Other author’s opinions
Troops: what will the new structure of the Ministry of defense Feb 28, 12:49
Sanctions: what will the decision of the outgoing President of the U.S. Dec 30, 2016, 17:21
The correct response to the data leak, the CIA would be the development of the global IT community to new standards of online security
The publication by WikiLeaks of an array of documents from the CIA under the code name Vault7 already called the largest leak in the history of the security services and is compared with the disclosure by Edward Snowden of the data about the programs of the national security Agency (NSA). However, even the first part of the publication (8700 documents) far exceeds the entire volume of the leak. Moreover, the representatives of WikiLeaks announced the continuation of the publication and stressed that while disclosed a smaller part of the data. According to some authoritative experts in information security, disclosed the projects of the CIA pose to users all over the world even greater threat than the notorious NSA programs, such as the famous PRISM. And the former employees themselves razvedrota the U.S. claim that the leak in its consequences for national security “is worse than Snowden’s revelations”.
At first glance, this story really has clear Parallels with the NSA data leak. In both cases we are talking about large-scale programs of the intelligence services, not limited to a narrow line or group goals. And the CIA and NSA independently from each other for many years developed universal tools to intercept electronic data, access to information systems and networks, overcoming information security. Like the NSA, the CIA is largely due to its extensive and convenient for a wide interpretation of the powers of the “patriot act” of 2001.
Even a cursory overview of the contents Vault7 shows that the intelligence service worked on the creation of tools, applicable perhaps to most of the most popular solutions and products. This includes exploits in server, desktop and mobile OS (Windows, iOS, Android) and low-level firmware user devices, network equipment (Cisco routers), software, firmware devices, smart TV (Samsung), transport and so on. The list of means of more extensive and includes sets of exploits and attached to them an extensive database of vulnerabilities, including zero-days, Trojans, viruses and worms, tools antivirus bypass, deceptive systems (Animoto) and other information security systems. Also, the CIA developed and maintained virtual servers to collect data coming from the listening devices; command and control servers that can be used to control the computer attacks, remote control of infected systems, and for other purposes. Finally, many analysts noted the presence in the data directory Vault7 draft UMBRAGE — a sort of catalogue of samples of malware have been developed and used computer frauds and hacking groups, which can be connected with foreign intelligence services. The goal is the ability to disguise CIA operations under other people’s actions and to send the investigation on a false trail.
All this is at least comparable to the extent and range of NSA programs. According to documents published by WikiLeaks, the development of means of interception data in the service is a separate group (Engineering Development Group), numbering at least seven specialized divisions, each of which is responsible for the development of certain types of tools. All these units included in the structure of the Center kiberrazvedki CIA. Like the NSA, the intelligence Agency has a network of own bases for operations abroad. These include the European “branch” of the Center kiberrazvedki at the site of the U.S. Consulate in Frankfurt-on-main, which acts as a base to coordinate operations of the CIA in Europe, Africa and the middle East. Interestingly, three years ago Germany was among the main objectives of the programmes of the electronic espionage by the NSA outside the United States.
The last frontier
External Parallels between the programs of the NSA and the CIA provoke the question as to whether the publication by WikiLeaks to consider the CIA and its programs as “NSA 2.0” — a more technologically advanced and aggressive version of the Agency-a competitor to seize the initiative to establish a global system of data collection? It is particularly important to understand whether the CIA to break those security mechanisms and trust, which became the response of the IT industry in the disclosed NSA programs. First of all we are talking about the introduction of the concept of data encryption “default”, including the global transition of Internet resources on a secure version of HTTP (HTTPS), as well as the flourishing of instant messaging and other data services with the use of end-to-end encryption (end-to-end encryption). These innovations after 2013 seriously changed as the market and regulations in the field of IT worldwide. For example, the deadlock in discussions on the implementation of the “Spring pack” for storage and decryption of user traffic is associated with the fact that the share of encrypted traffic in Runet about 40-50% and will grow rapidly.
The worst threat, which can carry disclosed the projects of the CIA, — development of tools guaranteed to crack the cryptographic protection in the implementations of key protocols and standards (AES, RSA, TLS/SSL), and thus to destroy existing security systems major IT vendors and the Internet in General. Yet, WikiLeaks disclosed on the basis of the data part, the CIA failed to do — and not even particularly tried. In fact this is the main “good news” in current history. Representatives of WikiLeaks inaccurately addressed this point in its analysis, stating that the development of the CIA allow “bypass cryptographic protection” and to collect data from secured services and instant messengers including WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman due to the “hacking” devices that have such services. Tools of the CIA, no doubt, enables you to collect data from smartphones, laptops, server equipment is the world’s largest vendors — but not by breaking the cryptographic protection software installed on them. We are talking about exploiting vulnerabilities in the architecture of operating systems, firmware and other software components of the devices using vulnerabilities “zero day”, Trojans, worms, viruses and so on. Data collection methods after establishing control of the device is fairly typical and is similar to the NSA programs (PRISM and XKeyScore): recording audio data is recorded user actions with the keyboard (key-logging), and correspondence in messengers is copied and sent to the command server by a snapshot of your screen and send files saved on your disk device. It would seem, to the user, whose data is stolen, still, if it compromised the cryptographic protection used by the services or not. In fact the difference is fundamental: even the most advanced attacks to exploit vulnerabilities in the architecture-specific models and products in the IT market require the delivery of malware to the device. For this we have to build a vector, for example, cause user to insert infected removable device media, go to a compromised resource or run on your device or downloaded came in the mail file with malware. In General, you need to bother to develop massive and bulky range of exploits and constantly enrich the database of vulnerabilities for a specific version of the OS and software.
Real overcoming cryptographic protection of key protocols and encryption algorithms would provide the CIA a far broader range of. There would be no need to develop a huge bestiary of malware. Having the option of a guaranteed cryptographic protection, the CIA could place funds in the interception of traffic on networks and to decipher the data streams of the same messengers, not bothering to deliver exploits and remote monitoring on a specific device. In the early 2000s, such opportunities are searched by the NSA under the program called ” Bullrun.” The Agency practiced voluntary and forced cooperation with IT vendors in the United States, forcing them to implement in their products, software backdoors, to bypass the cryptographic protection. In addition, the NSA was looking for fundamental solutions to crack protocols such as TLS/SSL, HTTPS, SSH. Success in the second direction would mean the de facto destruction of the environment trust, which operates the Internet. But this key line is still not taken, which is confirmed by the data Vault7.
An important difference between the programs of the CIA from their military colleagues that the CIA never had the task of mass data collection. The tasks of the NSA, which was revealed by Snowden, more global and abstract — the Agency sought to create tools to intercept and analyze the communication in part if not all of the Internet, its essential segments. The CIA, for all the scale of their activities, always engaged in trust operations. The best example here is good old Stuxnet: a very narrow task from scratch was established Arsenal of tools, guarantee the defeat of complex, highly protected target. In addition, the CIA has always been tightly closed to human intelligence and the collection of data that remains relevant in the Internet era. Under this model, the indiscriminate interception of huge raw data sets is unlikely to be a key priority. We can say that the NSA is trying to catch all the fish in the sea, and then, to understand what to do with it — while the CIA chooses a specific victim and hunts her down, taking the harpoon out of your giant Arsenal.
The publication of CIA documents indicates serious problems in the security system of the security services. Representatives of WikiLeaks claim that the CIA base has flowed under the bridge long ago, and for some time applied among the “community” of intelligence agencies contractors total population of about 5,000 people. It is important to note that the previous major data breach occurred through contractors, including Edward Snowden and Harold Martin, declassified archive “cyber weapons” the NSA in 2016 (both at the time of the leaks were employees of Booz Allen Hamilton, a contractor for the Pentagon and intelligence agencies). This point is hardly interesting outside the United States, however, can affect the course of the administration of trump, who has set a task to urgently solve the problems with national security in cyberspace.
Second, these leaks create a serious risk of uncontrolled spread of more than a thousand samples of malicious software. While the administrators of WikiLeaks is unlikely to post the codes publicly, their “spread” on the gray and black markets — a matter of time. Soon the practices the CIA will join the tools as hackers, and intelligence agencies. It is therefore very relevant question about the development of the international system of control over special operations in cyberspace. The specificity of IT is that leaks from the security services be made available to everyone, encouraging an instantaneous transfer of technologies and further “digital arms race”.
Thirdly, the information effect of current leakage, albeit less than that of Snowden’s revelations, of course, grist to the mill of supporters of the fragmentation of the global IT market. Under attack are the vendors of network equipment and developers of user devices and their software ecosystems, including primarily the OS. For States where national markets are large enough and have the desire for relative independence from global IT vendors, publications of WikiLeaks will be one more argument in favor of import substitution. However, such programs, including the development of projects based on open code, not necessarily raise the level of information security. The degree of fragmentation of the market depends on the mechanisms of trust in the Network, which is still not compromised. In fact, such a mechanism one advanced solutions, protocols and standards of cryptographic protection of information not yet in the teeth or the NSA or the CIA. However, the future development of techniques of quantum attacks on traditional public-key cryptosystem can be challenged and this constant. While cautious optimism inspires the fact that CIA programs, not much attention was paid to the work with the most advanced technologies, including quantum computing and quantum cryptography, neural networks and AI systems, and several others.
In the case of a correct response to the leak it can be a powerful stimulus for the international engineering community and the IT industry, which will cause the ecosystem to strengthen trust in the Network at the expense of search of new decisions on the level of technology, architecture and business processes. Several years ago, the industry and engineers have responded to the threat posed by the NSA, transferring communications on the Internet in an encrypted format. The disclosure of CIA programs may lead to faster solution of problems that actually arose not today. It is primarily on the harmonization and implementation of common principles and security standards for the Internet of things (IoT), data encryption at the lower levels of the network infrastructure of cyber-physical systems and industrial facilities (level of automated control system of technological processes ACS TP), the approaches to regulation and self-regulation in terms of safety of advanced niches of products and services such as smart transport. Sometimes in order to reconcile the interests of vendors, engineers, users, and governments need to present a serious threat to the interests of all stakeholders. Maybe in a few years still have to tell the CIA thanks.
The authors ‘ point of view, articles which are published in the section “Opinions” may not coincide with ideas of editorial.