CIA Tried To Crack Security of Apple Devices 119
According to a story at The Guardian passed on by an anonymous reader, The CIA led sophisticated intelligence agency efforts to undermine the encryption used in Apple phones, as well as insert secret surveillance back doors into apps, top-secret documents published by the Intercept online news site have revealed. he newly disclosed documents from the National Security Agency's internal systems show surveillance methods were presented at its secret annual conference, known as the "jamboree."
In some way, obvious (Score:2, Redundant)
If i wanted to really know someone, I'd bug the computer in their pocket with the GPS and the microphone.
The big news is, when does the "hey lets go after foreign enemies" change to "well, american, foreign, it's all the same to me"
The hacked compiler is kind of interesting too. Lets insert backdoors into ALL TEH iTHINGs!!!
Re:The Big News (Score:4, Insightful)
Less a yawn, more a "duh, we already knew the NSA is the enemy".
Re: (Score:1)
Less a yawn, more a "duh, we already knew the NSA is the enemy".
They probably also write some of the more popular free games/apps out there as well. Not a great way of bugging a phone but still a way of getting their malware out there. Or at least it wouldn't hurt...
Re: (Score:2)
The telco network tracks a person, the soft glowing power down and sealed battery design ensure a device is always network ready, the hardware is mic, text, gps gov wiretap friendly as designed. Games help keep a person wanting to ensure the device is powered and in use during the day and into the n
Re:The Big News (Score:4, Interesting)
Re: (Score:2)
Cameras? Who needs cameras when you have Edward Snowden?
Privacy is a problem even for the NSA. It just doesn't manifest in the same way for agencies as it does for people.
If you can take a relatively idealistic employee of an agency and have them be willing to flee the country for nothing other than principle? I'd say that is an issue.
Some people are going to be more effective at protecting themselves than others, but if the NSA can't keep its secrets, just about anyone is vulnerable.
Re:The Big News (Score:5, Insightful)
The difference is maybe that the fire department can't yell "witch"... sorry, I mean "terrorist" and have someone arrested that isn't to their liking.
Re:The Big News (Score:4, Insightful)
And neither can the NSA. Technically. Unlike the CIA, the NSA is a signals intelligence organization with no enforcement power and no operational branch to speak of. It's threat is simply that it can provide information very efficiently.
In reality, any government organization has the capability to get you arrested, even the fire department, based on either an interesting interpretation of their powers, or their ability to turn over information to someone who can arrest or otherwise harm you.
I'd also point out that in a certain book, the "firemen" were those who entered areas to burn that which threatened the existing order. The parallel is intentional. The government is what its powers are and how they use them. Labeling something as "fire department" or "police" or "signals intelligence" or "health care" is only valid in the sense that the government maintains that separation or can somehow be forced to do so.
The problem with the NSA is *not* that they collect intelligence on US citizens. Your internet provider accidentally does that every day for troubleshooting purposes. It is that we fear that the NSA can turn into an organization bereft of limitations on what they can *use* the information for and who they can share that information with. The ability to get away with that can affect any agency of the Federal government, from DHS to HHS.
Re:The Big News (Score:5, Informative)
For the most part, the fire department doesn't drive around stripping off insulation from electrical wires or drilling little holes in gas pipes under your house. Sure they _theoretically_ could, but the CIA is actually at this very moment doing this exact thing.
The biggest part of this story is a poisoned Xcode, and it's not even mentioned in TFS. WTF?
https://firstlook.org/theinter... [firstlook.org]
Re: (Score:2)
For the most part, the fire department doesn't drive around stripping off insulation from electrical wires or drilling little holes in gas pipes under your house. Sure they _theoretically_ could, but the CIA is actually at this very moment doing this exact thing.
I think that the firemen had their chance at such a career when they were called out to use their water hoses on protestors during the civil rights movement, which they did a couple of times. Then, there were arsons set which turned out to be sniper attempts to shoot firemen that came to fight the fire. After that, firemen typically will loan their equipment out to police for such things, but refuse to get involved themselves. As pretty much the only uniformed service that people actually like rather than f
Re: (Score:2)
After that, firemen typically will loan their equipment out to police for such things, but refuse to get involved themselves.
They were snooping around people's property out here in the emerald triangle, too, and then they got shot at and now they aren't doing that any more.
Re:The Big News (Score:5, Insightful)
I will correct you on one thing. We don't fear the NSA will turn into something evil, we know it will. Power leads to corruption and abuse of authority. 70,000 incidents of NSA operatives spying on their significant others in contravention of the law with NO repercussions to those individuals is proof enough that the NSA will eventually abuse it's authority in a significant and likely very bad way to our democracy.
Re:The Big News (Score:5, Interesting)
Although I am not as certain as you are, I agree that the NSA could use that power nefariously. I just think the outrage is missing the point. We're piling our dislike on one agency, while calmly ignoring the threat of the whole.
I'm not defending the NSA. Far from it. I just want to clarify that I feel that the NSA is merely on the bleeding edge of that sort of abuse. We could throw every NSA staffer in jail and shut down all its functions, and all we've done is put a finger in an increasingly unstable dyke because we're not addressing the actual problem, just the symptom.
The problem is simply that all of that information is there, whether it is the NSA or the FSB or Google that has it. The NSA isn't some shadowy organization using alien technology hundreds of years ahead of us, it's just slightly ahead of the curve. Until you address that, you're just going to play whack-a-mole with whatever agency decides to overstep its bounds next Tuesday.
Re: (Score:3, Insightful)
Re: (Score:2)
Yeah, except you're not going to opt out. Not really. Oh sure, you might opt out of Google or some specific company for some specific purpose, but you're still going to opt-in everywhere else and they're all collecting your data.
You're more likely to be hit with annoyances like targeted sales calls or social engineering from random non-governmental actors than you ever will be by something like the NSA. The NSA doesn't care about you, it doesn't care about me. Not unless you fit a profile, and that prof
Re: (Score:1)
Re: (Score:2)
I will correct you on one thing. We don't fear the NSA will turn into something evil, we know it did.
ftfy
Re:The Big News (Score:5, Insightful)
The very act of having an nationalized health care system would put as much personal information in the hands of the US Government any random NSA snoop of Wikipedia or break in on someone's mobile would.
What utter fucking bullshit.
Can my health records determine who I am friends with? Where I go? Where I browse online? Who I communicate with? What investments I have? And 100 other things the gov't could (and have) use as leverage to get information out of me if they wanted.
Re: (Score:2)
I disagree with your assessment of the comparative threat. All of those things are interesting, to be sure, but were never actually *private*, as in privileged or personal. There was just never a particularly easy to put that information together, but for the most part, none of that is actually personal.
Heath care information is actually personal, and includes a lot of details, including payment details, specific and possibly embarrassing health conditions, and a lot of other things you'd have no other wa
Re: (Score:2)
All of those things are interesting, to be sure, but were never actually *private*, as in privileged or personal.
Again, what utter fucking bullshit. Communication is still considered private when done in private. Note I didn't say everything was being done online.
Healthcare is private too, but that doesn't mean everything else isn't.
Re: (Score:1)
Do you think that the US would exist separate from England if the king was able to determine where everyone went and who they communicated with? No, instead the founding fathers would have all been executed and the subjugation of the American people by a tyrannical dictator would have continued. If there is no threat from the people, what will stop the US government from becoming tyrannical?
Have been shown how they would have done it... (Score:2)
"Using Metadata to find Paul Revere"
http://kieranhealy.org/blog/ar... [kieranhealy.org]
Paul B.
Re: Have been shown how they would have done it... (Score:2)
Fascinating and funny. That may be old hat to anyone with a math background, but it's an interesting first look into Social Networke Analysis for me.
Re: (Score:1)
What utter fucking bullshit.
Can my health records determine who I am friends with? Where I go? Where I browse online? Who I communicate with? What investments I have? And 100 other things the gov't could (and have) use as leverage to get information out of me if they wanted.
May not. But what if they wanted you out of the picture by inserting a history of mental illness or paranoid schizophrenia into your medical health records. That could be an excuse to confiscate your guns or have you institutionalized. And these are the things off the top of my head, I'm sure the govt. could come up with even more sinister/evil things to do to one's records.
Re: (Score:2, Interesting)
Re: (Score:3)
Damn straight, It's so much better to have a private company of unelected MBAs deciding those things rather than elected representatives.
Re: (Score:2)
Re: (Score:1, Insightful)
Re: (Score:2)
And 100 other things the gov't could (and have) use as leverage to get information out of me if they wanted.
No to everything before this. Big yes to this.
Re: (Score:2)
Sorry, no. As despised as the IRS is, it performs according to it's charter and the constitution (for the most part).
The NSA is an actual domestic enemy of the people. It's activities are illegal and it is actively damaging everyone's rights and security.
Nationalized health care would NOT give any government agent the ability to know exactly where I am most all of the time like the NSA illegally hacking my phone would. It would not let anyone know who I talk to, when that happens, or what was said like the
Re: (Score:2)
A charter is a piece of paper to those who have power and know how to get around it.
We're effectively assuming that we can trust some government bureaucrats in a government but not others. What makes the IRS more trustworthy? We have some evidence that at least some of them are not. Do we wait until they've more fully broken our trust before we question their desire to accumulate more and more information?
Candidly, I am not entirely sure I see the difference between what the NSA is collecting, and what w
Re: (Score:2)
I won't claim the IRS is angelic. In fact, I think we need to review what information they collect to be on the safe side.
But the NSA has clearly stepped over the line. It is no longer a possibility to worry about, it is a fact. They aren't just a potential enemy to be watched, they are an actual current enemy to be eliminated.
Re: (Score:2)
Re: (Score:2)
I can understand the fifth amendment, but self incrimination is not the same thing as looking at your paper trail, and the fourth amendment concerns I see are just the same old standard fourth amendment issues we tech people have with all government agencies.
Re: (Score:3)
The NSA is no more the enemy than the IRS or any other government agency that will keep information on us.
so... they are all the enemy
Re: (Score:2)
Re: (Score:2)
The NSA has files on everyone. The NSA has files on everybody in power. They are all corrupt. Hence the NSA has blackmail information on everybody in power.
Re: (Score:1)
The big news is that Snowden's 15 minutes of fame are over. These "revelations" are being met with a big yawn.
Which is a development that is meeting with much approval in the headquarters of the CIS, NSA, FBI, MI5, MI6, BND, MAD, DGSE, DGSI, BRGE, .... and anywhere else where revelations about the government monitoring every move of the voting public are potentially damaging to the funding of the aforementioned organizations.
Re: (Score:1)
Re: (Score:2)
You need a government for that?
Required Reading (Score:5, Informative)
http://cm.bell-labs.com/who/ken/trust.html
Re: (Score:3)
The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor's house. It should not matter that the neighbor's door is unlocked.
Even 1984 that was a pipe dream.
Re: (Score:2)
Jailbreak developers are the real patriots (Score:5, Interesting)
Through their hard work, numerous exploits have been discovered, which has led to Apple patching them, which in the end keeps us all more secure.
Re: (Score:2)
If one doesn't download pirated .ipa files, the main repos are quite clean.
There are still a ton of features that JB-ing makes useful:
1: The ability to have an app check a number against a database and drop it/send it to voice mail before ringing the phone. Mr. Number does this on Android, and severely cuts down on spam.
2: An app like PMP (Protect My Privacy) comes in quite handy when an app like Snapchat won't run unless it has access to the camera. Well, it can have camera access... but the lens cap w
Is this a Bears Sh1t in the Woods story? (Score:3, Interesting)
I mean honestly , hands up who DIDN'T think this had happened?
Ok , you and you over there - hand in your geek badges at the door on the way out.
Re: (Score:2)
Nope. Sorry, but nope. The people will lament, they will complain about the loss of privacy and their freedoms, then return to posting their holiday plans on Facebook.
Re: (Score:2)
Re: (Score:3)
The more the masses are aware the more they will not only respect but use secure communications. You may now go back to shitting outside just watch out for the trail cams.
Bullshit. The masses could care less.
How many of your friends stopped carrying cell phones, or stopping using free webmail and file storage services, after NSA revelations came out?
The only way the masses are going to give a shit is if giving a shit is the default option. Every other configuration requires actual effort and thus is ignored.
Re: (Score:2)
If the masses could care less, it means they already care a bit. See, it's not all dark and gloomy.
Re: (Score:2)
Re: (Score:2)
Who said they can't? This story seems to suggest that they can't, which makes it all the more interesting to ponder why this story exists altogether.
Re: (Score:3)
You're misunderstanding. If you create a form of encryption to which you do not hold the keys, all of the compelling in the world isn't going to do anything. Which is what most modern OS's including ios do.
Re: (Score:1)
Who said they don't hold all the keys?
Re: Is this a Bears Sh1t in the Woods story? (Score:2)
Obligitory hit him with a $5 wrench xkcd.
Re: (Score:3)
Re:Is this a Bears Sh1t in the Woods story? (Score:5, Insightful)
The sad part is that you can take whatever atrocity you would have attributed to the Commies in the 1980 and transplant it to today's "world of the free" without losing any credibility. Take whatever story from back then, replace "Russia" with "USA" and "KGB" with "NSA" and you're good for another headline.
Ok, you could have done that any time. But now it doesn't take a conspiracy nut to consider it credible.
Re: (Score:1)
Sending political prisoners to asylums on a regular basis?
Shooting people who try and leave your country?
Covering up gigantic nuclear power plant meltdowns until there's so much radiation that denying it ceases to have a point?
So here's me saying that I don't really agree with you on your assertion.
Re: (Score:3)
Sending political prisoners to asylums on a regular basis?
We still have the Guantanamo Bay prison open. Not really political prisoners, but a number are innocent yet still stuck there. The government does go after people who try to act politically. They just don't send them to asylums (usually). But they do try to intimidate them, interfere with their plans and try to discredit them publicly.
Shooting people who try and leave your country?
Yeah, we don't do that, thankfully.
Covering up gigantic nuclear power plant meltdowns until there's so much radiation that denying it ceases to have a point?
Remember when the EPA said it was safe for people to return to lower Manhattan after 9/11/01? It wasn't, and they knew it.
So here's me saying that I don't really agree with you on your assertion.
I don't compl
Re: (Score:2)
Shooting people who try and leave your country?
Since, according do your statement, they succeed in leaving the country, it's kind of hard to shoot them afterwards. On the other hand, they sure did shoot people who tried to leave the country.
Re: (Score:3)
Sending political prisoners to asylums on a regular basis?
Only the unpleasant ones. For which the US has a much more sensible system than the USSR had. The US learned that you don't have to silence everyone who speaks out. Only those that could have an impact and develop followers. That's also the reason for free speech, or what's left thereof. As long as you don't get too many listeners, you can say whatever you want, it doesn't matter anyway.
Shooting people who try and leave your country?
Only 'cause it ain't necessary. Where do you want to go? There is no "West" you could flee to. The whole world works to th
Re: (Score:2)
Take whatever story from back then, replace "Russia" with "USA" and "KGB" with "NSA" and you're good for another headline.
Shooting people dead for trying to leave the country?
Re: (Score:3)
wait for it. it may come to that. it's a logical extension of current trends. when those with money and skills exit faster then the flood of unskilled government benefit seekers. we can't very well have all the greedy producers abandon all the needy voters.
not too far fetched.
Re: (Score:2)
I was just walking my dog one day and BOOM, my dog lost a leg.
Re: (Score:3)
Re: (Score:2)
I was aiding GDR refugees fleeing from Hungary to Austria. It's been quite a moving time for a young person.
Granted, that was during the quite interesting months just prior to the Berlin Wall coming down, but that's not the point. And I call it Russia because that's the name it has today. Plus, it's shorter than Soviet Union and I'm kinda lazy.
We're not quite there yet, granted. And we sure are far away from what the SU was during the Stalinist era. But so was the Soviet Union, even there things were not as
proper title (Score:3)
CIA Tried To Crack Security of Apple Devices when the NSA already did
should've just asked, bros!
Compiler compromise (Score:5, Interesting)
Reflections on Trusting Trust [bell-labs.com]
Re: (Score:2)
I was thinking about whether they planted a self propagating back-door into LLVM/CLANG, but that seems fragile as both CLANG and LLVM can be compiled with other compilers (recent versions of MSVC and GCC for example) -- that would likely clear out a hidden back door unless they have compromised *all* the compilers. (And I certainly wouldn't put that past them.)
(Waves to friendly NSA/CIA/CSIS/GCHQ analyst.)
Re: (Score:2)
The US gov has a few options as the public history of the NSA and GCHQ shows.
Ensure the product design is set to a standard thats open to the security services.
Generations of brand staff help the security services with every product and network as developed.
The security services set up their own front company and sell to the world over decades setting tame junk standards.
Any other method will
Re: (Score:3)
Re: (Score:2)
likely succeeded too (Score:3, Interesting)
you know that DRAM hack-attack that was just made public? how much you wanna bet the US gov had a hand in making that possible?
Re: (Score:2)
you know that DRAM hack-attack that was just made public? how much you wanna bet the US gov had a hand in making that possible?
I doubt that. My guess is it's just a prime example of cutting costs. It's cheaper to run non-ecc ram, and it's cheaper to implement software based ECC, then it is for hardware ECC.
Corporations want to make as much profit as possible, and the best way to to use cheaper components when making stuff.
Unless you mean the actual software to exploit it? This issue isn't new, just no one has actually made a proof of concept and shared it with the public. Guess it is quite possible that other people (NSA, Ha
Re: (Score:2)
TFA mentions several things. First, they tried to write their own version of Xcode and tools to be able to substitute it on a victim's machine, they also tried to crack Apple's keys (which TFA claims they didn't manage to do) - it's unclear if it's Apple's signing keys, the per-device iOS keys, or what) etc.
I think the CIA would've had an easier time if they just jailbroke the devic
Re: (Score:2)
Clearly, the NSA has compromised the laws of physics.
I hope no one believe that is true (Score:3)
Re: (Score:2)
as well as insert secret surveillance back doors (Score:5, Insightful)
I don't think this is a "tried to" at all, just look at the permissions a lot of stuff asks for.
Facebook, a bunch of EA games, Angry Birds, etc all ask for insane permissions ranging from your full contact list, to seeing who you are on a call with to accessing the microphone. It's a spook's wet-dream.
Another Iceberg (Score:2)
Worry only when they stop (Score:2)
The big news is not that the CIA was trying to break in. Hearing that they were trying means they still needed to get in.
Its when you STOP hearing they are trying. Because the only time they STOP trying is when they have in fact achieved their goal. These are not people who give up when it's too hard. They never quit. Unless they've won.
It's not clear to me... (Score:1)