The CIA Has Killed the Banks - and Crypto Currency (Wikileaks Dark Matter)
You know how when you boot the computer, before the Windows or Apple logo comes up you can press F10 or F2 to go into your BIOS? That area is what Wikileaks Dark Matter revealed is hacked.
That area is in charge of loading your Operating System, generating the randomness for even the most advanced encryption, and all other modern security measures. This BIOS / ETI / Firmware infection attacks the root of Information Security.
The actual firmware of the system is pwned, which is independent of the hard drive and the RAM. A reinstall of your operating system is no longer a solution, throwing away the hard drive and RAM does nothing - once infected the system is lost forever.
The EFI / BIOS is loaded before your antivirus or malware protection, before your operating system, before anything that can protect you. Malware which burrows into this area can take a very small infection and install a gigantic, infinitely complex virus on your hard drive and then tell your computer that the entire infected area of your hard drive does not exist, or is empty - so that no anti virus can ever find whatever complex infection is produced.
Do you want to scan a system for strings that look like bitcoin keys or SHA keys or whatever encryption, done. You could monitor the keyboard itself, or monitor the USB data stream, or encrypted storage, and the operating system (much less the AV) would never even know.
Do you want to wipe a hard drive clean, or change existing data in a database without generating a transaction, or turn off the cooling fans on a room full of servers, done. No more need to hide the code, no more heuristic triggers, no more anti virus signatures catching the infection, the AV thinks the virus is just empty space - the possibilities are endless, this is a New World.
Whatever infects this BIOS / firmware / EFI area first owns the system - and from what I could make of the highly fragmented stream, it appears this can be done on Mac products straight out of the box - meaning you don't have to visit an infected link - you can be proactively targeted and attacked.
Macs run on the same underlying architecture Intel Architecture as PC's so if they can do it on an out of the box Macbook, they can do it on anything. The idea is that 1337 can now infect the firmware of a system - and that hardware wallets and bootable CD's rely on security that would be loaded after the infected firmware has already hidden whatever virus the attacker can dream up.
It makes attackers life soooooo much easier, no more obfuscating code, no more worrying if your virus gets caught by an AV vendor and signature added to the AV community products, no more heuristics - you could name you virus "Virus" and have it run a keylogger and save the keystrokes to disk and hide all of that obvious stuff from Antivirus using that BIOS infection to mark yourself off a little space anywhere in memory or on disk that is simply not available to the Operating System to interrogate - nothing can see what your virus is doing once you have owned the firmware that loads before any of the security stuff on the market today.
Anti Virus can't even scan memory well - we are a very long way from protecting the BIOS.
I don't know how Bitcoin and crypto currency survives in a world where information can no longer be secured.
It is only a matter of time before somebody gets this onto the Secure Network of America's Banks and starts passing out money and wiping debts until the whole thing collapses.
Thanks CIA - only you "Magic Bullet" douche bags could mess something up at this scale!
PS :
Due to the hacking only 3000 people watched the Periscope stream, and it hasn't been cleaned up and reposted anywhere yet, but even with the limited number of folks who saw entire Dark Matter Press Conference, look at that giant sell spike in trading on the very smart Russian BTC-E Index AS the conference was occurring - perhaps I am not the only one thinking this way, that crypto currency is severely over valued in a world where nothing is secure - though I do not see anybody else saying this.
It will likely be a day or two before the real uber geeks can do a deep dive on what this means - and I deeply hope I am wrong. So far Main Stream Media as been silent, or at best make it about hacked iPhones, not the end of computer security as we know it
Mine is set to "Legacy" instead of EFI - right out of the box. I always knew that uEFI was a bad idea. People load Fedora or a non-Ubuntu Linux solution on your new computers. These companies are not FOR you - they are AGAINST you. I am so pissed at Samsung right now!!!
EFI was the fix for rootkits so going legacy just opens a whole new can of worms - plus the CIA is attacking USB firmware and then not telling the manufactures about the vulns.
If we took a fraction of the money we spend destroying security and use it as a bounty for bug hunters we could have found these holes 5 years ago - I saw a white paper a decade ago saying this was possible but would be very hard - the CIA isn't contributing to security, they are free riding on the security community with their Afghan dope running money.
These guy even developed a tool called "Dark Mallet" which is designed to attack crypto currency! That was what made me post here.
WIkileaks is slow leaking for good political reason - but the entire CIA toolkit, which is every single CIA tool through at least 2013, maybe as new as early 2016 - alot of it isn't labelled so Wikileaks is clarifying for us what these tools do - but the tools are in the wild for a long time now, including crypto wallet attacks.
How do they have all of this hackery and facial recognition and yet the pedophile servers have hundreds of Terabytes of Pedo Porn running for years at a time. Every one of the people in those videos, who contributed the videos, who host the videos, should have been under the jail long ago.
I'm pissed too! They don't even try to protect us - the CIA made ISIS on purpose, they did 9/11 to us to start this Generation of War, they don't hunt Pedo's, they attack crypto wallets and iPhones so they can spy on us better!
FTG! Scatter the pissed on ashes of the CIA to the wind - the drug running War Mongers of the World!
I agree. I moved out of the U.S. A. for all those reasons. I can't stand my country. And it will be a cold day in hell before they see another tax return from me.
lol
Great angle on the Vault 7 stuff.
Some food for thought.
Thanks
Great article, thank you. This is why we need Coreboot and Libreboot so much.
Very cool - I didn't know folks where already working on the problem. I LOVE Open Source and will try one of these now that I know this is a problem! Will share when I do.
Are you getting a SSL error for Libreboot? It automatically redirects to HTTPS but gives an invalid cert.
Oh, my bad. This is the correct link: https://libreboot.org/
"Uber geek" on the case!
WikiLeaks Vault 7 Part II: "Dark Matter" - All your Macintosh are belong to CIA
Gotta Hack 'em All: Cracking Vault 7's Pokemon code
And for earlier Year Zero stuff
The CIA and NyanCat: The hackers and tools of Vault 7's "Year Zero"
The Good Fight podcast episode 3: A WikiLeaks, Vault 7 and Year Zero special
Stay tuned!
Great podcast and articles, you even tracked down some of the complicit parties. More of us geeks need to outright refuse to work for the government until the government starts working for the people. The CIA cannot do this without us geeks - and their money is blood money, Snowden's quarter million a year work from home in Hawaii is not worth touching the CIA's death cult fiat dope running money - I'll live poor and sleep well before I live well and worry on my soul.
It is so good to see folks are awake and fighting back !
Right on! My sentiments exactly!
Very interesting post @jredded #Upvoted & #Resteemed to nail this on my profile as a reminder of my old time adventures and for everyone else with a healthy curiosity.
'edit': Btw, forgot to say it. Also following you from now on. :)
:)
This is what happens when people let closed source software dominate their online lives.
I'd personally prefer totally open source alternatives to everything.