Mar 242017
 
WikiLeaks Vault 7 shows that the CIA has developed a huge range of attacks against iPhones since at least 2008.

Wikileaks: CIA Hacks Dubbed Dark Matter Reveal How Apple Products Are Infected

Yesterday, Wikileaks released another series from their ‘Vault 7’ CIA hacks called ‘Dark Matter’ where they reveal how Apple products are infected.

According to Wikileaks, ‘Dark Matter’ contains documentation for several CIA projects that infect Apple MAC computer firmware developed by the CIA’s Embedded Development Branch (EDB). Interestingly… the infection persists even if the operating system is re-installed.

From Wikileaks:

Dark Matter

23 March, 2017

Today, March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

“DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.

Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStarke” are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

Leaked Documents

Sonic Screwdriver
DerStarke v1.4
DerStarke v1.4 RC1 – IVVRR Checklist
Triton v1.3
DarkSeaSkies v1.0 – URD

Dark Matter Dog

 
via

Mar 162017
 

Let’s say that you run a railroad. If there’s a heavy snowstorm one night, you might want to have people run snowblowers down the track in your stations before the trains start running.

Here’s a free piece of advice should you ever find yourself waiting for the first train to roll into a station after a heavy snowfall: Stand as far away from the tracks as possible, assuming you don’t want to get blasted with a massive sh*tstorm of snow.

Why this Amtrak commuter train came barreling into the station so fast after a winter snowstorm is unknown, but it seems like an especially unsafe thing to do with passengers waiting on the platform. Thankfully, one of those passengers was Nick Colvin who filmed the whole thing in slow motion, at least until he found himself also buried in snow.

Source…

Train Blasts Commuters With Snow