Monday, March 27, 2017

Apple and the Central Intelligence Agency - Getting More For Your Gadget Dollar

In its latest release, as promised, WikiLeaks takes a look at how the CIA has invited itself into our personal lives through popular electronic devices, this time, looking at Apple products including the Mac line of desktop and laptop computers and the ubiquitous iPhone.  

The Vault 7 "DarkMatter" documentation looks at CIA projects that infect Apple's Mac product line at the firmware level, basically meaning that the infection persists even if the owner of the computer reloads the operating system.  The documents explain the process and techniques that members of the CIA's Embedded Development Branch use to ensure that the CIA's "fun and games malware" are persistent.

There are several CIA - Apple-related projects included in this release:

1.) Sonic Screwdriver - a mechanism used to execute code on peripheral devices while a Mac desktop or laptop computer is booting.  This allows an attacker to boot its attack software from a USB stick or DVD/CD/external hard drive.  The software allows the user to alter the boot path of the computer, bypassing the Apple Firmware Password.  Here is the key section from the Sonic Screwdriver User's Guide dated November 29, 2012:

2.) DarkSeaSkies - an implant that persists in the UEFI (Extensible Firmware Interface) of an Apple MacBook Air laptop.  This required the CIA asset or operator to have one-time physical access to the target system with the malware being installed from a bootable flash drive.  DarkSeaSkies was not persistent; it would be overwritten in the event of a firmware update.  Here is the key section from the DarkSeaSkies 1.0 User Manual dated January 26, 2009:

3.) Triton/Dark Mallet/Der Starke - persistent MacOSX malware that is installed using a USB stick as shown here:

4.) Nightskies 1.2 - a tool designed to be physically installed on factory fresh iPhones.  It then waits for user activity before it beacons.  Apparently, the CIA had been infecting the iPhone supply chain since at least 2008 with the first version being designed for the iPhone 3G OS version 2.1.  User activity is detected by monitoring directories on the phone including browser histories, the YouTube video, map files cache and mail files metadata.  Nightskies can retrieve the user's address book, SMS text messages, mail files and call logs.  The software is designed to self-upgrade.  Here is the key section from the Nightskies User Manual dated December 2008:

As you can see, the software developed by the CIA to spy on the world is extremely complex and requires physical access to the device, making one wonder how they get access to factory-fresh products.  So for all of those Apple fanatics out there (and I include myself in that group of consumers), when you purchase an Apple product, apparently you are getting way more for your gadget dollar that you might be expecting.  As shown here....

potentially, hundreds of millions of Apple consumers can thank the Central Intelligence Agency for taking away even more of what little privacy they had left in the post-9/11 world.


  1. I'M Back. Went on the run... Not really but I was blocked from this site on my end. But not anymore for whatever reason. Anyway I did mention all these things a while back. Funny how people might have said your crazy to think that now they say wow that's crazy. Anyway why do you think the NSA is building/built all of those ridiculously huge data centers full of nearly infinite storage capacity. The answer is right there you need nearly infinite storage to catalog and save all of this data that these listening devices are picking up.

    1. Glad you're unblocked. On the upside, building all of the data centres creates jobs for Americans!