Why the WikiLeaks CIA dump was the most damaging one yet
Stop the presses! The sky is falling! I’m getting tired of correcting people regarding the latest WikiLeaks dumps regarding IoT (Internet of Things):
I really doubt the credibility of the latest WikiLeaks dumps Let’s start with the obvious, a Cover Sheet marked “Secret” with paragraphs therein marked “Top Secret”. Really? Then, upon review of thie TS stuff, it is nothing but very old news, nothing that the date of the documents suggest would require any classification at all. I like the plug therein for Schneiers’ book. If you’re writing stuff for crypto programmers, wouldn’t you think those guys would’ve already read his books? Oh, I like that bit on ARMv5 or ARMv7 processors; better make sure the target’s TV has an ARMv7 processor. Get real. Are there any ARMv7 processors out there any more? More to the point, why would a spook go through all that trouble when there is so much more productive “low-hanging fruit” to go after? Proof of concept, perhaps?
No, the latest crap from WikiLeaks is just that: crap. There is nothing in there to suggest that this was written by any Intelligence Service, foreign or domestic. As I also posted, a CIA mail clerk, after 31 shots of Tequila, would’ve written a better disinformation campaign. My analysis, as posted on other security forums, was that this was likely written by some stupid teenager showing off their “skillz”.
WikiLeaks is contaminated by disinformation from all kinds of entities. While I’m sure they get some real information, most of what I’ve seen from them these days is garbage. Now to that end, is there something to be learned from this IoT dump? Yes.
1. It is unlikely that there will be any new laws passed regarding InfoSec intrusions into people’s personal lives. Burglary, for instance, is a crime. That doesn’t stop it from happening.
2. People should not “accept” intrusions into their lives, but should “expect” intrusion into their lives. IoT equipment manufactures should “expect” that their devices will be attacked and exploited.
3. People should act accordingly, be it with a gun, a firewall, or nothing at all.