So, I am going to temper this a little bit since, from what we have seen so far on WikiLeaks from the CIA breach, we know that this is only approximately one percent of the content that they have available to publish. I have to assume that they didn’t push out the juiciest, most incredible stuff on the first round. However, if the rest of the content is going to be 99 more issues of the same, then color me both disappointed and completely accurate in my previous characterizations and assessments of the US governments hacking and cyber security capabilities. They are lackluster, underfunded, understaffed and woefully behind many of their main rivals on the global stage.
American agencies started their cyber exploits game way to late compared to the maturity and extent of the programs being run by China, Russia, Isreal and many other players. These leaks are likely to only continue to back my point of view. There is very little on offer in the initial release that shows any level of creativity beyond some of the ridiculous names given to the tools that were being considered or developed. Most of the content is ripped off code from easily accessible dark web sources and would barely qualify as putting America’s cyber warfare capabilities above that of high-school level script kiddies.
Things like taking control of built-in camera and microphone functions on devices is standard fare for the hacking underworld and the real deal is rarely limited to specific makes, models and years of the devices being hijacked. So, let’s say that I am disappointed because I was really hoping for more. I really wanted to be wrong in my assessment of their capabilities, but the proof is not just in the leaks but in the real world activities going on globally.
I am not going to go into great details here, but suffice to say that I built out a cloud-based network of sensors and specialty monitoring tools that are tuned to hacking activities and sourcing the signatures of both simple and complex attacks that are progressing across the internet every day. None of the infrastructure, reporting or details is or can be directly attributed to me or my online personas. Everything is connected and registered in alternate venues, accessed and configured from public devices or devices that have never seen any of my own personal networks or personal online presence. There has never been an overlap between my sensor nets and honeypots and my personal or work devices and accounts.
I am mostly interested in logging the longer sophisticated attacks that are persisting across the internet like those against yahoo and exploits against cloud computing and security holes that are both public and somewhat secret. There are many and myriad attempts that are going on, however very few sophisticated attacks emanate from any known US government entities.
With that said… let’s wait and see if anything really interesting does come from these leaks in the future release