Home Invites Members Groups Events Careers Videos News Photos Blogs Polls Singles Forums Chat
Home > Blogs > Post Content

CIA 'hoarded' vulnerabilities ("zero days") (221 hits)

In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis rather than hoard serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers.

Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others.

The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities. The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.

"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.

As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable.

https://wikileaks.org/ciav7p1/
Posted By: Steve Williams
Thursday, March 9th 2017 at 9:25AM
You can also click here to view all posts by this author...

Report obscenity | post comment
Share |
Please Login To Post Comments...
Email:
Password:

 
Do you hear anyone talking about the CIA withholding data on security vulnerabilities that make America's citizens less secure? Where is Rachel when you need her???
Friday, March 10th 2017 at 9:44AM
Steve Williams
More From This Author
Ruger PC Carbine
The Follower Factory
Get 50+ Free Twitter Followers Tonight
BREAKING: Panicked Adam Schiff Addresses the Press
Bambadjan Bamba
You go Mr. President
Tucker: FBI is out of control, thinks it's above the law
Earth 2
Forward This Blog Entry!
Blogs Home

(Advertise Here)
Who's Online
>> more | invite 
Black America Resources
100 Black Men of America
www.100blackmen.org

Black America's Political Action Committee (BAMPAC)
www.bampac.org

Black America Study
www.blackamericastudy.com

Black America Web
www.blackamericaweb.com

CNN Black In America Special
www.cnn.com/blackinamerica

NUL State of Black America Report
www.nul.org

Most Popular Bloggers
deacon ron gray has logged 521063 blog subscribers!
elynor moss has logged 132874 blog subscribers!
siebra muhammad has logged 89123 blog subscribers!
tanisha laverne grant has logged 41052 blog subscribers!
miisrael bride has logged 40608 blog subscribers!
>> more | add 
Latest Jobs
Pain Medicine Psychologist with UC Davis Health Division of Pain Medicine in Sacramento, CA.
Director of Alumni Engagement - Alumni & Parent Engagement with Azusa Pacific University in Azusa, CA.
Exhibitions Producer with The Shed in New York, NY.
Curatorial Assistant with The Shed in New York, NY.
Director of Human Resources with Southern Illinois University Edwardsville in Edwardsville, IL.
>> more | add