On Tuesday the 7th of march Wikileaks published a new series of leaks on the Central Intelligence Agency codenamed "Vault 7".
This series of publications is the largest-ever publication of confidential documents on the agency - in fact the collection of some 8061 documents which we published on Tuesday is already the largest publication of confidential documents on the agency.
The material comes from an isolated - that means disconnected from other computer systems, top-secret security network situated inside the CIA's Center for Cyber Intelligence .
Now that center is both in Virginia but also importantly there is a branch hidden inside the Frankfurt consulate in Germany - we'll put out some aerial shot of that and the details from our publications about how CIA officers are instructed to penetrate German customs and operate there to develop attacks and support attacks across Europe, Africa and the Middle East from the Frankfurt consulate.
Now this has already come out as a result of our earlier publications. I'll go into results and updates quickly. But the Central Intelligence Agency lost control of it's entire cyber weapons arsenal.
What do I mean by Cyber Weapons - those are weaponized viruses, trojans and malware designed to penetrate the smart phones, smart-tv's, computer systems of the world and then control them, disable them and insert information to them , extract information from them.
Now this is a historic act of devastating incompetence to have created such an arsenal and stored it all in one place and not secured it.
Wikileaks discovered the material as a result of it being passed around a number of different members of the US intelligence community out of control in an unauthorised fashion.
Just yesterday we've had a tip-off from a virus researcher who says that he believes that one of the viruses whose descriptions we had published - that infects Apple Macintosh's in particular their ufi boot system - that he was attacked by that.
So it looks like not only is that material are being spread around contractors and former American computer hackers for hire but now maybe in the black market or perhaps being used by these American hackers who sometimes you know cross both sides of the fence, "gray hats" into attacking others.
So the CIA developed a giant arsenal what appears to be the largest arsenal of trojans and viruses in the world that attacks most of the systems that journalists, people in government, politicians, CEOs and average people use didn't secure it lost control of it and then appears to have covered up that fact.
I see some press reportage and we've detected some things as well that the Central Intelligence Agency became aware within the last couple of months that it had lost that material or that we had that material and has not disclosed that to the public at least has not warned the public that a loose cyber weapons arsenal is out there.
It's a very interesting question, I think about who it has told in government and when.
Has it told, did it tell Barrack Obama ?
Did Barack Obama conceal that during the election, after the election?
Was President Donald Trump informed and if so why has the central Intelligence Agency not acted with speed to come together with Apple, Microsoft and other manufacturers to defend us all from its own weapon systems?
Now this brings into question the entire concept of cyberwarfare because it is our analysis and stated also by many other experts that it is impossible to keep effective control of cyber weapons.
So what does that mean - it means that if you build them eventually you'll lose them. They are just information, there's no barrier spreading across the world they must be used on the internet so they must be placed on the internet to be used.
They must go to computers to infect them, and therefore when that occurs they can get out of control and there's a very easy cover for any gray market operator, contractor, rogue intelligence agent to take that material and start a company with it. Start a consulting company, a hacker for hire company ..
Now we're very fortunate in this case that our sources step forward to us so we can tell you what has been going on and so the various manufacturers like Apple, Google and so on can start to develop countermeasures, some of those countermeasures have already been put in place according to the manufacturers in response to this.
1 or 2 virus companies are also saying that they have developed countermeasures, but others say that they need more information.
Wikileaks has not published any cyber weapons themselves, we've published documents describing them.
Why ? it's fairly obvious - we don't want to have journalists and people in the world and our sources being hacked using these weapons.
But the problem is that with limited information about the details of how those cyberweapons operate there is a limited ability to try and produce security fixes for Iphones, for Samsung tvs, for Android phones produced by Google or Microsoft or Linux because the exact technical details are not known.
Now Wikileaks has a lot more information on what has been going on with the cyber-weapons program and so I want to announce today that after considering what we think is the best way to proceed and hearing these calls from some of the manufacturers we have decided to work with them to give them some exclusive access to additional technical details we have so that fixes can be developed and pushed out so that people can be secured.
And then once this material is effectively disarmed by us by removing critical components we will publish additional details about what has been occurring.
I want to draw attention to a statement that the president of Microsoft has put out and this is something that we have been working on as well and they're great many others have been calling for - so here is the quote:
Just as the 4th Geneva convention has long protected civilians in times of war we now need a digital Geneva convention that will commit governments to protecting civilians from nation-state attacks in times of peace and just as the 4th Geneva convention recognise that the protection of civilians require the active involvement of the Red Cross - protection against nation-state cyberattacks requires the active assistance of technology companies and companies like wikileaks which can provide information about these attacks .
The tech-sector plays a unique role as the internets first responders and we therefore should commit ourselves to collective action which will make the internet a safer place affirming a role our role as a neutral digital Switzerland that assists people all over the world to be secure.
Source
So now I will go on to some questions , first of all I confess this is one from me.
Q : Does Wikileaks have a position on this sort of material?
Well Wikileaks has a position on publishing in general - we fight for the rights of publishers to publish, we fight for the rights of sources to be protected and we fight for media accuracy.
Having obtained a perfect record in the last 10 years it's one of our comparative advantages, but otherwise we don't have a position on particular issues that we're publishing about but in this case we do have a position.
We have a position because these types outside the weapons are used to attack the communication technology the journalists use to communicate with their sources and with each other. The sorts of technology that investigative reporters reporting on the national security sector reporting on war crimes use to communicate their information within their media organisation and back-and-forth with their sources.
For example the New York Times has put up a tip line - it is based upon the signal protocol.
Now Signals a good encryption system for mobile smart phones, now what's the problem - well if you control the smart phones it doesn't matter how good the encryption system is. So signal and telegram from that perspective can simply be bypassed by attacking the endpoints, attacking one of the telephones belonging to the source or one of the telephones belonging to the journalist.
And the New York Times has a central tip-line - one phone that all of its tips go to for the signal protocol and of course that phone can be hacked it doesn't matter what the security system is, as a result you see the numbers coming into the coming into it and you see the messages exchanged.
So Wikileaks does have a position - we want to secure communications technology because without secure communications technology journalists are not able to effectively hold the state to account.
WikiLeaks protections for its sources - are they affected by this ?
No they're not affected not directly - why is that well because we're specialists in this area, we're specialists in source protection and I've known in general about this type of problem for a long time. So our systems are developed to not be exposed and not based on smart phones for example we have specialised cryptography that is not susceptible to these types of attacks. On the other hand are our lawyers susceptible to these types of attacks ? Yes they are - a lot of
them are susceptible to these types of attacks. Are our key security security staff ? No because we understand that, but we want to protect all our staff and the rights of journalists and sources to communicate effectively.
Ok so that's my question now I'll go onto the others - the question from CNN:
Q : As long as these are overseas targets isn't it legal for the CIA to do this ?
Well first of all I'd just like to .. It's a legally important question in the United States but there are many questions that might be asked by CNN, and one that seems to defend the interests of the CIA I think is a bit problematic* to have been the first question to be asked.
Well the answer is this - unfortunately the CIA does have a history of attacking not only the political parties operating overseas we just published how the central intelligence agency issued instructions to its staff to penetrate the last French election cycle in 2012, the last French presidential election.
It has a habit of behaving badly inside the United States as well.
That's an extensive habit going on for years. Most recently in 2014 the CIA was denounced by the US Senate Intelligence Committee because it had hacked their investigation in Congress into the CIA torture program and had used its hackers to retrieve documents that the Senate Intelligence Committee had evidencing what the Central Intelligence Agency did in terms of torture.
Why did it do that ? I mean it's given various excuses, the answer probably is because it perceived that information would be a threat to itself as an institution. That's how institutions behave especially intelligence institution - the CIA is the largest intelligence agency in the world by budgetary expenditure and of course it wants to maximise its own institutional power.
And key individuals also want to defend their programs or increase their roles, get themselves into a position where they can cash out and go to work for defence contractors.
What about WikiLeaks material in the first part of Vault 7 - does it demonstrate the CIA attacking targets within the United States ? That's an interesting question the answer is not known.
There are more than 22,000 IP addresses that we have detected, internet addresses that correspond to computer systems within the United States.
Now one of the large research programs projects we have underway is to discover:
- How many of those systems are attack systems that are used to relay and pass attacks from the CIA out into the rest of the world.
- How many of those intermediary victims - that is say an internet service provider which is hacked in order to create an attack somewhere else overseas.
- How many are direct victims.
- How many corresponding to say a visitor to the United States from a foreign country.
- How many correspond to joint operations between the CIA and the FBI, with the CIA providing technical support .
It's a complex question that is not resolved but there are more than 22,000 IP addresses corresponding to CIA activities in the United States.
Q : Is there proof that the CIA are involving in an internal struggle - leaking as opposed to something else?
Well we can't we can't comment directly on sourcing. As someone who's studied the behaviour for many years of intelligence agencies in different countries it is an unusual time in the United States to see an intelligence agency so prominently involved in domestic politics.
Now it's a level of principle that's quite problematic , there are arguments on the other side that obviously - if there's an extreme government then perhaps it does call for illegal behaviour by an intelligence agency. We don't have an opinion on whether that is the case yet or not the United States.
Wikileaks is intellectually intrigued to see this conflict occurring because it does tend to generate whistleblowers and sources on both sides of the equation.
Q : What are the implications for journalists and sources ?
I explained previously these types of the technology are used to penetrate the computers and phones that journalists used to communicate with each other and communicate and protect their sources. I think that's an incredible problem.
In response to the Edward Snowden disclosures and some others much more encryption has been used by individual companies specialising in it like with Whisper Systems, like Telegram but also included into Apple and Microsoft and other products so that is fairly effective at hindering bulk interception, which is what the national security agency's been doing. Passively taking all the information say that flows from Latin America to North America or from North America to Europe.
But in response the Central Intelligence Agency at least has diversified to specialise on attacking the endpoints prior to encryption occurring or after decryption occurring. And say okay but that at least means that they have to engage in target in attacks which is more more expensive and might have more of an audit trail - that's true but we have exposed the particular section of the central intelligence agency called the automated implant branch.
So that is not just to develop viruses and other attacks to put into people's computer systems to facilitate a CIA hacker in doing that but also to automate how that is done.
So you can you can see that between an individual targeted attack which is direct and invasive and massive passive bulk interception the intermediary point which is the increasing automation of targeted attacks. Their automated enough they start to approach the level of bulk capacity intersection we're not there yet for most countries but we are shifting significantly away from one CIA officer directing one hacker who attacks one target.
Rather we're seeing systems developed and whole branches of the Central Intelligence Agency to automate attacks and infestations of CIA malware into targets.
Q : How do these practices by the CIA impact on members of the general public ?
With android phones, iPhones, Samsung TVs etc
Well in a number of ways, so you might think as a member of a kind of average person well is the CIA interested in you ? We have this problem that increasing automation of these attacks means that the interest may not have to be that high.
You might be you might know someone who knows someone who say works for the French government will be the target of such an attack because they're involved in decision-making about large French exports, and we published a previous document showing how the ODNI - that's the oversight body for all intelligence agencies instructed the CIA to try and get hold of every single French contract valued at over 200 million dollars.
Similarly in the information we revealed about CIA attacks on the French political parties there was two instructions to try and determine where the French political parties will try and go for a more German oriented economic policy of increasing exports. Now really what's going on is that the Central Intelligence Agency and the ODNI through who they tend to be involved in contracting is close to organizations say like Boeing and then wants to assist Boeing in unfair competition say against Airbus which the French have a stake in.
Q : About redaction, WL has often stated they only redact in exceptional cases
Well there's been a lot of false reportage about what our redaction policy is. Our redaction policy is essentially the same as the Freedom of Information Act which is - we don't react unless there are important ground to do so and then we only do so for a limited period of time until those important grounds have elapsed.
In this particular case we redacted some 78,000 pieces of information for Vault 7 part 1. That information corresponds as i said before to IP address of targets and attack machines. Well why did we redact that - well because we want to investigate which ones are targets, which ones are attacking scenes which ones were victims that were attacked to get a place hold to make another attack and if we publish them all immediately it'll be harder to create that investigation.
Question: What is the time period that these publications relate to ?
The time period is 2013 to 2016 for the part 1 publication be published on Tuesday. Other material in Vault 7 is also recent and there is some old material. Interestingly one of the key systems, attack systems developed by the Central Intelligence Agency which affects multiple computer types at once it's called HIVE and if you look carefully you'll see that in our publications on Tuesday there's a reference to HIVE being first started more than a decade ago.
So the CIA has been involved in this for quite a long period of time gradually expanding its capacity as it managed to get budgetary and political pre-eminence over its chief bureaucratic and budgetary rival the National Security Agency. That's a very interesting story about the conflict between these two rival agencies over time.
The CIA budget used to be smaller than the national security budget and it's now something like 1.5 times the size of national security budget, as a result the CIA has been able to build its own drone air force and massively expand its hacking operation so it doesn't need to ask the National Security Agency for favours.
And of course if you also want a favour a favour can be asked back but also a lot of the operations of the CIA conducts are a bit questionable for example that operation conducted against the Senate Intelligence Committee. Now if the CIA had no capacity that it would have had to ask National Security Agency to provide it with hackers to help it attack and try and take those documents off Dianne Feinstein and her staff.
Now it wasn't able to, didn't need to disclose that to the National Security Agency because it has the capacity to do it itself and the National Security Agency having been in the media so prominently especially after it's complications in 2013 , has far more oversight and accountability for its digital operations then the Central Intelligence Agency does. It's a real question whether in practice there can be meaningful oversight.
I don't think there can be - I think it's an illusion that there can be meaningful oversight although one has to try because you can't leave a regulatory ground unoccupied because it it will simply, the bureaucratic organisation will expand into that regulatory ground and occupy it.
So why can't the CIA hacking operations be effectively regulated ? Well they're done in secret, its arcane complex technology and look what has happened with the CIA - loss of control over it's entire cyber weapons arsenal.
So if the CIA which is certainly, it's highly motivated to try and keep control of it - if it can't even control its entire cyber weapons arsenal because information can flow without oversight - then what is the chance that it can control how that Arsenal is used ? It can't, there's absolutely nothing to stop a random CIA officer or contractor or liaison agent working for the British using that technology against whoever they like whatever personal reasons they like.
The technology is designed to be unaccountable, it's designed to be untraceable, it's designed to hide itself, it's designed to to remove traces of its activity, it's designed to throw off people looking to see where there are fingerprints that might demonstrate who authored that technology.
And that is done by collecting viruses and malware from mafia and various groups in other states and assembling them, that's something that we published that there's a whole section of the CIA working something called umbrage which is designed to do that. And we have quite a lot more material that talks about these attempts to throw off authenticated, sorry to throw off attribution to discover who was really behind a particular cyber attack.
Already an antivirus expert has come forward to say that a sophisticated malware that he had attributed to a state either Iran or China or Russia now he believes actually is from Central Intelligence Agency, because the type of attack system that uses corresponds directly to a description that we published of an attack system and it's rare enough that it seems unlikely it would be independently discovered discovered.
Unless of course that China has already gotten hold of these parts of the CIA arsenal and that China is using them to pretend to be the CIA.
Question: is the CIA causing commercial damage to companies through these practices ?
Yes - potentially billions of dollars of damage because if say you're in China which is now the world's largest economy and you run a company and you want to equip all your employees with particular phones or particular computers - do you trust that if you go and buy a dell computer or computer running Microsoft or Apple phone can you trust that it's not vulnerable to these CIA attacks ?
Well because Apple and Dell and so on are all based in the United States where it's understood that the u.s. government is breaching previous promises that is made which is to tell us industry about these vulnerabilities - then it starts to look like that the u.s. government and US industry is in cahoots and then you can't trust any exports from United States.
So one report just at the time of Edward Snowden's revalations suggested that practice by the National Security Agency of imperilling US industry would cost 40 billion dollars in exports, so this sort of behaviour by the Central Intelligence Agency undermining those commitments by the Barrack Obama administration to tell US technology companies about vulnerabilities before they were exploited by foreign intelligence agencies or by cyber Mafia - that breach of promise decreases trust both in the US government but also in US exports .
Question: What is the role of the US consulate in Frankfurt ?
The US consulate in Frankfurt our publications reveal is a CIA hacker base that people go there from the Central Intelligence Agency they're given instructions about how to get past German customs and they operate out of that hacker base to attack targets within Europe and Africa and the Middle East.
If you look at the consulate it's quite remarkable its an enormous complex something like 2,000 people working that they're not all the other elements of the Central Intelligence Agency and some genuine consular work, but the German press is quite concerned about it and the chief prosecutor of Germany who correspondence in some ways to the US Attorney General it's been an equivalent position. His name is Peter Frank and he announced yesterday that the German government is conducting a preliminary investigation to see if it will launch a major probe into the activities being conducted out of that consulate and also more broadly whether people in Germany are being attacked by the Central Intelligence.
I suppose that my analysis is and its born out to a degree by our documents is that - well that consulate is in Shengen so it's in the open border area of Europe. Once you're there you can go out to 25 different countries Italy, Switzerland, France etc and attack targets there. And you go well okay with the Central Intelligence Agency hackers why do they need to go into Europe at all physically ? Can't they just hack from Langley Virginia ? Well they can't hack some types of attacks in Langley Virginia maybe even a majority but there's many other types of attacks that the CIA has developed which involved getting physically close to someone or to their computer system or slipping in very quickly a USB into say French Ministry of Foreign Affairs or Export and having that malware then go into the computer system, steal things and pull it back onto the USB and walking off.
Those types of proximal attacks requires physical proximity and so once you're in Shengen, once the CIA hacker is in a Shengen country one of these 25 countries in Europe they can transport themselves and their attacks to any one of the other 24 countries and the Frankfurt and the Weisbaden area has a history of supporting a number of different US bases, military bases and bases that are used for intelligent activity.
In fact we published something a while ago that when i gave a talk in 2009 in Berlin illicitly a US military intelligence agency had come from one of these Weisbaden basis and come down into Berlin and that's the subject of a formal criminal complaint because it violates the basing agreement the agreement of Germany has with the United States - ok you can have some bases here but they shouldn't be used to attack people in Germany.
Q : How do these publications shed light on the ability of the CIA to penetrate high security networks not connected to the internet ?
Important question - they're called air-gapped network so if your worried about being attacked over the internet make your machines internet disconnected that's what most police network do for example or networks that are inside companies say like Boeing , they disconnect the network so that hackers they think can't attack them - but the CIA has created a number of viruses one for example called HammerDrill which are air gap jumping virus.
So they sit on a computer waiting - this particular one HammerDrill sits on a computer, windows computer waiting until someone goes to burn a cd-rom, put software on a cd-rom and it jumps onto the cd-rom and infects the executable programs that you put on the cd-rom so they want to go somewhere else it then affects the other computer and starts a channel.
There's a number of at least 30 different types of malware that the CIA has created to try and do that, some that are designed for CIA hackers and CIA agents to say pretend to go somewhere and pretend to give a presentation or use VLC a video player to play a video to give a presentation , meanwhile behind the scenes the video presentation software and it's trojanised version of VLC goes into the computers that it's plugged into - surveys them, infects them and ransacks the material and brings it back.
If you invite someone into your company or government department to give a presentation they put this into the presentation computer and now its infected. Similar to play a video and it's infected, many other different things. One is even a virus scanner someone is pretending to be a computer security consultant to remove viruses from an organization and in fact the virus checking program is the CIA virus that is used to infest the rest of the computer network and retrieve information.
Q : Among the list of possible targets are there any references to extremists or transnational criminals ?
Not in the material that we published on Tuesday - Vault 7 part 1 , No. It's conspicuous, there's there's no reference to terrorism theres no reference to extremists, there are references to many other target types for example liaison agents so Allied intelligence agencies that speak to the central intelligence agency.
And the CIA has developed a menu of frequent attacks include attacking the liaison officers coming only from QCHQ or the DGSE which is a French intelligence agency who think that they are cooperating with the CIA but really the CIA is infesting the liaison agent. So they're all there in a menu called "fine dining" it's a list which literally describes itself as a menu of frequent attacks and attack types that is given to CIA case officers and they say yeah I want to attack and infest some agent that I control , a liaison, someone working for a foreign government department etc .
What is not there is any reference to terrorists any reference to extremists and that actually shouldn't be a surprise to anyone , no one no one who studies the intelligence world it shouldn't surprise them because even if you just look at the budgets that came out in 2013 to the US intelligence black-budget you don't see anything like the majority of the body going towards extremism even though they are very strong political reasons to try and catch any operation in counter terrorism and counter extremism to get more money despite that political pressure.
Something like a third of the US the entire US intelligence budgets is described as countering various forms of extremism and the overwhelming majority is not but particularly for the CIA the vast majority of the expenditure and attack types are geopolitical. They're about, you know similar to the information revealed about the attacking of the French election cycle - understanding who could be pals with the CIA , who could you know help out the institution in one way or another so for example spy on Airbus, that information you then pass to the US Chamber of Commerce among others which is listed in the material and US Chamber of Commerce and then adjust what is doing in order to that is Boeing and these companies are closely connected to each other.
It's not even about what is the policy that can help us industry the most, boost US economy the most, it it's about which elements of the US economy and or related intelligence organizations in the United States and outside the United States are best able to ask for favours because they have proximity - they have interpersonal proximity or they have institutional proximity.
Q : About the story that's in the press with possible hacking monitoring of President Donald and his team, do these revelation shed any light on what is possible in this regard ?
Well that there were earlier Press reports that the Trump cabinet has been using a encryption system called confide where the messages disappear quite quickly it's sort of like an extra encrypted version of snapchat. Well it doesn't matter it's on smartphones the software attacks smartphones, doesn't matter what encryption you're running on telegram or signal or confide if you can bypass that encryption you can turn on the microphones, it can monitor movements, it can activate the camera to look at photos that have been taken.
Has the CIA done that ? This material doesn't comment on whether it has done that to the president Trump.
I suppose a question that is of interest, because there was a lot of press - there were numerous Press reports from New York Times, The Washington Post and some in Politico that people close to Donald Trump had been monitored in a counterintelligence activity. Possibly by some parts of the US government, possibly by the FBI, FBI had been mentioned, NSA had been mentioned - on the other hand it seems that many of the leaks to the media are coming from the Central Intelligence Agency based upon how they're described.
There are a number of collaborations that are evidenced by the material that we publish between the FBI and CIA and the National Security Agency and CIA so I think there's a real question whether that technology is being used or has been used in these types of investigations - that is a separate tech question to whether CIA officers have been pressing the button on that technology.
What is often done in the commercial industry, the commercial spying industry - if you're in the commercial industry you can be prosecuted for hacking someone - so what happens in the commercial industry and we did a big publication we of Hacking Team where we published more than more than million emails from an Italian computer hacking contractor called Hacking Team, it sets up attack sites and it writes the software and then it helps configure it for a hacking attack and then it gives the people they've told it to in a government department, Intelligence Agency, Police Service - the ability to press the button so they hope to that removes them from being accountable for the attack.
They've just created the system to attack the actual button was pressed by different party so that's obviously a possibility in the United States in relation to a number of different attacks. Publications don't say anything directly about the President and cabinet but that is a general phenomenon of people creating attack systems and facilitating attacks in some way but being careful about the legalities of actually pressing the button.
Q : How many parts to the vault 7 series ?
What we have a lot of material - it's a big journalistic investigation from us, from our partners, we need more partners.
So that those who engaged in journalistic excellence on reporting and material that we have published so far and there have been some good report, we will look at those people and trying to produce some of them to get them in - there is more work than WikiLeaks can do on its own that's quite typical with some publications, so we assemble international teams to try and get as much understanding in as many different languages as possible.
And then also finally make sure a lot of the material is published so the public can also catch any angles that us and the combined journalistic have missed - in this case we have extra problem which is that we have quite a lot of exploits that is this key attack code that we want to disarm before we think about publishing it.
And to have that discussion we're going to work with some of these manufacturers that have called for it to try and get those antidotes out there before we publish more information that can give clues to the cyber mafia or other intelligence agencies on how to do this.
There is a fair criticism I think of that methodology and we're watching closely which is that the CIA was so careless to produce this material, this enormous cyber weapons arsenal and lose control of it at least once and that it has spread. So does the various Cyber Mafia already have it, do foreign intelligence agencies already have it. Well I think that's a serious question , they were securing it very well so it's quite possible that numerous people could have it also it has spread appears to have spread within a number of individuals within the US intelligence community. So how much more will it spread ?
I think it's quite hard to control even if Wikileaks quickly doesn't publish any of these cyber weapons i think it is quite hard to stop the spread elsewhere which might have already occurred so therefore what you want is the fastest possible antidotes, and for that to work the fastest way of course it's just publish everything but at the moment we're watching to see whether there is a spread, and analyze what we have, work with some of the manufacturers to create, to create antidotes to these
weapons.
Q : Why is Wikileaks focusing only on problems from the United States ?
That's not true, we've published just in the last few months very significant collections of materials from Germany from Turkey in fact in response to our Turkish publications the Turkish government put seven Turkish journalist who has reported on our publications into prison.
A very serious situation - one of those Turkish journalists is fortunate enough that he was a foreign correspondent for Geseit which is german newspaper and so he's getting a bit of support from Germany but the the other six are in a serious situation - completely outrageous that they're simply reporting on what we published and the Turkish government , Erdogans government has abused concerns about the coup that occurred a few months ago - to crack down on reporting about corruption.
In this case the emails that were from Erdogan's son-in-law who was the minister for energy and that's what we published you can look them up at Baret's Box. On Russia and China we have published hundreds of thousands of things most of them are critical about 80% critical and more than 2.3 million from the Syrian government including our Bashar Al-Assad's personal emails.
So all cultures tend to just look at themselves and speak to themselves, they speak their own language and they're aware of themselves and what other people say about then all what's being published about their culture. When it's published about another culture, another country then don't pay attention. Of course but people raise this for you know distracting reasons to try and question the messenger because the content itself is so powerful.
Ok that's it .
Let me just break, i'll just break for about three minutes and see if any other questions that are really important have come in and if so i might answer them
G'day my name's Julian Assange , welcome back to the Wikileaks press conference we have found some other questions from Fox, CBS, ABC and another journalists . We'll start first of all with CBS Jeff Pegues who asks
Q : Why did you release the documents on Tuesday, can you comment on the timing ?
We have a description of the timing in the frequently asked questions, it was as soon as we were ready but it wasn't the weekend anymore. Those were the only factors involved - interestingly the administration says it's going to prepare some response on cyberwar, not sure exactly when it is they said within 30 days but 30 days might have already elapsed but it didn't play a part in our timing.
Source
Nothing else played a part in our timing, it's quite a you know you can imagine it's quite a difficult effort to pull this kind of thing together. There has been also a number of attacks on our players and on even the various forms of streaming hardware that we used to create these press conferences. Secure systems are all fine, but the streaming system is insecure because it's for the public.
It went down and we have some workaround for some parts, I'm not sure if some of the other glitches that you've seen today if it has anything to do with that probably not, probably just glitches.
What occurred on Tuesday was much more serious, but to be fair I mean we're publishing an epic scoop on the CIA, the biggest in it's history and they deserve to have a little comeback.
Ok Bryan Ross from ABC :
Q : Mr. Assange have you ever been paid by the Russian government or state funded outlet RT ?
The answer is no, but quite interesting to see the ABC taking that line.
This is the largest publication of Central Intelligence Agency documents - number 1. An enormous journalistic scoop about all sorts of things that affect journalists and almost every individual within the United States and in many other countries about the in some sense the future of what it means to be a state, where is the border between one state and another ?
Borders are created by sea and land, borders are also created by one army meeting another army and then making a truce , that's where borders come from.
On the internet there's no borders and if there's something like the use of force, that's a very interesting question as to how much state computer hacking is like a use of force in some ways it isn't in some ways it is, then obviously borders because start to become pretty mushy so enormously interesting that instead here we have a pretty sad question trying to divert from epic publication to something else.
Q : How long do you anticipate it will take to help tech companies to issue fixes or secure devices ?
What is the timeframe - that is a very important question. My experience as a computer security guy which is what I used to be in my previous profession, well some of those fixes will be fast. Ones that just affect a little part of the system with a little part that you can make a hole in and go through but the fix is just plugging this little hole, tweaking a little, distributing it, testing and distributing. Those can be issued potentially in just two or three days.
Problems that affect more critical aspects of computer code that's in a telephone or TV or somewhere else, some of them can take a lot longer to fix. And for some systems like Android with many manufacturers possibly like those Samsung TV's, there is no automatic update this isn't some people have to manually try and pull something so that the only people who are aware of it can fix the problem. If you're not aware of it,the problem is not fixed.
That's a question journalists should be asking of the the various manufacturers involved.
It is an important question and it's important to put pressure on those companies to make it , basically to make security something that the market cares about and they'll respond, and they are to a degree already responding.
If they can get away with it they'll say nothing that's what that's what google did initially was to just say nothing at all hoping perhaps that maybe we wouldn't discuss it because Android is significantly more insecure than iOS - which is the software is used on Iphone. Both of them have severe problems, that are described in these CIA documents that were published but Iphone has slightly slightly less.
Q : Is it clear which countries were among the targets of the program ?
Partly - we have a lot of records in this part 1 material, a lot more in the others that we're studying that reveals tens of thousands of targets so yes many of the targets are revealed but many are also not to do with how the CIA split up the different it's different sections and branches some of the operational branches only within that branch can be quite closely held do they know what the target are .
In other cases there's collaboration between branches and support of one branch to another and the information about targets can spread further but as we have already stated there are more than 22,000 just in this initial batch of material, IP addresses that correspond to the United States. It's not clear which are attack infrastructure, intermediary victims or targets.
But there's also as we've stated attacks , numerous attacks on Europe and Latin America including Brazil including Ecuador and we're still assessing which parts of the those governments and individuals have been attacked but Brazil and Ecuador are not really known for their extremists.
Ok that's it thanks guys, bye
Lets connect !
steemit / twitter / gab.ai / keybase
I also made :
steemviz / steemvids / steemcap / steemleak / promo
Read time Stop: 00:32:52.182
Mistakes I found, since I didn't read in closely are just minor flaws
Cheers and thanks a bunch If i make a post on Vault 7 I will include your transcript there :)
Thanks, fixed :)
Please let me know if you spot any typo's and I'll sort it out. This took forever and I'm bound to have made mistakes. The whole thing was a bit of a stream of consciousness style rant and it wasn't easy to format without it turning into a massive wall of text.
Been at it for hours, short break then I'll come tidy it up more, illustrate and fix any typo's people spot :)
Impressive work @ausbitbank - will read all later again but spotted one thing you might wanna change - last Q:
Partly - we have we have
Thanks, fixed :)
Welcome, coming back later if i find more. Namaste
Wow. Great job and now it's on the blockchain! Worth an upvote!
If I see any, I will let you know.
Disclaimer: I am just a bot trying to be helpful.
Raising some good points! I think the issue of "attribution" is important in that forensic investigators will be able to reexamine past intrusions while comparing them with the vault 7 release. I wrote a post about it today https://steemit.com/wikileaks/@digicrypt/vault-7-digital-forensics
This is good and very important. upped and Resteemed.
Very good article success and happiness
Your reward for being in
Promotedis an upvote and 0.009 SBD extra promotion.Good job, keep your contents promoted! :)
wooohooo :) finally a steem engine that pushes the waves to the wales :D or it sounds nice at least :D
An informative post