CIA are o unitate secreta in cadrul sau, menirea oamenilor care lucreaza in ea fiind de a dezvolta software cu ajutorul caruia sa fie sparte iPhone, iPad si iPod Touch. Informatiile vin de la WikiLeaks, celebra sursa de informatii confidentiale privind diverse agentii guvernamentale de pe planeta si ar trebui sa fie credibile.
Cei de la CIA au realizat de ceva vreme ca au nevoie de exploit-uri zero-day pentru iPhone si iPad, asa ca unitatea aceasta avea exact aceasta menire. Exploit-urile zero-day sunt cele pe care compania Apple nu le cunoaste, deci nu are cum sa le blocheze de la o actualizare a iOS la alta si care pot fi folosite timp de ani si ani de zile fara intrerupere.
Conform WikiLeaks, aceasta unitate a CIA are multiple exploit-uri zero-day pentru iOS, acestea necesitand aplicare atat la nivel local, cat si prin internet. Exploit-urile au fost descoperite de catre CIA, FBI, NSA, dar si GCHQ, unitatea de informatii a Marii Britanii, altele fiind cumparate de la companii specializate pe securitate informatica.
CIA – unitatea secreta dedicata spargerii iPhone
Desi cei de la CIA au obtinut foarte multe exploit-uri zero-day pentru iOS, problema este ca multe dintre ele au fost “pierdute” si nu se mai afla in controlul agentiei. Se pare ca arhivele cu toate exploit-urile CIA au fost transferate intre diverse persoane neautorizate, dar cu legatirui cu guvernul american, iar astfel agentia a ramas fara ele.
“Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.”
Este destul de neobisnuit ca o agentie de informatii sa piarda atat de usor informatii atat de importante, insa cei care detin arhiva cu exploit-urile pot face tot ceea ce putea face CIA. Deocamdata nimeni nu a fost tras la raspundere pentru aceasta problema, insa probabil va exista si un tap ispasitor, avand in vedere ca pentru a obtine colectia de exploit-uri au fost facute investitii masive.
“Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
Separat de iOS, cei de la CIA au dezvoltat software pentru a ataca Android, Windows, macOS si alte sisteme de operare folosite la scara larga. In total, la sfarsitul anului 2016 CIA avea peste 1000 de tipuri de software pentru a ataca diverse sisteme de operare, codul total folosit pentru acestea fiind mai mare decat cel folosit pentru reteaua Facebook.
“By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”
CIA este o adevarata masinarie de spart sisteme de operare, iar in baza informatiilor de astazi se pare ca a reusit sa descopere metode prin care orice poate fi exploatat.
This post was last modified on mart. 7, 2017, 5:59 PM 17:59