Home Invites Members Groups Events Careers Videos News Photos Blogs Polls Singles Forums Chat
Home > Blogs > Post Content

CIA 'hoarded' vulnerabilities ("zero days") (40 hits)

In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis rather than hoard serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers.

Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others.

The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities. The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.

"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.

As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable.

https://wikileaks.org/ciav7p1/
Posted By: Steve Williams
Thursday, March 9th 2017 at 9:25AM
You can also click here to view all posts by this author...

Report obscenity | post comment
Share |
Please Login To Post Comments...
Email:
Password:

 
Do you hear anyone talking about the CIA withholding data on security vulnerabilities that make America's citizens less secure? Where is Rachel when you need her???
Friday, March 10th 2017 at 9:44AM
Steve Williams
More From This Author
Let the Democrats own it.
Tarantula Web
Cruise to Nutsville
Roll the Tape
Civil Discourse
Key Judgements
Enemy of the American People
DOW hits 21000!
Forward This Blog Entry!
Blogs Home

(Advertise Here)
Who's Online
>> more | invite 
Black America Resources
100 Black Men of America
www.100blackmen.org

Black America's Political Action Committee (BAMPAC)
www.bampac.org

Black America Study
www.blackamericastudy.com

Black America Web
www.blackamericaweb.com

CNN Black In America Special
www.cnn.com/blackinamerica

NUL State of Black America Report
www.nul.org

Most Popular Bloggers
deacon ron gray has logged 394697 blog subscribers!
miisrael bride has logged 85962 blog subscribers!
agnes levine has logged 85201 blog subscribers!
elynor moss has logged 62666 blog subscribers!
siebra muhammad has logged 32550 blog subscribers!
>> more | add 
Latest Jobs
MGR - MEDICAL SOCIAL WORK with Premier Health in Dayton, OH.
ENVIRONMENTAL TECH with Premier Health in Dayton, OH.
ENVIRONMENTAL TECH with Premier Health in Dayton, OH.
STAFF ACCOUNTS PAYABLE ASSOC with Premier Health in Dayton, OH.
INSTRUMENT TECH-CERT with Premier Health in Dayton, OH.
>> more | add