Blogger Marcy Wheeler discusses WikiLeaks’s exposure of the CIA’s powerful hacking toolkit, what devices are most vulnerable to being exploited, and why this leak might be a Russian operation using WikiLeaks as a cutout to release sensitive documents.
Podcast: Play in new window | Download
This part of the Scott Horton Show is sponsored by Audible.com, and right now if you go to AudibleTrial.com slash Scott Horton Show, you can get your first audio book for free.
Of course, I'm recommending Michael Swanson's book, The War State, The Cold War Origins of the Military-Industrial Complex and the Power Elite.
Maybe you've already bought The War State in paperback, but you just can't find the time to read it.
Well, now you can listen while you're out marching around.
Get the free audio book of The War State by Michael Swanson, produced by Listen and Think Audio at AudibleTrial.com slash Scott Horton Show.
Alright y'all, Scott Horton Show, ScottHorton.org, LibertarianInstitute.org, and Twitter.com slash ScottHortonShow for all that stuff.
And for all those who've been missing the old live whole show, I'm doing questions and answers on the old whole show feed at ScottHorton.org slash show.
So check that out and send me questions on Twitter, email, whatever, I'll try to get to them.
And patronize my sponsors.
Alright, thank you very much.
Introducing our friend Marcy Wheeler, they call her Empty Wheel on the internet, EmptyWheel.net is her great blog, and she's also Empty Wheel on Twitter as well.
Welcome back to the show, Marcy, how are you?
I'm doing okay, you?
I'm doing great.
I appreciate you joining us this morning.
Big news.
Is it true what they say, this is the biggest CIA document leak ever?
CIA document leak.
I guess that's probably true.
Alright, cool.
Well, so what's the big deal?
It's the ancient history of the coup in Guatemala, or what?
Yeah, not anything that juicy.
It's a bunch of hacking tools.
Basically, it appears to be a website that a team of maybe 30 CIA hackers had access to.
And so it shows them developing tools to use in hacking.
It shows some of their conversations.
It shows some of their memes.
There's a picture of a baby smoking a pipe, which I was really happy to find yesterday, and a bunch of emojis.
But it is the second time in a year where a US intelligence agency had its hacking tools exposed.
The last time was Shadow Brokers, which started in August and ended in January.
And I'm sort of interested in that happening twice in a year, on top of the Snowden stuff.
We know where the Snowden stuff came from.
We actually don't know either where this CIA stuff came from or where the NSA stuff came from.
Well, yeah, that's an important point.
I remember you pointing out, sorry for saying point twice like that.
I remember you mentioning, noticing, and writing about how Snowden used some of the same exploits that Manning had used three years before when he did his dump, and that they hadn't even secured that.
So apparently they just figure they're the kings of the world.
They don't need to lock down their Titus secrets.
Yeah, that's the thing.
I mean, there is an issue here.
There is a good question, and I think it is a fair question, whether WikiLeaks receiving this was part of a Russian op, whether WikiLeaks' release of it in the way it did is meant to benefit Russia.
And I think those are all reasonable questions.
But I also think that we need to start questioning why it is that our spooks continue to get pawned.
So there's this, the Shadow Brokers.
But again, yeah, there's Snowden.
There's Hal Martin, who allegedly was the source for Shadow Brokers.
But when they indicted him earlier this year, they made no mention of him leaking any of this.
There's at least one other NSA hacker who has been under some legal investigation recently that we don't know about.
So fine, our spies need to hack.
That's fine.
But if they're going to hack, then please make sure that they don't keep their hacking tools sitting around for somebody to steal, because that makes us all less safe and counteracts any presumed, let's take them at their word, any presumed benefit of all this hacking.
If Russia, you know, everyone's like, oh, this is Russia stealing this hack stuff.
I'm like, fine.
Well, then what does it mean that Russia has some of the NSA's most sophisticated tools?
If that's what you're arguing, we should be just as concerned that it came out and benefited Russia, if that's in fact true.
We should also be just as concerned about the fact that Russia and who knows who else is getting these documents, these tools.
Well, you said, you know, the claim, the argument that it's some kind of Russian op is a reasonable question.
Why is that more reasonable than it's a French op or a Chinese op or a South African op?
Well, obviously, there's the there is the allegation that the intelligence community has thus far not been able to prove that that Assange is in cahoots with Russia.
I think the IC has has more generally said that Assange is a useful idiot.
Forgetting, of course, that in 2012, WikiLeaks produced a bunch of Syrian files that at least in part came from FBI's flipped hacker, Sabu.
So it's actually not the first, you know, that the U.S. intelligence community may have been the first intelligence agency to to deal stuff to Assange, not Russia.
So that, you know, there's this there, Scott, I mean, you know, as well as I do, there is this notion in D.C. now that anything that distracts from this, these claims that that Trump is, you know, a Manchurian Russian candidate is itself some kind of op on the part of Vladimir Putin.
And, you know, those all go too far.
I do think it's fair to ask whether these got dealt to Assange as part of a Russian op.
But but we don't have that evidence.
And that's not what Assange claims.
Assange claims that.
I mean, I think that the shadow brokers one, I think there is more reason to suspect that that has ties to Russia than this one, given the evidence that we've seen so far, just because of the way that coincided with some of the other parts of the DNC hack.
Whereas the this one Assange said that some CIA hackers and contractors had basically copied this Web site and and they were using it.
They were they basically went into private practice and had all these CIA tools that they could then use for private companies and that one of them decided to leak it to CIA out of concern for civil liberties.
And frankly, it could be, in fact, true that somebody leaked it for concern for civil liberties and that Russia had a hand in that.
But but, you know, again, Assange WikiLeaks, their explanation is that it was a CIA leaker who handed it to to to Assange.
But I mean, D.C., notwithstanding, in your view, I mean, do you see a real reason to believe that this would be the Russians more so than the Chinese or the Canadians or anybody else who could be behind this?
The Israelis?
Because I do, because I mean, neither the Israelis or the Chinese would would publicize the fact that they had these documents.
Well, I mean, but wouldn't it be in the Chinese interest just as much as the Russian one to give them to WikiLeaks, launder them through some cut out and and expose the CIA's problem the same way?
No, the Chinese way of working, as far as I understand, is is to sit on intelligence.
I mean, you know, like they could have when they stole the OPM database, they could have exposed 21 million American spies and other clearance holders.
And they chose not to do that.
They sat on that information, presumably kept it for themselves, whereas Russia does have a history of sort of exposing things for, you know.
And the other thing seems like they might want to keep this for themselves, though, right?
A bunch of cool hacking tools.
Yeah.
And well, no, that's the interesting thing is that in point of fact, WikiLeaks, they released some code that was useful.
They released kind of something's exploding.
Sorry.
They released some information about the development of certain tools, but they didn't release the actual tools, unlike Shadow Brokers, which released maybe, you know, 20 tools that showed the back doors on a bunch of American American firewall companies.
WikiLeaks didn't release those tools.
And I'm actually writing a piece now pointing out that that's interesting because Shadow Brokers claimed that WikiLeaks also had a copy of the same files that they were they were leaking last year.
And if that's the case, WikiLeaks has a whole bunch of hacking tools in its possession that we haven't seen yet.
And WikiLeaks, in not releasing those, said, I'm being responsible.
I don't want to release a bunch of things that some bad guys can go use and hack.
But it also means that WikiLeaks has it, right?
Yeah.
Hey, that's cool with me, I guess.
I don't know.
Better Assange than the CIA.
But yeah, and especially if he's using it against them.
But yeah, no, I see what you mean, though, about how, you know, even if you're just being the public spirited WikiLeaks that we all know and love, that you could be used by one agency or another.
Hell, you could be used by one American agency against another.
Never mind foreign powers.
I guess I just figured I personally don't mind if the Russians leak a bunch of CIA hacking tools because screw them.
But I see what you mean that it's not in a vacuum.
It's a world that we live in.
That's the other thing that's really hypocritical.
I mean, people argue back and forth about whether Snowden was right to leak these details, first about Americans being bulk collected on.
But the thing that Americans like to complain about is, oh, my gosh, Snowden told the rest of the world that we, the United States, was bulk collecting on them.
And they're really offended by that.
They think that that was wrong because, you know, it hurt the United States.
But the funny thing here is, it is presumed that if you discover tools that hackers use, you release them so that security people can, around the world, secure people from being hacked.
Which is why, you know, there's an entire industry, most of it dominated by Americans, most of it dominated by former American hackers who spend their time investigating what Russian intelligence does and revealing it and saying, here are the codes that you look for to make sure that you're not being hacked.
Effectively, that's what happened with the CIA.
You know, that now, and I've heard this, you know, some of the information security people I follow are like, yeah, this is great for us because now we can protect our clients against potential CIA hacking.
But for some reason, there's a double standard, like the fact that CIA's hacking gets exposed is bad when Russia or, you know, China or Israel or private companies like, you know, the people who go and hack for quasi governments, it's okay to release all of their hacking details, but releasing the CIA's hacking details for some reason is bad, but whatever.
American exceptionalism.
Do I have that right at all, even?
So, you know, if you are protected by Cisco or Fortinet or what have you, these were, this was code that you could use to break through the protection that you would have.
Those weren't all American companies, but they were mostly all American companies.
In other words, this disclosure revealed A, that the NSA was using backdoors on American companies, and B, it provided the way to do that.
In October, Shadowbrokers released something again, released, in that time it was more a list of IPs that the NSA had used.
So it revealed both whom, same thing that we've done in the wake of the Russian hack of the DNC.
There was, you know, there were the IC released to what are called cert reports, one in January, one in February, with all of these IP addresses show, you know, basically saying, here's IPs from which Russian attacks have come.
A great proportion of those were Tor exit notes.
So it was kind of stupid because it got people looking for ghosts, and they found one in a utility in Vermont, almost as if by design.
But regardless, that's what happens.
You find a hack, you find, you know, you find IP addresses that people are using to hack, you release them.
So Shadowbrokers did that in October.
And then in December, Shadowbrokers said, hey, I've got a bunch of Windows tools, pay for them individually.
He, she, they did not release all of the Windows tools, but in January released a few old tools.
And that was just as interesting for the way that it exposed Kaspersky, which is the one, or there's two, but one of the only Russian infosecurity companies.
It basically said Kaspersky knew about this stuff, but didn't include it in its antivirus.
But it was, but those three releases.
And to this day, it's not entirely clear where those files came from, at what point, where in the NSA hacking process they were stolen from.
Like the FBI would like you to believe that that guy, Hal Martin, who left, you know, who, he was stealing documents for 15 years, according to them.
And they claim that some of the files or one of the files that he stole ended up in Shadowbrokers' hands and that's what got released.
But we still don't know how that happened because DOJ certainly isn't charging him with that.
So, so two instances.
I think it's actually really interesting.
I think that people should be, you know, again, I think people should be just as concerned that neither the CIA nor the NSA can keep their tools safe as they should about whether or not this is a giant Russian plot.
You know, given where we are, it's all going to be about the latter, the Russian plot part.
Yeah.
Well, it makes you wonder who's running the FBI counterintelligence division when, I mean, this guy, it doesn't sound like he was an Aldrich Ames character where he was, you know, turning this stuff over.
Is it, is it right what they're saying?
You believe that he was just some freak hoarder who was just keeping everything at his house for 15 years he was stealing this stuff?
Yeah, that is all the evidence shows.
Amazing.
And nobody's noticing this or stopping this in any way.
There's no procedure or whatever procedure there is.
He can just walk right around it for a decade and a half in a row.
Right.
I mean, that's amazing.
It is possible there is a go between we don't know about and that's an Aldrich Ames types or that's like, you know, the Russian ambassador meeting with him and all these RNC events and also handing over lots of NSA files.
There is a story yet to be told and we don't know that story, but at least what DOJ charged Hal Martin earlier this year, there is no allegation whatsoever that he shared any of the things he stole from the NSA.
At least that they're publicly accusing him of, as you said.
Scott Horton here to tell you about this great new book by Michael Swanson, The War State and The War State.
Swanson examines how Presidents Truman, Eisenhower, Kennedy both expanded and fought to limit the rise of the new national security state after World War Two.
This nation is ever to live up to its creed of liberty and prosperity for everyone.
We are going to have to abolish the empire.
Know your enemy.
Get The War State by Michael Swanson.
It's available at your local bookstore or at Amazon.com and Kindle or in paperback.
Just click the book in the right margin at scotthorton.org or thewarstate.com.
As far as the so-called Russian hack of the DNC, I saw a story last night in Bloomberg News.
It said the Russians have been hacking Democrat think tanks like John Podesta's Center for American Policy or whatever the hell it is.
I forgot.
Progress, yeah.
Yeah, Progress.
Center for American Progress.
The Think Progress blog.
Those guys.
And they're blackmailing them for bitcoins or else they're going to release their emails that reveal what terrible bastards they are.
And so they're running scared and they're paying the bitcoin ransom.
And we know it's the Russians because some guy said that he thought that maybe he heard somewhere that these techniques seem to be reminiscent of the same sort of techniques that are used by a thing that has been named by the Americans, Cozy Bear.
Because it's actually not really a thing called Cozy Bear.
It's just that that's what they call it.
Which they also assume because they heard somewhere that that is probably the Russians.
And that's how we know that it's the Russians behind the current hack of John Podesta's think tank.
And I'm thinking, you know what, this is getting really ridiculous at this point.
I mean even, and I know that you know so much more about this than me.
So I want to hear it from you.
But let me say one more thing here.
It's more ridiculous than that.
Because, so Bloomberg went with that story.
They had not yet gotten comment from Cap.
And Neera Tanden of all people, so she's the head of Cap, I think she's back to heading Cap.
She was high up in Hillary's campaign.
So she was hacked by the Russians.
If anybody anywhere has an incentive to blame stuff prematurely on the Russians, it's Neera Tanden.
And she was saying, no, what you claimed happened to Cap here didn't happen.
Now it's not clear what did happen to Cap.
But she certainly questioned their claims.
Another person who allegedly was hacked by the same people was like, I'm not even sure I was hacked.
I was on a list.
And there's no evidence I was hacked.
So it's not, there may be even less there there than you described, Scott.
But it is true that they basically say, I mean, you know, it's sort of like anybody in the world who fishes is now supposed to be Russian.
Fishing is, I could probably pull it off.
I don't.
I'm not a hacker.
But fishing isn't that hard to do.
It's about tricking people.
It's not about high technology.
Yes, tricking people with good technology is easier.
But it really is about tricking people.
And that can be done by, you know, 14-year-old kids in their mom's basement.
But we're at this point now where anything that is a similar method to the Russians is blamed on the Russians.
And it's a kind of crazy place to be because there, you know, yes, I think, you may not agree with me, but I think the evidence that Russia did the DNC hack is very strong.
I think there are parts of the public story that have problems.
But I think that the evidence that Russia did the hack is very strong.
But, you know, now we're led to believe that Russia was the single-handed thing that lost till early election, which is nonsense.
But it's like we as a country, you know, both left and right, have decided that we have to blame all of our misfortunes on Russia.
And that seems like a really disempowering place to be, even if it were true and it's not true.
All right.
Now, so, you know, I have no idea what all of you know and understand about this DNC hack.
And I'm sure we wouldn't have time to talk about all of it here.
But I wanted to ask you about this thing Daniel Lazare quoted, reminding me of this.
It was written by Biddle, Sam Biddle at The Intercept, who says that, you know, basically this whole thing about cozy bear and fancy bear, and this may not be correct.
He's saying basically this all comes down to the CrowdStrike report that says that these are the Russians, the FSB and the GRU.
And that the reason that they know that is because they left behind some Cyrillic letters in their comments and in the metadata and in some things inside some of the files that they sent.
And they had the name of Felix Edmund Donovich, the founder of the Cheka.
Yeah.
Yeah.
And then he says in here, you know, we know that the most sophisticated hackers in the whole wide world for the most nefarious government in the world did this.
And we know because they screwed up over and over again and just basically left a trail of breadcrumbs straight back to their house.
And so I just wonder, is there really more to that that I that I'm missing here?
Because it sort of sounds like a big case of question begging or, you know, a conclusion assuming on the part of the accusers here that we just everybody knows that premise one has to be that it was the Russians.
And we just start from there.
But I'm not sure it's really been demonstrated.
Let me let me let me go back.
So CrowdStrike, which is the consulting company that that Hillary brought in, said in the summer that this was that it was two hacks.
First FSB starting in summer of 2015 and then GRU military intelligence.
They don't say when it starts, but we know that it started in March of 2016.
And we also know that a GRU fish, a fish that has that does have the appearance of being from GRU, fished John Podesta right smack in the middle of March.
So we can date that pretty closely.
And that's what CrowdStrike is talking about, especially with the DNC.
And they're pointing to tools that generally are associated with GRU.
Now, in December, they came out and said, here's proof that this tool written in, I forget, I think, written in Linux used against DNC, which has since been written in Windows and used against Ukrainian soldiers.
Here's proof that it's tied to GRU.
And they said in December, and this was really interesting, they said, this is this is why we're moving our confidence that it was GRU from medium, which is which it was in the summer to high, which it was in December.
And there were problems with their December story to begin with.
But for the first time, you know, six months later, they all of a sudden told us that their confidence that it was GRU in the summer was only medium.
So, you know, there's that, right.
Now, I have talked to people very close to the hack who have other reasons to believe that it was Russian.
So, so I have reasons to believe that it was Russians, even beyond whatever CrowdStrike tells you.
But what you're talking about is something different, which is this Guccifer2 figure who started leaking documents right away, claimed to be a go between two WikiLeaks.
And Guccifer is the one who used Iron Felix in his metadata.
He also, according to Sam Biddle at The Intercept, he also used Che Guevara at a different point in his metadata, which would seem, you know, people have all clung to that.
Iron Felix in the metadata.
Also, that the person opened up documents in a, in a basically Russian language copy of Word and therefore must be Russian.
I think the argument is better that Guccifer2 wanted to pretend to be Russian.
The question is why?
But nevertheless, everyone believes that Guccifer2 is Russian.
And I think that the case that Guccifer2 is Russian is, is weaker, but not necessary to get to the claim that Russia hacked the DNC.
Now, it's possible that multiple people hacked the DNC.
It happens.
And that Guccifer is one and the DNC, you know, that GRU is another.
Big question is who gave the files to WikiLeaks?
We don't know.
The government has never offered a public explanation of how that happened.
So, you know, that's the kind of thing that I, you know, would like to see FBI and Congress further investigate.
But instead, they want to know every single person who ever spoke to the Russian ambassador, which is probably not the best use of their time.
Yeah, well, what do you expect from a chicken with his head cut off running around trying to figure out what to do?
All right.
But now, if I, if I understood you right on the first one there, it still does come down to, I think the word was appearance.
Really, really, really strongly seems like that was probably the GRU in the first place kind of thing, but still no real proof of that.
Am I right?
So CrowdStrike's argument is based on tools.
So they, you know, they point to this tool and they say every known use of this tool has been GRU.
To argue that it is not GRU, you have to assume.
And that's one of the reasons people think that the CIA leak and the Shadow Brokers leak was a fix.
You know, one of the things that came out of yesterday's leak is everyone pointed to CIA reusing code from other hacks, including one that the Iranians did and saying, well, they're false flagging everything.
Yeah, they do try and screw up attribution as as does everybody.
So it is possible somebody got a tool that GRU developed and misattributed their hack to GRU.
Well, see, I wonder if that's also a CrowdStrike question begging when they say, well, this reminds us of things that are GRU from the past.
Well, I want to look at those GRU things from the past.
Who says that's the GRU other than these same guys?
Yeah.
Although, I mean, people who, you know, CrowdStrike and other companies have done this over years and there is a fair amount of consensus, not high, but there is a fair amount of consensus that all these tools are associated with GRU.
And I've heard from multiple people who I trust more than I trust CrowdStrike saying that.
But that's beyond the fact that, again, my my other avenue of pursuing this, somebody believes affirmatively that they were individual Russians involved in the hack.
So so that's a different basis of conclusion that it's the Russians.
Right.
Well, and, you know, honestly, I put more confidence in your anonymous sources that you trust in your journalism based on that compared to assertions by these, you know, security firms who all have government contracts and all have an interest in getting in on the Cold War game and all that.
Interesting to hear.
OK, so now let me ask you this.
I got to bring this up because everybody's talking about it.
It's important.
And that is the death of Michael Hastings in the terrible car wreck in L.A. going 100 miles an hour down Highland, which is not 100 mile an hour street, hit a palm tree and died back in 2012.
And so the deal about it is that I'm sorry.
Wasn't it 2013?
Oh, you're probably right.
I'm sorry.
The reason I ask is because I checked the time and yesterday.
So that code that shows CIA developing means to hack a car, which WikiLeaks, you know, in their in a notable way, said, well, this means that CIA is trying to assassinate people driving cars.
There are many other applications for hacking cars than assassinating people.
But what that said yesterday is that CIA was still developing the technique in 2014 and Hastings was already dead.
So, you know, the common Hastings was investigating John Brennan at the time he died.
There were special forces related people who wanted to retaliate for his profile of Stan McChrystal and Mike Flynn, who we now all agree is is batshit.
You know, we Michael Hastings did us a favor.
Right.
But so what I'm saying is.
Actually, yesterday's evidence doesn't support even if you want to be the most conspiratorial possible, even if you want to believe that people would take out Hastings for his reporting.
What we know is CIA did not yet have the tool that might have been used to kill Hastings, even if somebody was assassinating him, because that's what the timing from yesterday shows.
That's interesting.
Although, you know, at the time, Andy Greenberg from Forbes went out and found some guys from the university and they had no problem taking over a car.
In fact, they said that they could even play a song on the radio that would have code in it.
That would get you tricky into playing a CD.
But they were saying even a song on the radio would they could send a code to your car's computer that would let them take it over and then this and that.
And, you know, I mean, frankly, from from Hastings book where the guy threatens to kill him and it's a pretty serious threatens to kill him.
I mean, it's page 64 and 65 of the operators, if anybody wants to look at it.
But the guy who threatens to kill him is the British SAS guy.
So, you know, I don't know exactly if it really matters at that level exactly which agency these guys are working for.
But it seems like it wasn't necessarily a threat that the CIA would kill him.
Although, you know, this is the problem with somebody like Michael Hastings, right, is if he died even of old age, you know, at 85 on his front porch, you'd still be able to say, aha, he was right in the middle of writing a story about the CIA because that's the kind of work that he did.
You know, he was great on the wars and great on all this intelligence stuff.
And so you would, you know, pretty much if he died of anything, you'd be able to correlate it to something if you wanted to, because that was the kind of work he did.
But I got to tell you, you know, I always sided with his brother and I still do side with his brother who gave a really long interview to a family friend who explained that he was really in the middle of a PTSD type of a breakdown here and was having a really hard time.
He wasn't suspicious at all.
He just thought that this was, and you know, soldiers do this a lot, you know, especially on motorcycles.
They just, you know, suicide by motorcycle crash and this kind of thing.
And that's apparently what happened here.
But I got to admit that when I reread his book after it happened and I got to page 64, I was like, dang, I mean, it was a pretty serious threat.
I don't know.
I don't think we can completely dismiss it.
But yeah, I mean, I think really when his brother and his wife are both saying, yeah, it's a tragedy.
Pretty much got to go with that.
Yeah.
And I've heard that from other people close to Hastings.
So, you know, I really want, I mean, I want to push back for that reason, which is that people really close to Hastings don't believe it and aren't really tolerant of that story.
But also what we saw yesterday in no way supports the claim that CIA had the technology to assassinate Hastings by hacking his car because it was still in development after the time he was dead.
Yeah.
Well, yeah.
And it should be said, too, that, you know, he had a really hard time in both of those wars.
And in fact, he really should not have gone back, you know, gone to Afghanistan for Obama's surge.
He had a hard enough time in the Iraq war.
I mean, I talked to him for years and years.
And and then, you know, he saw a suicide bombing of a guy or at least the immediate aftermath in Afghanistan.
I know really shook him up and stuff like that.
So, you know, these wars, they destroy good men.
All the time.
They do.
Yeah.
Yeah.
All right.
So, no, but tell me about my iPhone and my Samsung telescreen and all this craziness, though, please.
Could you?
Well, that's another thing that, you know, there was bad reporting that came out of this yesterday.
So I want to I want to push back against two things.
One is the big flashy thing that WikiLeaks highlighted is that they can hack your Samsung TV.
To do that, CIA would have to come to your house, take a USB and stick it into the back of your TV while you're not looking.
And there's still a way to tell whether or not you're being hacked.
You are at far more risk as an American.
I mean, first of all, CIA, you know, they're not supposed to target Americans.
So if you're in France, then worry about that.
If you're in the United States, you need to worry about the FBI doing that, not the CIA doing that.
But the other thing is you're at more risk of Vizio collecting information on you and that being shared at a much lower level of suspicion because Vizio has been shown to spy on its users.
One of the things we know marketers are doing is they're correlating.
So they're there.
You know, like I watch I tweet in front of my TV all the time, which is why I write so much about football on Twitter.
And they correlate.
They'll figure out, well, that person on this device is the same as that person on this device.
And that allows them to develop for marketing a more complete picture of who you are.
But that's incredibly valuable for spies.
And it's accessible to our spies in the United States at a much, much lower level of suspicion than going into your house and sticking a USB into the back of your television.
So you've got other things to worry about if you're an American.
Same thing if you're French, then maybe you should check the back of your TV.
The other thing is that there's this claim that they found a way around Signal.
What they really mean is if somebody hacks your phone, then Signal's not going to help you.
Signal is end-to-end encryption.
WhatsApp, same thing.
And so a lot of people in here, like the New York Times, it wasn't just WikiLeaks, it was also the New York Times in their initial report of this said, well, they found a way around encryption.
Yeah, right.
That's what the NSA and CIA do when they really, really, really want to hack you, is they don't try and crack Signal.
They basically find a way to own your phone.
And what we did see yesterday is CIA does have means of getting into both Android phones, which are far easier, as well as iPhones.
So that's something we knew already.
What it does is confirms that CIA has that capability in addition to NSA.
Well, yeah, and it shows how easy it is for CIA to get around by, as you're saying, kind of hacking your phone at its core level so that it's an end run around the encryption?
Or, I mean, they don't have to break into my house and put a USB in my iPhone, right?
It's unclear how much access they need to your phone to be able to get into it.
And a lot of that depends on, for example, whether you use iCloud, because they would go after your iCloud before they go after your phone.
But it's still, everyone says, and I believe them when they say this, it's still a lot safer to have an iPhone than it is to have an Android.
So if you care about security, spend the extra money on an iPhone.
But really, at that point, if you're worried about your iPhone getting hacked into, you may have reason to, right?
Some people do have reasons to be worried about being hacked at that level.
But if your threat model is that severe, if you're really worried about the NSA and CIA hacking you, you're pretty much screwed because they have this ability.
Whereas, like, it is just less, your local police department isn't going to have the ability to hack into your phone.
They're going to have to go to the FBI after the fact with your device to try and do that.
Or they're going to go to celebrate this Israeli company.
But again, they're going to need the phone in hand, send it away, get it post-hoc.
The way in which normal people, we can go back.
Remember, we were just talking about how simple it is to phish somebody?
It's far easier to phish an average person than it is to get into their iPhone and bypass signal.
And that's the lesson, I think.
It is interesting to learn what the CIA can do, but average users should not focus on whether or not it's safe to use signal.
They should use signal.
They should make sure that they have two-factor authentication and that they don't click on phishing emails.
Yeah.
Well, like you say, if they're looking at you, you definitely shouldn't have an iPhone.
You can't even take the battery out of one of those.
You've got to be able to take the battery out so they can't follow you around or turn your microphone on or whatever if you're really up to your eyeballs in whatever it is.
Definitely need some other model than that.
Yeah.
There are things that average people can do to protect themselves.
Keeping location off, turning off your phone when you're doing sensitive stuff, great suggestions.
I'd still say buy an iPhone over an Android.
I'm not a lawyer.
Don't hold me accountable if you get hacked, but just use the easy tools available for you.
Chances are good that your threat model has more to do with Google spamming you with advertising than with the NSA stealing your secret code to Russian spies.
There you go.
All right, y'all.
That's the great Marcy Wheeler.
Emptywheel.net on the internet and on Twitter also.
Thank you very much, Marcy.
Awesome to talk to you.
All right, y'all.
That's the Scott Horton Show.
Check out all the stuff at ScottHorton.org.
I've got my full interview archive, 4,000-something interviews for you there, mostly anti-war stuff.
I'm doing questions and answers on the whole show feed at ScottHorton.org.
Email me, Scott at ScottHorton.org, or send me tweets at ScottHortonShow, and I'll get to your questions and answers for you there.
Patronize my sponsors.
They love you.
Thank you.
Hey, y'all.
Scott here.
If you've got a band, a business, a cause, or campaign, and you need stickers to help promote, check out TheBumperSticker.com at TheBumperSticker.com.
They digitally print with solvent ink, so you get the photo quality results of digital with the strength and durability of old-style screen printing.
I'm sure glad I sold TheBumperSticker.com to Rick back when.
He's made a hell of a great company out of it, and there are thousands of satisfied customers who agree with me, too.
Let TheBumperSticker.com help you get the word out.
That's TheBumperSticker.com at TheBumperSticker.com.
Hey, y'all.
Scott Horton here for WallStreetWindow.com.
Mike Swanson knows his stuff.
He made a killing running his own hedge fund and always gets out of the stock market before the government-generated bubbles pop, which is, by the way, what he's doing right now, selling all his stocks and betting on gold and commodities.
Sign up at WallStreetWindow.com and get real-time updates from Mike on all his market moves.
It's hard to know how to protect your savings and earn a good return in an economy like this.
Mike Swanson can help.
Follow along on paper and see for yourself.
WallStreetWindow.com.
Thanks for watching.
