Thursday, March 9, 2017

CIA Hack details - beware of what you read in the media

The media has a poor track record of getting security stories right, and the CIA Wikileaks document dump is no exception.  For example, they don't hack your TV over the network:
The CIA didn't remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. If you aren't afraid of the CIA breaking in an installing a listening device, then you should't be afraid of the CIA installing listening software.
So as long as you're not worried about a CIA operative breaking into your house, this specific exploit isn't going to be aimed at you.  Does this mean you should hook your smart TV up to the 'net?  Oh hells no.  Just no.

And this is pretty interesting:
There's no false flags. In several places, the CIA talks about making sure that what they do isn't so unique, so it can't be attributed to them. However, Wikileaks's press release hints that the "UMBRAGE" program is deliberately stealing techniques from Russia to use as a false-flag operation. This is nonsense. For example, the DNC hack attribution was live command-and-control servers simultaneously used against different Russian targets -- not a few snippets of code. [More here]
Like I said, it's hard to get stories like this right and mostly the Press doesn't.  There are more examples at the link.


Nosmo King said...

"The media has a poor track record of getting s̶e̶c̶u̶r̶i̶t̶y̶ any stories right, and the CIA Wikileaks document dump is no exception."


LindaG said...

They don't vet regular stories. They wouldn't know where to start with this one.
It feeds someone's paranoia or is an ends to a means for sure.