Quando o assunto é vigilância, todos estão na mira da CIA
:. O que é Vault 7?
WikiLeaks escancara como a CIA é o “Big Brother” dos seus dispositivos – Hardware.com.br: William R. Plaza criou 8/mar/2017
Dentre as agências de segurança, a NSA é sempre apontada como a “enxerida”, ainda mais após as revelações de Edward Snowden, e agora a CIA é citada no mesmo estilo Snowden, através de um imenso vazamento de documentos por parte do WikiLeaks. A organização diz que esse é o maior vazamento da história da CIA. Vault 7, esse é o nome atribuído a essa série de materiais que revelam as técnicas de vigilância global feito pela CIA em conluio com outras agências, como a britânica MI5. A primeira parte desse material, chamado de Year One, foi divulgado ontem pelo WikiLeaks. São quase 9 mil páginas que detalham os programas e ferramentas da CIA utilizados para coletar informações de milhões de pessoas, através de dispositivos como smartphones e SmartTVs. O WikiLeaks afirma que esses documentos vazados registram a atividade de espionagem cibernética da CIA realizado entre 2013 e 2016. Ex-hackers que trabalharam para o governo dos EUA, teriam sido os responsáveis por repassar os documentos a organização de Julian Assangle. O WikiLeaks também alerta que o fato de ex-funcionários terem acesso a esses arquivos sem autorização é uma prova que outros poderiam conhecer sua existência e por tanto podem estar cientes dos detalhes técnicos dessas ferramentas de espionagem, o que é um risco real para a segurança e privacidade (será que isso ainda existe?) dos usuários, já que poderia ser utilizada por outros hackers mundo afora. Após as revelações de Snowden, suspeitar que a CIA utiliza técnicas de vigilância não causa um espanto tão grande assim, porém, conhecer o poder que a agência tem é no mínimo assustador. Abaixo separei alguns dos pontos principais revelados no Year One. Vamos a eles!
O que são aplicativos portáteis?
Aplicativos portáteis são programas gratuitos, a maioria de código aberto [open source], que podem ser executados em qualquer computador com Windows, sem a necessidade de instalação formal, ou com uma instalação simples que lhes permita serem diretamente executados a partir de um dispositivo portátil. Esses programas, quando devidamente preparados, não criam entradas no registro do Windows, sendo, dessa forma, muito prático fazer a sua instalação em um pen drive e ter o programa pronto para ser utilizado em qualquer micro.
:. Como os aplicativos portáteis são afetados pela vigilância da CIA?
Mitigating DLL Hijacks Revealed in Vault 7/Fine Dining With The PortableApps.com Platform – PortableApps.com: submitted by John T. Haller on March 13, 2017 – 10:57pm
Over the past few days, Wikileaks posted a series of documents purported to be from the CIA in a dump of files dubbed “Vault 7”. Within those documents are references to a project called “Fine Dining” which details how a field agent can alter their own software on a portable device to include additional functionality to enable spying and other covert activities while appearing innocuous to those who happen to see the agent using their portable software. The process is detailed well in a Q&A by Sophos software.
List of Affected Software
The list of affected software includes VLC Player Portable, Irfan View, Chrome, Opera, Firefox, ClamWin, Kaspersky TDSS Killer, McAfee Stinger, Sophos Virus Removal Tool, Thunderbird, Opera Mail, Foxit Reader, LibreOffice, Prezi, BabelPad, Notepad++, Skype, Iperius Backup, Sandisk Secure Access, U3 Software, 2048, LBreakout2, 7-Zip Portable and Portable Linux CMD Prompt. Some PortableApps.com Launchers are also affected by these techniques.
How The Vulnerability Is Exploited
In most affected apps, the app itself is vulnerable. Thunderbird, for example, is vulnerable if you add a DLL in a specific location. Opera Mail is vulnerable to having one of its built-in DLLs replaced with something else. When the field agent’s DLL is loaded by the base app, the DLL will then do whatever it is coded to do (copy files, listen in on network traffic, etc). The base app will continue working as usual while this occurs allowing the agent to play a game, check their email, or browse the web. The leaked documents detail which specific DLLs to use for each app.
How We Mitigate The Risk
Today’s PortableApps.com Platform release adds a security module to scan for the specific techniques outlined above. Every DLL addition recommended in the leaked document is specifically scanned for by the platform before a vulnerable app is launched. This includes DLLs located alongside an AppNamePortable.exe launcher whether or not it is affected as some apps will load DLLs from there as well as their own path. DLLs listed in the leak as vulnerable to replacement within an affected app are securely SHA256 hashed by the platform and compared to the known hash for that version of the app’s DLL.
PortableApps.com Platform 14.4: Fine Dining With Confidence – PortableApps.com: submitted by John T. Haller on March 13, 2017 – 10:16pm
PortableApps.com is proud to announce the PortableApps.com Platform 14.4 release. This release adds custom platform security to scan for and mitigate DLL hijacks in some vulnerable apps and launchers revealed in the “Fine Dining” leak as well as updates to two locales. As always it has a complete app store, automatic updater, easy app organization, fast app searching, proxy support, a great set of themes, portable fonts, and lots of other features to make it your favorite set of apps whether you’re running from a portable drive, a cloud drive, or run locally! If you’d like to see more features and functionality keep coming, please read a personal appeal from PortableApps.com founder John T. Haller to help! You can also buy the platform and a suite of apps on the hardware-encrypted PortableApps.com Carbide or fast and affordable PortableApps.com Companion available in our hardware store. Read on for all the details… Existing Platform users can automatically update by clicking Help – Check for Updates.
New in 14.4
This release adds custom platform security to scan for and mitigate DLL hijacks in: 2048, BabelPad, ClamWin, Foxit, Google Chrome, Kaspersky TDSSKiller, LibreOffice, McAfee Stinger, Opera, Opera Mail, Skype, Thunderbird, and various launchers. These apps have been shown to load certain DLLs unsafely in the recent “Fine Dining” section of the Vault 7 leak and the platform now scans for both DLLs which should not be included as well as DLLs which can be replaced. The platform verifies the authenticity of the latter using secure SHA256 hashing. While these techniques are not currently known to spread malware via personal removable drives or cloud drives, now that these techniques have been publicized it could occur in the future, so we have added security mitigation now.