[D66] WikiLeaks revelations
A.O.
jugg at ziggo.nl
Thu Mar 9 09:50:49 CET 2017
WikiLeaks revelations raise new questions about the death of journalist
Michael Hastings
wsws.org
By Bryan Dyne
9 March 2017
One of the the 8,761 internal CIA documents leaked by WikiLeaks on
Tuesday reveals that the agency’s Center for Cyber Intelligence has been
exploring methods to hack into vehicle systems since at least 2014. As
WikiLeaks noted in its release accompanying the documents, “The purpose
of such control is not specified, but it would permit the CIA to engage
in nearly undetectable assassinations.”
While the anti-secrecy organization makes no specific charges in this
regard, this information raises new troubling questions about the car
crash that killed journalist Michael Hastings in June of 2013.
Hastings, who was 33 when he died, was the Rolling Stone reporter who
wrote an article in 2010 that led to the removal of General Stanley
McChrystal from his post as ranking US commanding officer in
Afghanistan. Hastings perished at around 4:30 a.m. after losing control
of his car and crashing into a tree while traveling at about 100 mph.
At the time of his death, Hastings was investigating another major
figure within the Obama administration’s military and intelligence
apparatus, then-CIA Director John Brennan. At the time, police declared
that there was no “foul play” involved in the accident. Before the
accident, however, Hastings had informed his colleagues that he was
under government surveillance. He also suspected that his own vehicle
had been tampered with, having asked a neighbor to lend him a car.
What the WikiLeaks documents show is that Hastings’ suspicions about his
vehicle could very well have been justified. Meeting notes dated October
2014 show that the CIA has a division known as the Embedded Development
Branch which lists “potential mission areas,” such as software and
networking devices, as targets for hacking. One of the targets listed is
“vehicle systems (e.g. VSEP),” likely referring to the embedded computer
systems that play a major role in the operation of modern cars (though
the acronym is not spelled out).
Embedded systems are computers designed and built to solve only a few
specific problems. They are not designed to take human input, but rather
are a combination of hardware and software that is designed to do a
specific task as a permanent part of a larger system, such as traffic
lights, airplane controls or assembly lines in a factory. While in
general the software of embedded systems is hard to change by design,
the CIA memo indicates that gaining the ability to control many types of
these sorts of computers is one of the goals of the agency.
One piece of software in embedded systems specifically mentioned by the
CIA memo is the operating system QNX, which the memo states is a “big
player in VSEP.” Indeed, according to QNX Software Systems Limited, the
software has been deployed in more than 50 million vehicles across at
least 14 different brands, more than 50 percent of the market share of
modern cars.
While QNX is generally advertised as an infotainment system—regulating
things such as Bluetooth connectivity, GPS, and music—it has been
increasingly used to operate more critical systems of the car, such as
the safety and navigation systems, which include things like power
steering and acceleration. Thus, if a person or an agency were able to
hack a car equipped with QNX, it is possible that they could force the
car to crash by disabling brakes, causing uncontrolled acceleration and
depriving a driver of steering. And since recovering software commands
after the hardware has caught on fire is difficult at best, such hacks
would be very hard to detect.
Though there is not a clear indication that the CIA developed these
tools beyond the “potential” for them to exist, one tool mentioned in
the memo, “Weeping Angel,” has been developed and deployed. Weeping
Angel is designed to infest smart TVs and transform them into
microphones that covertly record nearby conversations and send what was
said back to the CIA. No doubt other tools in the list of hacks wanted
by the agency have also been developed.
Moreover, if the CIA has developed the ability to hack the QNX operating
system, it would give it control over more than just automobiles. In
January, the company announced a new version of its software that is
available for tasks that involve “surgical robots, industrial
controllers and high-speed trains,” raising the potential for sabotage
on an international scale.
Going further, it would apparently also be possible for the CIA to
attack a car (or a factory, or a train) and make it seem as if another
country did it. Part of the WikiLeaks revelations include a program
known as “Umbrage,” which is a library of cyberattack techniques
developed in other countries, including Russia. If one of these is
designed to attack embedded systems, or if the CIA can make it look as
if their code was developed in another country, the next time that a
journalist investigating the CIA dies in a car crash, it might be
claimed that it was the “Chinese” or the “Russians” who did it.
More information about the D66
mailing list