Jump to content

CIA Hacking Capabilities


Winston_boy123

Recommended Posts

Hi, I’m an author researching material for my next novel about a journalist who exposes an illegal CIA operation and who faces the wrath of the agency as a result.

I’m keen to get conformation (or otherwise) on several key points, as follows:

Given what we now know as a result of the Vault 7 leaks, is it possible for a top-level CIA hacker to frame a person by…

(1) remotely accessing their computer without their knowledge and taking control of it;

(2) accessing websites using their browser and planting incriminating material on their hard drive, again without the user’s knowledge;

(3) modifying the dates and times when these websites were visited using a tool such as Time Stomper (or similar);

(4) finally, having successfully executed the hack, erase it, or hide it, or obfuscate it to the extent that law enforcement forensics are unable to find any evidence that it ever took place?

I would be very grateful if anyone could answer these points as I would very much like to get the technical details right in the story. I just need to know what is technically possible and what is fantasy.

Many thanks in advance.

Link to comment
Share on other sites

  • 2 weeks later...

You need to go look on youtube. There are plenty of jokers demonstrating how they gain access to computers.

I would not be surprised if there are a lot of people in jail because of this. I am even more surprised this is not asked more often.

Now in your scenario the attacker has great knowledge of the victim, address, name and pretty much anything else, they may have it from personal means or from doxing the victim. Either way it is up close and personal. The average persona doesn't think like that, even if I hated someone I would never consider that due to it can haunt you for a long ass time!! BUT, our government doesn't have a heart and will not think about doing it more than once before it IS done! Your attacker's knowledge of the victim is paramount. 

Just a heads up, I am NOT a hacker, I am a hobbyist and claim no specific area of computer security. I have a career and it has nothing to do with computer security, not even close. Also don't contact me regarding details of this attack and how to perform it. There are plenty of sites for it. I will also leave some things out on purpose. I am just giving you an easy picture to look at.

Chapter 1 The Intelligence gathering

This is really a multi-step attack, meaning there are many moving components. For someone to do this they have to have an incredible amount of dedication, patience and hatred towards this person.

The attack itself is very possible. For maximum results the attacker would perform this kind of attack locally, meaning they will park down the road from where the victim is. Or even park outside of their work, the best scenario is the attacker being outside of a diner where the victim is eating and you are masquerading as the diner hotspot kind of hard to deny your phone did things while on you at the diner under camera, would be best as you really want to try to gain access to their phone first or at least capture the probes which will also contain their home access point SSID and the SSID's of everywhere he goes, most people do not forget networks they previously connected to, why? For the same reason they don't type web address's, it's too much trouble 🙂

So like I said, the attacker which we will call Joe has not been fortunate enough to catch Larry (our victim) eating out or really doing anything we could use. Joe has spent a month watching Larry, time is up! Joe parks down the street from Larry, Larry is chillin, eatin and watching tv. Lucky for Joe he is watching netflix on his phone, WOOHOOO, this is going to be super easy, btw, Larry has a 82" tv on the wall in front of him, remember the typing web address's ? Again, too damn lazy to get up and grab the remote, but this is good news for Joe! Joe just needs enough hash's to gain instant access to Larry's network, all Joe has to do is deauth Larry from the network over and over again, which with the Pineapple that happens within 3 seconds, the enduser is ignorant, they are already on FB leaving a nastygram for Verizon for the outage 🙂 Joe is happy, Larry keeps rejoining his own network, he does not know his phone connected soon as he got home, he still thinks he is on his phones network LOL. Now you got to admit, that is funny as hell and happens a million times a second I am sure!!

Joe finally gets what he needs, the password to the network, now there is the mac address attack and a few other ways to get in but for the sake of this funny story we are breaking Larry's encryption. I hope your real friend is not named Larry..lol

Joe is going to use several tools now that he is on the network, Joe is very pleased because now he knows Larry is one lazy sob and he also knows Larry would never find the motivation to log in to the router and look at the logs so Joe completely owns Larry at this point

Chapter 2 The Engagement

Joe just gained access to Larry's network and now he is running a scan, Joe has an app on his phone called FING that identifies devices, playstations, ios etc... Joe is not looking to hack a playstation! Joe is looking for devices that have storage and that communicate via some means. Joe hit pay dirt, a winders 8 machine, most likely people just look at it, this is perfect for Joe because he can clear all the windows logs when he is finished, getting in? Are you kiddin me? There are an arsenal of exploits you can use in Metasploit. And that is exactly what Joe does and boom, Joe has not only broken the encryption on Larry's network, thanks to Larry being lazy, he now has a root shell on that winders box.. the ideal move for Joe is to see if he can find anything incrimination that already exist this way it can all be traced through the log file, we really don't want to talk about Larry not having the sheer strength to push a computer button....

Joe finds nothing, Larry has no life whatsoever! Joe is going to change all of that buy simply uploading some illegal content to Larry's computer. With root access you may as well be sitting right there at the computer! Joe clears all of the log files from the computer and router,  Joe knows clearing the logs will show the fuzz intent to conceal evidence. Joe is one clever joker, but so far Joe has not used any real hacking, he used premade tools designed with 1,2,3 click attack vectors. Joe continues on with his attack by gaining access to other devices and doing the same thing. Now Joe could take this to a whole new level by breaking in to Larry's house and getting on his computer, download tor, create post and upload pics to forums, when the fuzz see's' Tor, they know they got their guy! Joe deletes the icons and hauls @ss.  Now Joe can still continue on but he has Larry right where he wants him. Why you say? Because Joe knows some of the sites are FBI honeypots and the posts are in terrorist form. As you can see this attack could go on and on. Joe never did break in to Larry's house but he did manage to get Larry arrested.

In closing

Framing someone would be extremely easy, however, today's computer forensics are top notch and if someone cared enough, they almost never do btw, they could help Larry but it would be a difficult fight. The point is anyone can frame someone, you don't need to be a computer nerd, but it really helps, seriously, A LOT, but you can frame someone with drugs.

I know I cracked jokes and stuff but man I hope your friend is not in an serious trouble and being framed could end his existence. I wish you luck in your pursuit sir and hope your friend is vindicated. When I first got in to computer security the first thing I thought was damn, what if someone try's to frame me doing this? I quickly realized I really needed to be careful of what I do.

So some of the programs used in this story are:

Kali Linux

WifiPinapple Nano being controlled by Joe's phone and using the dauth module, yes like I have said before, the pineapple is still a deadly weapon in 2019 and will continue to be until people change their networking habits and I am here to tell you now THAT WILL NOT HAPPEN ANYTIME SOON!! I am still getting the tetra, got to stack up some extra cash, I only want it because I know Darren is foaming at the mouth over 5G 🙂

FING for scanning the network to detect device makes

Fluxion, does not come with Kali, has to be git cloned

Metasploit, comes stock with Kali

 

There are many many ways to do this. If someone was to get root on a cellphone man you talkin about a party son 🙂 And it is not as hard as you would think. Create a landing page on the pineapple, have Larry connect by spoofing his SSID, and on the landing page you tell ol' Larry you need this APK to access the internet 🙂 The APK created with msfvenom in Metasploit, again, 1,2,3 clicking system. My 9 yr old can do a killer DNS redirect and in your browser you see the real web address but you are on his apache server on a fake page lol

 

Peace!

 

Link to comment
Share on other sites

btw, you really should watch Mr.Robot on USA, it is also on Prime, watch seasons 1&2. Everything he did was real, just sped up for TV. You can buy or build the Nexus running NetHunter or PwN Pony which I think that is what he used in the movie, though similar builds they are quite different. You can buy or build a rubber ducky, which is what he used to access the Skada system by dropping them in the police parking lot knowing someone would be curious and pick it up thinking it could be evidence.

 

The first scene is the realist,  now append that to your story and imagine Elliot framed the guy, he clearly gained root access to the file system.

Understand Elliot portrays a real life hacker and a lot of what he does most can't duplicate except mostly the hardware part. Real hackers can do it all and there are very few of them. Most I am sure live in China because their technology explosion is incredible.

Last post sorry lol, this made me think of Mr. Robot and that first scene. Thought you would enjoy it.

Link to comment
Share on other sites

I like Snowden its very interesting.  explains alot of cia capabilities guess.

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
On 7/23/2019 at 2:33 PM, Bigbiz said:

I like Snowden its very interesting.  explains alot of cia capabilities guess.

Have to agree here. It is a real eye opener, but I get the feeling that the DC may hold more that could not be shown.........😎

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...