietary system called Intel Management Engine/Intel Active Management Technology that facilitates remote management in corporate environments. IME/AMT has its own processor that has access to all the computer’s hardware at all times (unless the power and battery are physically disconnected). This includes the network connections and hard drives. It can do things invisibly to the operating system, and also interact with the operating system. What backdoors it may present and to whom are impossible to know.
If it is present on the computer then it is virtually impossible to disabled or remove. The BIOS setting to disable it only turns off the ability to change the configuration, and removing it without rendering the computer inoperable has only been achieved on a couple of models of computer.
AMD makes an equivalent technology.
Correct. This is a very likely vector for hidden and persistent compromise.
I wonder if it has been (probably), by whom, and the scale of compromise.
Freedom is never more than one generation away from extinction. We didn’t pass it to our children in the bloodstream. It must be fought for, protected, and handed on for them to do the same, or one day we will spend our sunset years telling our children and our children’s children what it was once like in the United States where men were free. ~Ronald Wilson Reagan
... You and I have a rendezvous with destiny. We'll preserve for our children this, the last best hope of man on earth, or we'll sentence them to take the last step into a thousand years of darkness." ~Ronald Wilson Reagan
Ed
It's not nice to use the sonic screwdriver without permission…
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.