WikiLeaks has released the latest batch of documents in its Vault 7 series of documents related to the CIA’s espionage programs. The latest release, dubbed ‘Dark Matter,’ reveals the specific techniques used to target Apple products.
The release discloses the alleged details of methods employed by the CIA to compromise devices manufactured by Apple including the iPhone and Macbook Air.
In a statement from WikiLeaks, the whistleblower group said Thursday’s ‘Dark Matter’ leak includes details of the ‘Sonic Screwdriver’ project, described by the CIA as a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.”
Techniques named in the release detail methods that could allow devices to be compromised between the manufacturing line and the end user or by a CIA asset in close proximity to a target.
The leak came just prior to WikiLeaks latest press briefing which was scheduled to take place at 10am ET – it has since been delayed. The last Vault 7 press conference was cancelled after Julian Assange claimed their streaming services were being attacked.
The projects, developed by the CIA’s Embedded Development Branch (EDB), attack Apple’s firmware meaning that any infections are persistent regardless of efforts to remove them, including if the operating system is reinstalled.
WikiLeaks said this allows an attacker to boot its attack software from a USB stick on to a device even when a firmware password is enabled on the device, meaning the read-only memory of a device can be modified using ‘Sonic Screwdriver’.
The infector is stored in the Apple Thunderbolt-to-Ethernet adapter, claim WikiLeaks.
The latest leak consists of five documents, ‘Sonic Screwdriver’, ‘DerStarke v1.4’, DetStarke v1.4 RC1 – IVVRR CHecklist’, ‘Triton v1.3’ and DarkSeaSkies v1.0 – URDSee more’.
Within the released tranche is a tool known as NightSkies, which allows the CIA to infiltrate factory fresh iPhones and track and control them remotely, granting “full remote command and control,” to the CIA.
NightSkies allows the CIA to take files from iPhones, including details from the owner’s phonebook, text messages and call logs.
The revelation that the CIA is physically infiltrating factory fresh phones suggests it has accessed an organization’s supply chain, meaning they may be intercepting the phones as they are shipped to targets, with CIA agents or assets tampering with suspects’ phones before they have even been received.
Also included in the documents are details about a number of other tools employed by the CIA to infiltrate Apple products, affording the CIA a variety of command and control capabilities.
DarkSeaSkies is an implant that is found in the firmware of an Apple MacBook Air that runs in the background and allows the CIA command and control capabilities over a targeted device . A 2009 ‘user requirements’ document on DarkSeaSkies details how assets should install DarkSeaSkies.
The second data dump comes two weeks after Assange said WikiLeaks will give tech companies exclusive access to leaked information they obtained from the CIA in the first part of ‘Vault 7’, known as ‘Zero Days’.
“A vehicle with French plates has tried to drive at high speed into the Meir [shopping street] so that pedestrians had to jump aside,” Antwerp police chief Serge Muyters told a news conference.
“Our army colleagues forced the driver to stop but he pulled away and ran a red traffic light. We sent a special forces team and the car and the driver were stopped.”
“A man in camouflage was taken away.”
The car was intercepted at nearby port docks, according to the federal prosecutor’s office.
Authorities said they found knives, a gun, and a gas can with an unknown liquid in the car, Reuters reported.
“Different arms were found in the boot, bladed weapons, a pump-action rifle and a container of as yet unidentified liquid,” Belgium’s federal prosecutor said in a statement, as quoted by AFP.
“Because of these elements, and the events in London yesterday, the case is being taken on by the federal prosecutor’s office,” the statement added.
The man is of North African descent and is believed to be a radicalized Muslim, according to the media.
He has been identified as 39-year-old Mohamed R., a French national who resides in France, according to De Standaard.
French President Francois Hollande also said the incident appears to involve a French national.
“It seemed to involve a French national, with possibly a certain number of weapons in his boot – it’s up to the judges to make a statement on that – who was looking to kill or at the very least create a dramatic incident,” Hollande told reporters.
“Therefore we must continue to be on high alert and mobilize all our forces,“ he added.
Belgium’s federal prosecutor also said the suspect was French.
A perimeter has been set up around the area and a bomb squad has been deployed.
Additional officers and military personnel have been deployed throughout the city, according to Antwerp police.
Belgian Prime Minister Charles Michel has praised the city’s authorities for doing an “excellent job.”
Meir is the main shopping street in Antwerp’s historic center, and is mostly pedestrianized. It is one of Belgium’s biggest shopping areas.
It comes just one day after an assailant plowed his car into pedestrians near the British Parliament, as part of an attack in which a policeman was also stabbed to death.
UK police believe the incident was “Islamist related.” Prime Minister Theresa May confirmed that the attacker was born in Britain and had previously been investigated for suspected extremism by MI5.
It also comes just one day after the first anniversary of the Brussels bombings, which led to the deaths of 32 people at Brussels airport and Maalbeek metro station. More than 300 others were injured.
Belgium has been on high alert since the March 2016 attacks.
Five people employed by members of the House of Representatives remain under criminal investigation for unauthorized access to Congressional computers. Former DNC chair Debbie Wasserman Schultz employed at least one of those under investigation.
The criminal investigation into the five, which includes three brothers and a wife of one of the men, started late last year, as reported by Politico in February. The group is being investigated by US Capitol Police over allegations that they removed equipment from over 20 members’ offices, as well as having run a procurement scheme to buy equipment and then overcharge the House.
House Speaker Paul Ryan said last week Capitol Police are receiving additional help for the investigation. “I won’t speak to the nature of their investigation, but they’re getting the kind of technical assistance they need to do that, this is under an active criminal investigation, their capabilities are pretty strong but they’re also able to go and get the kind of help they need from other sources,” Ryan said.
The brothers, Abid, Jamal and Imran Awan, worked as shared employees for various members of the House, covering committees relating to intelligence, terrorism and cybersecurity, which included the House Committee on Foreign Affairs, the Committee on Homeland Security and the Subcommittee on Tactical Air and Land Forces of the Armed Services Committee.
Imran’s wife, Hina Alvi, and Rao Abbas, both of whom worked as House IT employees, are also under investigation.
DEBBIE WASSERMAN SCHULTZ
The group were banned from accessing the computers as a result of the investigation but, as of earlier this month, Imran Awan remains as an “technology adviser” to former Democratic National Committee chair, Debbie Wasserman Schultz, who was forced to resign in July following revelations that she worked to further Hillary Clinton’s chances of winning the Democratic primary at the expense of Vermont Senator Bernie Sanders.
News of the brothers’ investigation has sparked speculation that it may be tied to the hack of the DNC servers, the contents of which were first released by Guccifer 2.0 and later published on WikiLeaks.
Russian actors have been accused of being behind the hack, which Democrats claim contributed to Clinton’s loss to Donald Trump. There have also been reports that the DNC hack came from an insider.
An email between DNC staffers in April 2016, which was released by WikiLeaks, references a staff member named Imran and how this person has access to the passwords for Wasserman Schultz’s iPad.
Garret Bonosky, deputy director of office of the DNC chair, tells Amy Kroll: “I have to get [this iPad] thing figured out. Need to make sure I have her username and password before I delete and reload the app.”
“I do not have access to her ipad password, but Imran does,” Kroll replies, later writing: “Just spoke to Imran, call me whenever GB and I’ll update you, don’t delete anything yet.”
Another email from the DNC hack, dated December 2016, references Imran once again. Wasserman Schultz’s assistant Rosalyn Kumar tells scheduler Anna Stolitzka: “[Nancy] Pelosi is doing [a] closed door meeting. No staff or anyone allowed. Kaitlyn come to Rayburn room and get her iPad for Imran.”
The brothers were paid high salaries for their work with various House members, above the median salary for Congressional staffers.
Imran, who started working for Wasserman Schultz in 2005, received $164,600 in 2016, with close to $20,000 of that coming from Wasserman Schultz.
The Daily Caller reports that Imran received $1.2 million in salary since 2010, while Abid and Alvi received over $1 million each.
House Democrats supporting the employees have suggested that the Pakistani nationality of the suspects may have inspired the investigation.
A first-of-its-kind list from the Department of Homeland Security shows 206 detention requests that local police departments refused to honor. The tabulation containing complaints against state and local governments is set to be updated weekly.
On Monday, DHS released its first-ever list of police departments that do not comply with Immigration and Customs Enforcement (ICE) requests to further detain suspects to be processed for possible deportation.
The 206 figure is vague, offering no details about what time it covers.
The premier installment of what’s anticipated to be a weekly report contains unclear parameters, such as the time period it covers or the reasons chosen by the local departments for not releasing suspects into ICE custody. The cases were identified by the administration between January 28 until February 3, according to Fox News. However, the actual detention requests could have come from any time since 2014.
The crimes covered range from unspecified traffic violations to murder charges. Some individuals were only indicated as having been charged with a crime, while others were convicted. The lack of distinction also leaves open the question of whether the individuals may have been found not guilty or had their charges dropped.
Acting ICE Director Thomas Homan defended the list, saying in a statement: “When law enforcement agencies fail to honor immigration detainers and release serious criminal offenders, it undermines ICE’s ability to protect the public safety and carry out its mission.”
The geographic focus of the list, with over two-thirds of the examples, was Travis County, home of the left-leaning Texas city of Austin. Sheriff Sally Hernandez won her position last year on a platform of not handing individuals facing minor crimes over to ICE.
Police departments in the Los Angeles area have defended similar policies by explaining that they require the cooperation and trust of undocumented immigrants, something that would likely be compromised with following policies that resulted in deportation for lesser offenses.