Category Archives: Security

General Mark Milley discusses future of the “nature of the character of war”

Future of the “nature of the character of war”

General Mark Milley spoke to The National Press Club on July 27, 2017 about changes in the “nature of the character of war” that will require modifications for the future of the United States military. Beginning at 30:52 in video link.

War is a political act

“War is a political act” where your political will is imposed on your opponent through the use of violence. The “nature of war is political.” How is the political war going to be fought in the future?

Milley believes the “character of war, the way you fight a war” and the weapons used are “going through a fundamental change”.Fighting will be in more populated urban settings and technology with artificial intelligence and robotics will be making changes to warfare.

Urban warfare

Armies in the past were optimized to fight in rural areas. Gently rolling hills, sands and deserts were optimized. Jungles and mountains were sub-optimized. Fighting in urban areas was also sub-optimized. This will need to change. A century and a half of societal urbanization is only increasing with the curve going exponential. By the mid-century 80 – 90% of the projected 8 billion people will be “concentrated in highly dense urban areas”. The open country of northern Europe or deserts of the Middle East to highly dense urban areas will require “significant and fundamental” changes to the military force.

War is politics and politics is all about people. With the urbanization of the global population the future battlefields will be in urban areas, such as happened recently in Mosul. Armies will need to optimize for combat operations in urban areas. This will require changes in the size of the force, command and control, operations of movement, and the weapon systems.

Robot warfare

The US is on the leading edge of a revolution in robotics says General Milley. In the “commercial sphere’ robotics are being used more and more. Unmanned aerial (drones) and maritime vehicles are already being used by the military in a limited way. “Eventually we will see the introduction of wide scale robotics”, including on land. “All areas that move, shoot and communicate are being impacted very, very rapidly by technology at a speed and a scope unlike anything we’ve seen in history. The combinations of terrain and the combination of technology is significant” and “leading to a fundamental change in the character of warfare”.

The future of the of war is not certain. War is always dealing in the realm of uncertainty, friction, chance and human will.

Military.com – drones

Wikipedia: Battle of Mosul 2016 – 2017

General Mark Milley discusses post-WWII liberal world order

General Mark Milley discusses the “World Order”

General Mark Milley speaks about the role of the US military to maintain the post-WWII liberal global order at the National Press Club, 25:35 to 30:52 in link.

World order relies on US military power

Why does the US need a large military? That depends on what you want the military to be able to accomplish. The United States has been a global military since WWI.

The Breton Woods agreement in July 1944 after WWII established the “international order, the rules and regimes by which the world runs today”. “For seven decades the world has had a certain set of rules emphasizing things like” free trade, international commerce, democracy, human rights and the “liberal world order”. There are institutions that this “world order” rests upon like the United Nations, the World Bank, the World Trade Organization and many others. “One of the significant roles of the United States military for seven decades has been to enforce that world order, to maintain it, to maintain its stability.

Role of world police is in US national interest

This role is in “our interest because in the last half of the century there was a blood letting unlike any that had ever occurred in the history of mankind” when “between 1914 and 1945 one hundred million people were slaughtered in the conduct of war and that is a horrible, horrible nightmare.”

General Mark Miley Army Chief of Staff

By United States Army (Chief of Staff[1]) [Public domain], via Wikimedia Commons

Milley’s mother was in the Navy and his father was in the Marines during World War II. His father “hit the beach in Iwo Jima where 7,000 Marines were killed in 19 days and 34,000 wounded and 22,000 Japanese killed on an island that was 2 miles by 4 miles.”

During WWII there were “millions of Chinese killed”. Milley soberly reminds us that”If you want a real trail of tears – go to Eastern Europe and see what happened in Belarus, Ukraine, Latvia, Lithuania. It’s horrific.” One third of the men in Ukraine and Belarus were killed. In Poland 90% of Jews were killed.

Milley passionately states: “It’s a horrific picture that occurred. Those people who were in leadership positions in 1945 said never again. We can’t keep doing this… this is insane!”

This wasn’t the first time that leaders had tried to put constraints on war by agreement. Milley gives history that “the same thing in 1815 after the Napoleonic Wars” with the the “Concert of Europe and that worked well for 100 years. For one century they kept the long peace in Europe – more or less. There were a couple of minor flareups, but there wasn’t a continental wide war until 1914.”

After two horrific world wars the leaders tried “again in 1945 to set up a system that would try to retain global peace and prevent war between great powers and great power states throughout the world.” That system relies on the hegemony and power of the United States people and our military.

Milley emphasizes that the global “system is under stress, intense stress, today. That system is under stress from revolutionaries and terrorists and guerrillas. It’s under stress from nation states that don’t like the rules of the road that were written and want to revise those rules.” “That system is under very intense stress.” “We’re at seventy years now and that system has prevented great power war similar to what occurred in the first half of the last century.

How big is big enough?

“So the question is how big an army do you want? How big a navy do you want? Well, how much do you want that system? How much do you value that system? Is that system worth preserving or not?” That determines the size and scope of your armies, your navies, and air forces and Marines. Rightly or wrongly, fairly or unfairly the role of the arbiter of that system has defaulted to the United States for seven decades. There are other countries, 60 or 70, that have allied themselves with their militaries to us and they make significant contributions, but the United States has been the leader that system.”

“So the status of the army as part of the military force that works to help maintain the stability of the world. We’re a global military and we are a global army.”

“We’ve got, right now today, about 180,000 soldiers in the United States army active duty, reserve and National Guard deployed in about 140 different countries around the world helping to stabilize that system. That’s a significant amount of US forces.

Not all of them are in combat. Most of those that are in combat are in Afghanistan, Iraq, Syria and elsewhere. Around the entire globe are 180,000. That’s not a small number. That’s about 20% of the army as a whole. The active army is less than 500,000 right now. Based on the tasks that are required Milley believes there is a need for a larger army and “stronger and more capable” because of the “tasks that are required”. the concept is that policing the world is the role of the United States military. The the US global hegemony will to support global order and overall peace to prevent another catastrophic world war.

Read to learn more:

brettonwoods.org About Bretton Woods Institutions

Wikipedia: Bretton Woods Conference

What is the Liberal Order? The global world order

Wikipedia: Concert of Europe

Power and liberal order: America’s postwar world order in transition 2005

The Twilight of the Liberal World Order January 2017 – Brookings Institution

General Mark Tilley discusses global security threats

General Mark Tilley discusses the 4 plus 1 global security threats

The Chief of Staff of the U.S. Army General Mark A. Milley spoke at a National Press Club Luncheon on July 27, 2017.

4 + 1: Global security threats

Speaks about “the world in a nutshell” with the current “global strategic environment” from 13:44 to 25:42 in the above linked video.

General James Mattis, Secretary of Defense, is leading a detailed strategic review process of the US military, which may be completed “sometime in the Fall” 2017, which may alter the evaluation of the security focus.

There are many ways to classify global security threats, but currently the Department of Defense uses a mnemonic system of “4 + 1” to rank global challenges for 4 nation states (Russia, China, North Korea, Iran) and of 1 non-nation state of violent extremist terrorist organizations  that “seek to do damage to US national interest” (Al Qaeda, Taliban, ISIS, Al Nusra Front and similar groups). These challenges are how DOD decides on the size of the force and how to equip the joint force.

The “capability and will” of a threat are used to evaluate their risk.

Milley states that Russia and China are not our enemies. An “enemy” is a group or a nation state our military is actively engaged with in armed conflict.  Milley points out that “Competition is one thing, even if adversarial”. There is a “giant difference between open conflict and those activities below open conflict.” A “conflict below open conflict is a desirable goal”, especially with Russia and China due to their “size, capacity, and capability”.

Russia

Russian “military capability is significant” and “extraordinary”. Russia is the “only country on earth that represents an existential threat” “because they have the inherent capability of nuclear weapons” that could “strike and destroy” the United States. Other countries have nuclear capabilities, but only Russia has the “capability to actually destroy the United States”. Russia’s conventional military capability has been “modernized significantly” in the last 5 to 15 years.

“Will or intent” is a subjective judgment. “All we know from behavior is that Russia has acted aggressively externally to its boundaries in places like Crimea and Georgia and the Donetsk region of Ukraine and elsewhere”. They also “operate and try to undermine things like elections in European countries and other countries”, as well as cyber activity and “various non-military direct action pressures”.

General Milley asks “Why are they behaving like that?”. There are many debated reasons.

Milley states his personal military view is that “Russian leadership is a purely rational actor” operating off of “traditional cost benefit as they perceive it”. Milley believes Russian aggression can be deterred. Even though Russia does “undermine the United States interests in Europe and elsewhere” that Russia also has “areas of common interests”.  Russia as a “great power” is a country that the United States needs to “cautiously” and with “deliberate forethought work towards common objectives and prevent undermining of our interests”. This is a “delicate balance”, but the United States has done this before and can continue to do so with Russia. “That will involve assuring our allies and partners while deterring further aggression”, but can be “properly managed”.

China

China is “a significant rising power”. Since 1979 China has advanced and developed economically. China’s economic power is “one of the most significant, if not the most significant” “shifts in global economic power in the last 5 centuries” since the “rise of the West and the industrial revolution”.

The “Chinese economic growth over the last 40 years is really, really significant” says Milley. “Historically when economic power shifts so significantly then military power typically follows.” Milley believes this is happening with the significant increase in size and strength of Chinese military capabilities.

Milley asks “What is their will and intent? What is their purpose? What are they trying to do?” He points out that the Chinese have been fairly transparent” in laying out their “China dream. China wants to reestablish their historic 5,000 year role to be the “most significant power in Asia”, as well as become a global “co-equal with the United States” by mid-century. They would “like to do this peacefully” with a “win-win strategy”, but are also building up a military force if necessary to pursue their goals.

China is “an extremely rational actor”. Milley believes, as with Russia, that “proper leadership and engagement and deterrence and assurance measures that we can work our way into the future without significant armed conflict.”

Iran

The country’s desire for a nuclear weapon has “sort of been put on pause.” “We hope for good, but are watching that very closely.”

What is Iran’s intent? Milley notes that we know with “certainty that Iran consciously and with malfeasance of forethought tries to undermine US national security interests in the Middle East.” They do this with many direct means of supporting terrorism. The US is “always in a posture relative to Iran to support our friends and allies in the region and to be very, very wary of Iran”.

North Korea

Milley thinks North Korea is the “single greatest threat to the international community and facing the United States” as a “near term, very significant threat”. North Korea has “advanced significantly and quicker than many had expected with an intercontinental ballistic missile technology that could possibly strike the United States”. The US policy for many decades has been the “objective that North Korea would not possess nuclear weapons” and “certainly” not have the ability to have nuclear weapons that can strike the United States.

“North Korea is extremely dangerous and gets more dangerous as the weeks go by.” Milley points out that most of the information is classified, so couldn’t give many details. The US is trying a “wide variety of methods in the diplomatic and economic sphere” to bring a peaceful resolution, but “time is running out a bit”.

Terrorist organizations

There are situations in Afghanistan, Iraq, Syria, Yemen, Libya and west Africa with each having “different factors and analysis with every country being slightly different, so you can’t group all of them into one.”  Milley thinks we are in a “very long struggle against violent extremist organizations, terrorist organizations”.

These groups have a radically different view of the world than we do and their intent is to “consciously kill Americans and undermine American interests”. They also want to “kill other locals, friends and partners not only in the Middle East”, but elsewhere. The military works “by, through and with our partners in the region and increase their capabilities and try to reduce terrorist threats to where local police forces and local intelligent forces can manage at a local level”.

Milley believes “We will destroy the organization entity called ISIS.” with the Caliphate and “traditional organizational structures” in the “not too distant future”. The followers will likely disperse morphing into different radical groups. Milley notes that the “very radical ideology” of these groups “ultimately will have to be destroyed mostly by the people’s of the region.”

Julian Assange transcript – Press Conference CIA Dark Matter Vault 7 Part 2

Julian Assange Press Conference March 23, 2017

Transcript from the Live Streamed Audio Press Conference: Second tranche of DarkMatter released

Julian Assange in Ecuadorian Embassy in London UK with kitten, Embassy Cat, no his left shoulder. Silver tabby with white paws.

Julian Assange and Embassy Cat / Twitter His children gave him a kitten (now a cat) to help him be less lonely, who is Embassy Cat.

DarkMatter

Speaker: Julian Assange from Ecuadorian Embassy in London, UK over Periscope

Note: The original livestream on Periscope was very jerky with long pauses and skips. Conspiracy theorists puzzled whether the feed was being interfered with by those against the release of this information.  —  The Youtube link at the bottom of this page has a good audio. The transcript is my best efforts for a large section of the audio (first 25 minutes) that covers the release.

“Audio check 1 2 1 2. Audio check 1 2 1 2. Reports on some people saying there are audio problems….”

Welcome to the Wikileaks Press conference on CIA Vault 7 DarkMatter and associated issues, which we will get to in the questions.

Today March 23rd, 2017 Wikileaks releases CIA Vault 7 Dark Matter which contains documentations for several CIA projects including of that name that infect Apple Macintosh computer firmware, meaning the infection persists even if the operating system is reinstalled. Developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by the Central Intelligence Agency to gain “persistence” on Apple Macintosh devices including Macs and some iPhones, and demonstrate the use of EFI / UEFI and firmware malware.

What does that mean? That means this is a malware technique developed by the CIA to insert its malware and viruses into people’s computer systems – MacIntosh computer systems – which doesn’t store itself on the regular hard drive that people use so that even if you throw away your hard drive and reinstall your operating system the malware persists.

In fact, the development notes that the more recent versions of this malware show that the CIA believes that the malware will even persist across “sonic screwdriver” infector is stored on modified firmware of an Apple Thunderbolt to ethernet connector. That is a device made by Apple to produce  – it is like a USB dongle – a dangerous dongle in this case – to connect to the ethernet. The CIA has modified that to use it to take over the computer system at boot time before the Mac firmware password is demanded.

DarkSeaSkies

Another CIA project that we have published today DarkSeaSkies is according to the CIA “an implant that persists in the EFI firmware of an Apple MacBook Air computer and consists of DarkMatter, SeaPea, and NightSkies. These are respectively EFI, kernel-space, and user-space implants.”

What does that mean? That means that you shouldn’t think of CIA malware as simply one program that is one little virus that connects to a system and does one job. In fact there is effectively a malware ecology that is being developed by the Central Intelligence Agency over the last decade with many different interacting components to persist to more embed itself into a Macintosh device so that it couldn’t be cleaned out and so that it could hide from antivirus products. Even if you did have an antivirus product that detected it that you might suspect that there is a problem and reinstall the operating system, but by using this EFI method the CIA is able to keep Triton embedded into Apple Macintoshes across upgrades.

While the Dark State manual released today is from 2013, other Wikileaks Vault 7 documents – which we have linked to in our press release – show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of Dark State 2.0 which includes advancements on some of these methods. The efforts there are documented in one of the CIA Wiki development pages which we released last Tuesday but which has not been remarked upon.

NightSkies

Also included in this release is the manual for the CIA’s NightSkies  which is a “beacon / loader / implant tool for the Apple iPhone”. What’s a beacon? It’s a system used by intelligence agencies starting back in the 1950s where you would put a bug say in someone’s car and it would give off radio signals and through that you could track it. Well modern beacons infest things like iPhones, and they report back over the internet where the iPhone is and other stats on the iPhone back to the CIA saying “here I am, here I am, I’m awaiting instructions, give me more instructions”. Noteworthy is that Night Skies had reached version 1.2 by 2008, so that means it had been in the process of development for some time by 2008, but it is expressly designed to be physically installed onto factory fresh iPhones. Not an iPhone that has been stolen from you by a CIA asset and then implanted with this material, but in an iPhone before you even get it. Reading these documents other interdiction methods which is say, for example, if the CIA has an asset maybe who will give one of these phones to its asset. Or give to the asset to give to someone else.

OK, so that’s the new release for today. I want to put it into some political context. I find this very important. There’s a lot of good technical publications like Wired, Motherboard, and so on and these technical publications concentrate on the technology, and they are all a bit in love with the technology, and these publications are in fact very easy to – unfortunately – politically fool through the use of euphemistic code words which [glitch] perceived to be funny. For example there were several Japanese smilies in the publications we produced on Tuesday.  But because they are  technical publications they specialize in technical aspects not looking at how those technical aspects connect to the institutional, political and geopolitical components that of course involve any large organization like the Central Intelligence Agency which has to fight for budget and depends on particular alliances within the state and out-of-state and between states to do its work.

CIA – What are they doing?

So let’s pull back.  Yes, the Central Intelligence Agency has produced methods of infecting Apple MacIntoshes, which are used all around the world, and iPhones, and it has a very considerable effort to do that through its Embedded Development Branch but also other branches and there’s a lot more material on that to come. What we have released today on Dark Matter is a small example. But the Central Intelligence Agency is the largest intelligence agency in the world. Now, it’s an organization with tens of thousands of people. There’s many good people in there. There are internal divisions about some of their unethical practices that have been conducted and every country that wants to be independent and determine its own [glitch] CIA should be broken into a thousand pieces and splintered to the wind because it had gotten so out of control. This lack of control comes about in a very obvious manner. You have a secretive agency and secrecy, of course, breeds corruption normally, but you have an agency which trains its people to lie and to engage in cover ups and clandestine activities. So already you have an agency whose staff receive values and expertise that make them very hard to manage and very hard for there to be internal accountability.

And then, because the CIA crept from being an agency which reports on what is going on in the world, potentially a positive thing to understand the world and produce comprehensible reports about what is occurring, to an agency which reports on the world and then commits actions [glitch] to overthrow governments, to influence elections. The Cornell University report from last year says that the Central Intelligence Agency and associated agencies in the United States since 1949 have interfered in more than 81 elections around the world – not including coups. It then became an agency which reported on its own activities in the world and it recommended what activities to conduct. So this means, that the [glitch] CIA is more known because it is more directly involved in political action, but the National Security Agency was doing vastly more electronic spying and as a result it had a larger budget and it could fight for its place at the budgetary table.

Since 9/11 the Central Intelligence Agency has overtaken the National Security Agency as the budgetary dominant agency in the United States. Its budget is now about 1.5 times that of the National Security Agency, so the position has been reversed. As a result of that tax largesse, the Central Intelligence Agency has increased its institutionalized ambitions to the point where it is rivaling the Air Force now by commanding its own world-wide drone fleet. It is in some ways rivaling the FBI – not so much internally in the United States where it does provide support to internal operations, but by being an armed force outside the United States conducting interrogations, renditions, torture at least for a period. Applications iPhone last September – That information has come out. You can find it if you search for it hard on the “dark side”.

It’s a very interesting question whose done that – I speculate probably Ukrainian intelligence agency, but it is not entirely clear who has done it. But it does show just how invasive it is because people now put nearly all their lives – not all of their lives – a substantial fraction of their life to the most intimate communications with others where they are, their thoughts as they search for things into one device – their smart phone. If a person’s smart phone is hacked – not only can they be hacked – but once they are hacked because of the unification of chat, systems communications, etc. of video into one smart phone the large extent of one’s life is exposed.

Informing affected companies

Okay let’s move to questions.  Thomas Fox Brewster, security reporter from Fox News, says “You made demands of tech firms before handing over CIA exploits. What were those demands and has the info been handed over?

Well, I think “demands” is a bit of a strange word to use. This is a serious business.  These exploits that have been produced by the CIA can affect millions and millions of people. So it has to be done cautiously, and there have to be security channels involved, and there has to be agreements that the vendors will in fact be responsive and will produce security fixes. WikiLeaks has no obligation. We are a publisher. We specialize in investigating and publishing and fighting to secure our sources and for the right of journalists and others to freely express themselves. We have security people who work for us. It is my view that the security teams are actually very responsive in doing a good job at the major organizations.  In some, there has been a holdup at the legal end and possibly the political end.

Time line

I’ll just go through a chronology:

On March the 12th we contacted Mozilla, Google, Apple and Microsoft.

Cisco was also very proactive and one of their lead security engineers contacted us proactively. Some of you will have noticed that they put out an advisory the day before yesterday on one of the CIA exploits which affects more than 300 types of CISCO routers.  That has permitted CISCO to alert its users so they can disable that service, telnet, which has the hole which the CIA or anyone else can use to, in theory, exploit to get into these systems. We didn’t publish the exploit itself, but a description of it. That description was enough for CISCO to work out what it was.

The same day March 12, Mozilla replied agreeing to our terms. What were the terms? Nothing surprising there. Industry standard 90 day response plan.

So within the computer industry there has been a debate over the years about what happens when someone finds a zero day security weakness in a computer system that we use to underpin modern life, many people use. Should we just give it to the manufacturer and say nothing and wait? Or should you just publish it straight away, so that everyone is aware of the problem and can take steps to deal with it? Well, the problem is … if you publish it straight away to everyone – and there is actually lot to be said for that – the problem is that all the good guys get it at the same time as all the bad guys get it. And therefore you have a race condition between the good guys and the bad guys. So now large organizations have dedicated computer security teams and they can respond quickly and effectively to such notifications about vulnerabilities and they do it all the time. But smaller organizations don’t, so they can be ignorant or they just aren’t aware or they don’t know what to do. They have to wait for some fix from the manufacturer. Okay, well, what about if you just give it to the manufacturer. You give notification of the vulnerability that you found. What happens then? And you just wait for a fix. What if they don’t fix it? That has been the long experience of people, security consultants, who have found these things. They just don’t fix it. Why? Because of the operation to do it costs money, its embarrassing, etc. So over time the industry has evolved to [glitch] and we are responsive.

March 13 Google acknowledged receipt of our initial approach, but didn’t address the terms. We didn’t demand money from these organizations, etc.  All that is in our terms is the standard industry terms. You have 90 days. We need a secure point of contact, encryption keys to make sure that when we communicate this information to you other people can’t get at it. This is a high security very delicate business. It’s not something that involves just throwing out emails to random parties within an organization.

March 15 Mikrotik contacted us. Mikrotik makes a controller that is widely used in Voice over IP systems, which the CIA targets.

March 17 Mozilla provided first feedback to us and asked for more files.

March 18 We told Mozilla that we were looking for them.

March 20 Was the first contact from Microsoft. Not agreeing to the standard terms, but pointing to their standard procedures and a PGP email. Same day Google replies pointing to their standard procedures and a PGP email. It’s a bit coincidental that an 8 day delay and on both Google and Microsoft.

That both holdups have been at the legal and perhaps political level. Why is that? Well, my belief is that – and has been argued by others – is that Microsoft, Apple, Google etc. have a number of contracts with the US government. In fact, Google has declared to be a part of a member of the defense industrial base. I’ve written about that in a book about Google. You can search for “Google, it’s not what it seems” (extract of book) for that essay.

And the kind of computer security people who you need to understand this are frequently involved in a revolving door with military and intelligence contractors. So they often have security clearances and a bizarre and frankly counter productive standard has arisen in the United States which makes it hard for security workers and some people in security agencies to look at and share published information where there is a claim that the information derives from classified US government documents. It’s been enormously counter productive and we’ve seen it in several of our publications and it is used also for political reasons to tell intelligence agency workers and contractors involved in the US intelligence community that they’re not allowed to read WikiLeaks. They are not allowed to read “The New York Times” when it publishes information about abuses that are occurring in intelligence agencies derived from our material or independently sourced.

So it’s a dual purpose. It’s used to prevent people in the US intelligence community from having intellectual exposure to arguments about why their organizations doing poorly. And at the same time security flaws in their products that can be pervasive and affect everyone. They have systems to turn those around very quickly – sometimes a matter of days. Other times they get lazy or distracted or the security flaw affects a system that is involved in many other systems and therefore requires extensive testing before the patch is sent out because you could have a security flaw in your security flaw. That has happened in the past. You can have a security flaw in your fix to the security flaw and that has happened and so those can take a few weeks, but we are giving them 90 days which tends to be on the upper end of the disclosure time line. Of course, in a particular case if a manufacturer writes to us and says for this particular flaw, this particular vulnerability, the CIA is exploiting is extremely difficult to fix in practice – extremely difficult to create a patch for – and they need more time to test it and roll it out, etc. then that is a dialogue we can have.

Lame question

Jeff Pegues from CBS News – Why did you release the documents on Tuesday? Could you comment on the timing?

That’s clearly referring to Vault 7 Part 1, our first release of the CIA documents which you can find at http://www.wikileaks.org/ciav7p1

Well, I mean, this question unfortunately is like many questions that I feel are politicized. Instead of looking into what information has been released, which is extensive. More than 8,000 documents, in this case from the Central Intelligence Agency. And what that implies and who it might affect and what people can do about it to re-mediate it and what does it say about where these kind of intelligence exploits are going. It tries to erect, what seems to me, to be a conspiracy theory about the timing to distract from the content. I think that is unfortunate. In the initial press release we document exactly why we released [glitch] the largest intelligence publication in history.

Are you secure?

So how these things go is you do a survey of the material you have and then you concentrate on more in-depth surveys of particular parts. You try to understand who in the world has the best expertise for understanding that can they be trusted to keep the material confidential during the research phase. Do they have the necessary opsec, the necessary operational security. Essentially can they secure themselves while they do this research. That’s a really hard problem because look at what we are publishing. It is about not only the Central Intelligence Agency, but that precise section (at least at the moment) of the CIA which is involved in hacking people. So how are journalists going to securely receive information from us? How are they going to securely work on it? How are they going to securely coordinate? While we have answers to those questions for people that we are very used to working with – we build up a way – encrypted contacts and so on – it is quite hard for many journalists to understand how to research a topic like this and keep themselves secure.

Globalists want to take down WikiLeaks

So to summarize there is probably a year of publications, I would say [glitch] it’s included informants, it’s included flying FBI agents and prosecutors into Iceland, it’s included transnational payoffs to informants, it’s included getting people to wear wires, it’s a really outrageous investigation that most of it was conducted under the administration of Barack Obama… sadly. Now over time there has been some embarrassment about that continued investigation by the DOJ. It is why I have political asylum from Ecuador. The United Nations twice in the last twelve months has said that my ongoing detention is illegal under international law, the binding international law, that the UK is part of and Sweden, but formally it continues on. And there was a statement recently that that grand jury process has now been expanded to include this recent publication of Vault 7 material. It’s not clear whether that is concentrating on the alleged sources for the material or whether it is also going to look at the publisher and journalists involved.

(Julian Assange continues discussing his detention and situation, but I did not transcribe that portion.)

Questions at #AskWL (only 2 questions selected)

Following Youtube link has good audio of the complete press conference.

https://www.youtube.com/watch?v=UJdioGzBiY0

Summary information from Wikileaks Press Release March 23, 2017

DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter“, “SeaPea” and “NightSkies“, respectively EFI, kernel-space and user-space implants.

Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStarke” are also included in this release.

Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone.

Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Wikipedia: Malware

Wikipedia: Firmware

What is EFI?

Wikipedia: EFI / UEFI explained – Unified_Extensible_Firmware_Interface

Stackoverflow explains “What is the difference between the kernel-space and the user-space?”

Wikipedia: Julian Assange

Wikipedia: Central Intelligence Agency (CIA)

Wikipedia: History of CIA

History of the CIA (from the CIA’s view)

Slate magazine: History of CIA torture

Mapped: The 7 Governments the U.S. Has Overthrown

Salon.com: 35 countries where the U.S. has supported fascists, drug lords and terrorists

Wikipedia: CIA activities by country


Want to work for the Central Intelligence Agency on future exploits?

Careers at CIA: – Cyber Exploitation Officer (Washington DC Metropolitan Area)

Cyber Exploitation Officers use a holistic understanding of digital capabilities to evaluate and exploit digital and all source intelligence information to identify key adversaries and assess how they operate and interact. Cyber Exploitation Officers use strong critical thinking skills and a variety of digital analytic and/or forensics tools and methods to extract valuable information from digital data and create a range of products that explain their findings to inform operations, drive collection, and support customers.

Cyber Exploitation Officers triage, review, and identify items of intelligence and operational interest from technical collections and other datasets. They leverage advanced methods to exploit data sets, and create and refine capabilities to exploit large data sets quickly and accurately. They identify and prioritize intelligence gaps, determine the appropriate collection actions needed, and drive the collection process.

ALL POSITIONS REQUIRE RELOCATION TO THE WASHINGTON DC METROPOLITAN AREA.

All applicants must successfully complete a thorough medical and psychological exam, a polygraph interview and an extensive background investigation. US citizenship is required.

To be considered suitable for Agency employment, applicants must generally not have used illegal drugs within the last twelve months. The issue of illegal drug use prior to twelve months ago is carefully evaluated during the medical and security processing.

Minimum Qualifications:

  • Bachelor’s degree, preferably in Computer Science, Digital/Computer/Network Forensics, Computer Engineering, Applied Mathematics, Information Security, Information Assurance, Telecommunications, Data Analysis/Analytics or equivalent studies
  • GPA of at least 3.0 on a 4.0 scale

Desired Qualifications:

  • Foreign language skills

Important Notice: Friends, family, individuals, or organizations may be interested to learn that you are an applicant for or an employee of the CIA. Their interest, however, may not be benign or in your best interest. You cannot control whom they would tell. We therefore ask you to exercise discretion and good judgment in disclosing your interest in a position with the Agency. You will receive further guidance on this topic as you proceed through your CIA employment processing.