WL releases Mac-oriented CIA 'Dark Matter' docs

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Richard Forno <rforno () infowarrior org>
> Date: March 23, 2017 at 10:48:46 AM EDT
> To: Richard Forno <rforno () infowarrior org>
> Subject: WL releases Mac-oriented CIA 'Dark Matter' docs
>
> (x-posted)
>
> Dark Matter - 23 March, 2017
>
> 23 March, 2017
>
> https://wikileaks.org/vault7/darkmatter/?cia#Dark%20Matter
>
> Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA 
> projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is 
> re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used 
> by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI 
> and firmware malware.
>
> Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism 
> for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its 
> attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic 
> Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.
>
> "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of 
> "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.
>
> Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are 
> also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents 
> show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of 
> DerStarke2.0.
>
> Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the 
> Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically 
> installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at 
> least 2008.
>
> While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many 
> CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail 
> orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170323151817:75BADD9C-0FFD-11E7-AF80-925C92AD6B8A
Powered by Listbox: http://www.listbox.com