A year ago, a hacking group called the Shadow Brokers claimed it had a treasure trove of NSA hacking tools that they would sell to the highest bidder. They asked for $7 million in Bitcoin, but didn't get any bids. They've now released the catalog of documents, which means it's a very busy day for security researchers. While these documents are old, they're still very interesting.
Mike is worried about the Turkish Crime Family's iCloud hack. If he changes his password, couldn't they just hack it again to get them? Leo says that Apple has said it hasn't been hacked, and even if it had been, the hackers would have to "rehack" the system to get them. If Mike has turned on two factor authentication, they can't use his password anyway.
It's annoying to use two-factor, but it's the best last line of defense to prevent his account from being compromised. Also, he can use his TouchID on a new MacBook Pro and his iOS devices to insure verification.
Most of the exploits and listening techniques reported by the information from Wikileaks Vault 7 indicate that the CIA can use to eavesdrop are mostly targeted tools, and not the blanket surveillance hacks that were originally reported.
Wikileaks has announced Vault 7, a massive collection of documents that show how the CIA uses malware and other hacking techniques to spy online. Some of the techniques includes using smartTVs as a spying device since they use cameras and microphones built into the TVs. Samsung warned of this in their terms of service for their TVs last year. But Leo says that the CIA doesn't really have a switch to turn on all TVs, and if they did, the data they'd receive would be so massive and 99.9% of it would be useless. It could be used for targeted eavesdropping, though.
Ryan wants to know how would he know if his computer had been hacked. Leo says that he can always scan his computer with antivirus software and with Microsoft's Malicious Software Removal Tool. In many cases, hackers are getting around that by moving their malware into routers and other "internet of things" devices. This is why updating the router's firmware is vital.
Pwn2Own is an annual competition held at CanSacWest in Canada. Prizes are awarded to the hackers who can most quickly hack various operating systems and programs. This year a million dollars in prizes will be awarded, meaning it attracts the best hackers in the world. The money awarded is directly related to the difficulty in hacking the target. The most money goes to anyone who can hack an Apache web server.
The Russian hacking story is now all over the news, especially after the joint agency report about the hacking. Many security experts aren't basing their assessment on that report, and it was most likely misdirection for public consumption having nothing to do with the actual information. In the report, they listed about a hundred IP addresses that they believe were used by Russian government hackers. The problem with those IP addresses is that a lot of them are TOR exit nodes, which could have been used by anyone.
Leo says that the alleged hacking by the Russians in our election was a "bush league" spear phishing attack that allowed hackers to gain access to emails from the Democrat National Committee. Leo says we need to know more about it. It seems to Leo that this attack was more like North Korea hacking Sony.
In this election season, Leo says that touch screen voting machines are simply a bad idea. Technology can be a great thing, but not everything needs to be high tech. Voting machines need to be highly secure, must be constantly calibrated, and are ripe for hacking. Just because we can do it, doesn't mean we should, and voting machines are a great example of that. By keeping paper ballots, there's also a paper trail, so it's harder for someone to falsify them.
President Obama has ordered the CIA to develop a "proportional response" to the reported Russian hacking of the DNC which exposed emails about the Clinton campaign. But Leo says what could the CIA expose by hacking the Kremlin? Putin posts bare chested pictures of himself on Instagram? The man is embarrassed by nothing! And could such a response cause an escalation? Leo says that our utility infrastructure is vulnerable to hacking and such a cyber war could devolve into crippling our electrical grid ... or worse.