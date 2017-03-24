#DarkSeaSkies: CIA’s tool to hack MacBook Air in under 29 seconds exposed
By RT News
DarkSeaSkies is a tool that runs in the background of a MacBook Air to allow the CIA command and control laptops. It is delivered via “supply chain intercept or a gift to the target.”
It’s loaded onto a MacBook via booting through a thumb drive. The CIA’s user document explains: “It is assumed that an operator or asset has one-time physical access to the target system and can boot the target system to an external flash drive.”
A 2009 “user requirements” document on DarkSeaSkies explains it was created to allow the CIA to access a MacBook Air.
The CIA’s COG [Computer Operations Group] had a “time-sensitive operational need” to install the Nightskies tool onto a MacBook Air, as the CIA had an “opportunity to gift a MacBook Air to a target that will be implanted with this tool.” It’s unknown who this target was.
DarkSeaSkies Components
DarkSeaSkies is actually made up of three components, Dark Matter, SeaPea and NightSkies.
DarkMatter is installed in a computer’s kernal-space (core of computer’s operating system, usually in protected area of memory). It then installs the other two components of the tool, SeaPea and NightSkies.
SeaPea is installed in the kernal and executes and hides NightSkies, which is implanted in the user the space (computer’s memory area that deals with apps and software).
“All files, network connections, and processes associated with the NightSkies beacon are hidden by the SeaPea root-kit,”the document reads.
NightSkies is the beaconing tool used to monitor and send information from the phone to a Listening Post (LP), which collects the incoming data.
Physical access is required to install DarkSeaSkies and the target must have “at minimum occasional internet access” to communicate with a CIA LP. If it’s unable to communicate with a LP, it will eventually delete itself from the system.
The good news is, at least back in 2009, DarkSeaSkies would not persist in the event of a firmware update, according to the CIA’s documents.
A document dealing with test procedures for DarkSeaSkies references a “MacBook Air out of the box” and explains how to install DarkSeaSkies, “run through the wizard to setup the MacBook for the first time. While you’re going through the setup you need to ensure that you set the clock to the current date and time. Disable the wireless card and the Bluetooth card.”
Under “observations,” it’s noted that the tool can be installed in “less than 29 seconds.”
“It takes roughly 23 seconds to get to where you can choose the thumb drive as the boot device and 6 seconds for the tool to install and power off the machine,” the document reads.
CIA’s NightSkies tool can hack, remotely control iPhones without user knowing
WikiLeaks has revealed the CIA’s alleged ability to infiltrate and control iPhones through a tool called NightSkies, which is physically installed onto factory fresh iPhones and allows the CIA to monitor and download files from targets’ phones undetected.
The revelation is part of WikiLeaks’ latest Vault 7 release named ‘Dark Matter.’
NightSkies works in the background and grants “full remote command and control,” to the CIA, allowing it to upload and download files from iPhones, including details from the owner’s phonebook, text messages and call logs, and to execute actions on the phones as it wishes.
In the press release regarding the latest ‘Vault 7’ leak, WikiLeaks claims that NightSkies “is expressly designed to be physically installed onto factory fresh iPhones.”
A 2008 document featured in the release explains that NightSkies v1.2 must be physically installed and will only start beaconing information once the user starts to use the phone.
Nightskies is made up of three components: an implant, a Listening Post (LP) and a post-processing program.
The implant runs undetected on the phone once it has been physically installed.
The CIA monitors the phone for activity, including its browser history file, YouTube video cache or mail metadata. Once it is used for the first time, NightSkies kicks in and sends information to a preconfigured LP.
LPs are used to monitor devices, such as computers and phones, which have been hacked with the CIA’s malware implants. They can be physical or virtual and stored on a CIA computer server.
The NightSkies LP works as a “drop box” for information. It is unable to decrypt the packages it receives, in order to maximize security should the LP be compromised.
The post-processing component handles the information received by the LP from the implant in the phone. It “is intended to occur in a secure environment,” and decrypts and processes the ”payload” received from the target’s phone.
Certain ‘limitations’ are mentioned in the document, with the CIA warning that, “If the target does not use any applications that we monitor (MobileSafari, MobileMail, MobileMaps, etc..), then it is possible the beacon may not get triggered by the target.”
A “failsafe trigger” exists to bypass this problem, but it would be far more conspicuous to any targets and would be a last resort in cases of inactivity on the aforementioned apps.
The revelation that the CIA is physically infiltrating factory fresh phones suggests it has accessed the organization’s supply chain, meaning they may be accessing phones as they are shipped to targets, with CIA agents or assets physically tampering with suspects’ phones before they even receive them.
The fact that NightSkies was on version 1.2 by 2008 suggests it had been employed before then. The document references a 1.1 version, and explains that NightSkies has the capability to self-upgrade once installed.
This article (#DarkSeaSkies: CIA’s tool to hack MacBook Air in under 29 seconds exposed) was originally published on RT News and syndicated by The Event Chronicle.