Hello, welcome to the Wednesday, March 8th, 2017 edition of the Sands and the Storm Center's

Stormcast. My name is Johannes Orich, and I am recording from Jacksonville, Florida.

Wikileaks today released a substantial collection of documents that apparently were stolen from

the CIA. The documents are in line with what should be expected

from a sophisticated offensive cyber operation. A number of interesting details emerged.

For example, a large part of the leaked data deals with mobile devices, in particular

exploits for various versions

of iOS are discussed many of the files also deal with persistence on OS 10 systems for

example by injecting code into the EFI firmware that you typically find on modern Apple computers. Exploids for Samsung TVs

also caught the attention of many commenting on the files from a defensive point of view.

The data dump includes some operating procedures on how to develop and deploy these tools

while evading detection.

So these guides provide some insight into how more sophisticated attackers deploy tools

and they make you some hints in how to detect them and what to look for.

The documents also outline how to make it more difficult to attribute tools to this particular

group.

This leak yet again demonstrates the risk of cyber warfare in that weapons once leaked can be used

by anybody, but it should be noted that at this point

at least, the documents, they include code snippets and such, but the actual exploit tools

are not included yet.

And as part of the press release, WikileLeaks stated that they may release them at a later point.

They're still sort of vetting those tools and looking for ways to actually publish them

...