As pretty much anyone who reads this column already knows, WikiLeaks has dropped a trove of about 8700 secret documents that purport to cover a range of CIA plans and technologies for snooping over the Internet — everything from cracking encrypted communication products to turning Samsung smart TVs into listening devices against their owners. Two questions immediately arise: 1) are these documents legit (they appear to be), and; 2) WTF does it mean for people like us, who aren’t spies, public officials, or soldiers of fortune? This latter answer requires a longer explanation but suffice it to say this news is generally not good for anyone, not even for spies unless they have been recently unemployed. But for some companies it will open up significant new business opportunities.
Nobody forges 8700 documents totaling a million pages or more. It’s too hard to do and forgeries are too easy to detect. So the only way to make this mess at all benign for the beleaguered CIA is to point out that at least some of these documents — especially the foreign ones from outfits like GCHQ (the UK equivalent of our NSA) might be part of a sort of cracking library. If you employed hundreds of programmers working to crack foreign communications or protecting U.S. communications, having a library of proven attack examples makes perfect sense. But these documents aren’t all just examples by any means.
Nobody cracks TVs just for the fun of it. Even Mr. Robot is driven by paranoia.
If you work in this area for one of the 17 U.S. intelligence agencies, these WikiLeaks are terrible news… unless it’s really old news, which it might well be. Maybe these techniques were already well known to all parties in this game of cat and mouse. Remember the backstory that goes with these docs is that they’ve been floating for months around the Dark Web and came to light just now as much because of hacker boredom as anything else. But if they aren’t old news or old tech and instead represent state of the art for electronic snooping, well that means there’s suddenly going to be a LOT of work patching vulnerabilities and finding new ones.
I’ve only just scanned the docs but there sure seems to be a lot about cracking consumer electronics on a grand scale which means all of us are vulnerable. And we can’t hide behind the idea that U.S. intelligence agencies are ostensibly prohibited from spying on U.S. citizens. Edward Snowden showed there’s a quid pro quo among western spy agencies that have in the past allowed the UK or Australia to intercept communications of U.S. citizens just as the NSA can intercept UK private communications and send it on to GCHQ. There are no innocents in this CIA story.
So what’s to be done about this document theft? From a defensive standpoint it has become an issue of patching versus supplanting. I’m sure it’s possible to come up with patches to seal piecemeal most of these vulnerabilities, but if we are talking about thousands or tens of thousands of bugs, that’s going to take months. Until then we are vulnerable and a lot of programmers will be working overtime.
The other approach to solving this problem isn’t by patching holes but by building walls. If a new security technology — a whole new layer — can be added upstream of the current vulnerability, then maybe fixing that vulnerability isn’t so important anymore.
I suspect we’ll be seeing at least a few such new approaches appearing shortly because that’s the only way to improve the practical situation quickly. Next week I’ll talk about a couple very specific new security approaches that embody what I mean.
That’s if the black helicopters don’t get me first.
Money, there’s no money in patching all those old ‘Smart’ TVs, so I guess people are just going to be left to their fate by the big corporate firms. The MS/Apple/Google will only patch their ‘latest’ versions which may/may not work on the hardware you have (or in the case of smartphones, not be available).
As you’ve commented before, money governs everything, so little to nothing will happen to protect ordinary people.
Did you seriously just end your article with essentially “more on that in a [few] week[s]…”?!? Are you mocking us? Why do you hate us?
Yes he did.
I know people are going to argue “because freedom” just on principle but I’m legit curious – why should we, as boring consumers, care if anyone is listening to our conversations at home by hacking into our consumer products? I highly doubt someone wants to listen to me talking to my wife/kids about how our day was and, if they do, what’s the worst they will do? Start advertising products to us that they think we might need? I’m fine with that in fact it may save me time if they realize what I need before I do.
.
I don’t see how this gets us to a 1984 scenario (not to say you said that, just thinking out loud) and I’m not trolling, I’m just legitimately curious what the fear is/why the general populous should care.
.
Note: This is me assuming that 90% of us are aware that we are not high government officials and our lives are more or less insignificant. If you work in politics or intelligence agencies, then I can understand your concerns and my question doesn’t apply to you.
Nick, I appreciate the honest question, and will answer just as respectfully. I care that the government not intrude on my boring conversations because it is my fundamental right to have privacy. Period.
A search warrant is required for any snooping–or should be, imho (e.g., not Stingrays.) Last December this view of the landscape, search warrants, tilted, when the “long distance” interpretation of the law changed. Investigations may now be extended beyond a judge’s normal jurisdiction (Rule 41). It means for the first time that the government can hack into computers _not knowing who they belong to_. How is that a warrant?
Moreover, data can be collected on us, en mass. Lovely. Because I speak, may I be snooped? Because I stream Netflix, should my preferences be visible? Because I drive my car, should I be trackable? It is one thing to give up my privacy, it’s quite another for it to be taken away. Now the FCC is relaxing the privacy rules ISPs must follow. Your data, your viewing, your browsing, all now available FOR SALE. Little by little we are giving up our right to privacy.
Similar to Rule 41, FISA’s section 702 is coming up for review, which brings more intrusive investigations across borders.
I heartily urge readers to consider Bruce Schneier’s book, “Beyond Fear.” 911 changed how we think about security. The reptilian brain response to fear oughtta be countered by the logic of a democracy saying no to invasions of privacy.
Why should I care? “May take a look around?” does not mean I HAVE to say yes. I have the right to say no, until they come with a search warrant.
For a guy who is both a private citizen and a CISO, I am beginning to appreciate the EU view of Privacy. Still, let’s say a guy wanted to join a protest. Completely innocent, should we feel nervous about exercising our free speech? You bet.
Worse, protest laws are now popping up across the country. Free speech is narrowing with every week that goes by.
Still, wearing a CISO hat, the threat of Assange holding back zero-days has my attention. It’s going to be a long weekend, poring through those new docs, looking for new threats. With the good stuff held back, I may never see those threats until it’s too late. Narrowing that window of testing patches and rolling them out just got bumped up on the priority list. This puts your data, your money, your electricity at risk. Now, perhaps, these leaks have our attention. Now this isn’t about snooping, it’s about Cyber Defense.
Except now we’re back to living in fear. I refuse to live in fear. I choose instead to speak out for our right to be standing tall, innocent. In privacy.
There are people to whom privacy NEED NOT be explained, and there are people to whom privacy CANNOT be explained. Now go look at a county-level map of any of the last five Presidential elections.
How many times can I upvote Frank’s comment, please?
Here you go:
https://www.270towin.com/historical-presidential-elections/
This alone doesn’t get us to a 1984 scenario. What will get us there is ignoring this sort of surveillance on the assumption that one’s government will remain (relatively) benign. I’ll bet the average person in 1904 Germany felt the same way. Funny how things change.
It goes beyond “because freedom”. Our country has a state religion, and one of its fundamental precepts is a right to privacy. You either worship at that altar or you don’t.
https://www.amazon.com/Three-Felonies-Day-Target-Innocent-ebook/dp/B00505UZ4G
https://en.wikipedia.org/wiki/Parallel_construction
Be afraid.
Years ago I read a reply to a comment like yours. It went something like:
“Ah, you funny Americans with your ideas of ‘If you have nothing to hide, you have nothing to fear’.
Read some European history. We’ve had reason to think better.”
It’s always stuck with me.
The reason ordinary people should care is not because the CIA can listen to our trivial conversations. It is because they can listen to those in power. This makes it possible for the CIA to gather dirt on anyone, then selectively exert pressure on them, either by selectively reporting illegal activity, exposing scandals, blackmailing, or simply using gathered intelligence to inform strategies for defeating opponents. This isn’t so bad if one trusts that the CIA would always use this power impartially, for good, and that you agree with the CIA’s definition of ‘good’. But consider this: these vulnerabilities are not just available for use by the CIA. Foreign governments are also able to exploit them. As is organised crime. Any sufficiently powerful organisation will use these techniques on our elected officials. On our governmental committees and investigators. On our judges. On our police. When techniques such as these are available, it is very hard to maintain trust that our democracy is operating as it should, and hasn’t been corrupted. Government contracts get awarded to companies. Laws get passed. Politicians resign. But why did it happen?
> It is because they can listen to those in power. This makes it possible for the CIA to gather dirt on anyone, then selectively exert pressure on them
You mean like good ol’ J. Edgar Hoover used to do? Glad you have caught up to the 60s and 70s.
Just because a bad thing happened in the past, that doesn’t mean that more widespread occurrences in the future are of no consequence.
This is exactly the problem. Our own freedom and security is deeply dependent on the fredom and security of others. America loves the myth that all Americans are independent frontiersmen who’s freedom and safety lies solely in their own hands and depends on nobody else, hence gun ownership, but the truth is that in an advanced society we depend fundamentally on the independence and freedom of everybody else.
.Re: “When techniques such as these are available, it is very hard to maintain trust that our democracy is operating as it should, and hasn’t been corrupted” True, but it should also be mentioned that they do exist, and will exist from now on. There’s no putting the genie back in the bottle. So even though “it’s very hard to maintain trust…” we must make the effort to live with the “techniques” that are available.
The number of people who listen in keeps expanding. Any police officer can listen in/ get a history of your conversations. Don’t need probable cause, just curiosity perhaps.
If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.
As quoted in The Cyclopedia of Practical Quotations (1896) by Jehiel K̀eeler Hoyt, p. 763
Usually attributed to Cardinal Richelieu.
Someone in power, or someone connected to someone in power, decides he wants to punish you, and they now have a large collection of information that they can use to harass you and prosecute you. It doesn’t matter if it’s something minor that no one else would be punished for, the process itself can be the punishment.
How about this conversation:
We’re leaving early tomorrow for vacation. We’ll be gone a week and the house will be empty.
All this is cannon fodder for AI (artificial intelligence). All bits and pieces are important, irrespective of how significant or insignificant. You might think of yourself and your family as boring and uninteresting but the data collected from your family help AI analyse the patterns, thought processes, behaviour, likes, dislikes, aspirations etc, which in turn help AI to put you & your family members in a general category. This will then used to predict your importance in the society as a whole.
I’m assuming that by “next week” you actually mean “whenever you get around to it.” I’m still waiting for the mineserver update that was promised “in a few days” a couple of months ago.
Please go away til then !
@Daudio – Nope
👍
“Please go away til then !”
.
Geez, if only we had something to keep us occupied in our spare time… y’know, like some sort of miniature computer that could act as, say, a minecraft server!
.
(Also, you first.)
Dude, I come here mostly for the butt hurt Kickstarter supporters.
.
Please just shut UP about that and go somewhere else. I don’t come here to read your whining and it’s putting Robert off even trying to post anymore.
His words are worth listening too. Yours are not.
You are free to shut up your whining and go somewhere else as well. The worth of “Bob”‘s words are subjective. They’re worth a hell of a lot less to me since the Miner-Server fiasco.
And yet you’re here at every opportunity.
The bright side (for Bob) is Bob gets even more clicks from people whining about the Mineserver fiasco.
Then perhaps rather than trying to post, he should finish the Mineservers.
“I don’t come here to read your whining and it’s putting Robert off even trying to post anymore.”
.
Well, gee, color me sad that poor wittle bobbie doesn’t want to post because the mean old backers keep reminding him how he stole $35k from them.
.
Better still, if he’s not posting here, he’ll have more time to finish the Mineservers. Yay!
.
“His words are worth listening too. Yours are not.”
.
Oh, I don’t know that I agree with that in the least. Not that I’m saying my words are especially worth listening to; I just don’t think his are.
None of what was in the documents surprised me. Heck, if the CIA or the NSA wasn’t doing this type of stuff, I’d fire the lot of them. I expect my spy agencies to, you know, spy.
I’ve gone though the documents, and almost all of it is well known. I’d be surprised if most governments or hacking groups didn’t know about it. Most of these vulnerabilities had been well known in the hacker community. Turning on the microphone on a Samsung or Vizio TV to listen to conversations in the room — even with the TV off? I can probably Google for instructions if you’re interested. I’ve even see vulnerabilities in Alexia that allow you to do the same.
What was discussed with Android and iOS have pretty much all been patched. Although with Android, getting those patches can be difficult on a particular phone. There are probably some idiots in the higher echelons of government using unpatched phones that’ll allow their enemies to listen to their every word (cough! Trump! cough!).
The problem is with the rest of the IOT (or as my friend calls them Intelligent Devices on the Internet of Things so he can use the initials IDIOT). We buy these connected devices without one thought about possible vulnerability. Leaked videos from Internet enabled security cameras are found all over the Internet. Computer webcams can be enabled remotely in older versions of the various operating systems. Doors that lock and unlock over the Internet are also vulnerable.
Even things that you don’t think are a security issue can cause problems. What is someone going to do with my Internet enabled lights or my Internet enabled Sous Vide stick? Overcook my roast? Yet, once a hacker has control of a device on your network, they can easily gain access to other devices on that network.
Apple’s HomeKit is a secure approach, but that’s expensive and hard to implement into third party devices. When an Internet enable device is under $100, that extra five or ten dollars it takes to make the hardware HomeKit enabled can be a deal breaker for people. So, most Internet enabled devices take the easy way out. You get a SOC ARM chip, load up a version of Linux or Android, and get HTTP working. Don’t worry about hard coded administrative passwords or other security issues. Just get that sucker to market!
My hope is that this dump will raise the security issues these IOT devices may have, and people will start to insist on secured devices. It took Microsoft almost fifteen years to start taking Windows vulnerabilities seriously. Previously, Microsoft’s main concern was locking people into a Windows environment. When Microsoft realized that they were going to lose customers because of these vulnerability issues, they upgraded the OS to put security first.
I took a look at the dump myself and I agree, there’s very little new in there and the couple of things that appear to be new were completely unsurprising. Basically this just raises the public bar for the communications and entertainment industries – it’s out in the public that all of these devices are open season for anyone.
Maybe this will lead to improved security but I doubt it – there’s no real money in it.
I have several thoughts about this disclosure.
.
1. A possible danger to ordinary people is that thieves might hack into your burglar alarm or IOT and steal your stuff while you are away from home.
.
2. If you have expressed concerns about the corruption or criminal activities of your government, you name might be on a list of subversives to be locked up in the event of martial law or other serious problems in your country.
.
3. If any US spy agencies have broken the law, there needs to be arrests and prosecutions of at least the top people involved.
There was an app called something like RobMeNow, that used what people put on another app about where they are right now, and showed there home address.
At least the Mineservers are completely secure! It is hard to hack something that will probably never ship.
The Cringely security model is unhackable!
[…] En ce moment, la grosse affaire aux USA, c’est Wikileaks et la révélation des outils (logiciels) de la CIA… […]
As a professional technical guy (albeit not in consumer electronics), I’ve always understood that if you want to remain absolutely secure, you must disconnect/disable built-in microphones, and disconnect/disable any built-in camera (a piece of black electrical tape over the lens works great!) on any device that has….and that you would expect to have…a microphone and a camera built into it.
That includes of course smartphones, laptops, etc. You would expect any devices such as these with a MICROPHONE can pick up and record any sound it can hear, and you would expect that any device with a CAMERA will be able pick and record anything it can see. Understood.
But how does a (Samsung) TV…a TV!….”spy” on you? To my knowledge TV’s only have speakers to project sounds, and screens to project images. I know electronics well enough to know that…unlike, say, an electrical motor that can be reversed to become a generator (and vice versa)….a speaker’s operation cannot be “reversed” to become a microphone, nor can a screen/image projecting device be “reversed” to become an image reading device (i.e. a camera).
So….WTF? To me this leaves only one possibility….Samsung had actually built “secret” microphones and “secret” cameras into its TV’s. And if they did, I see a hellwind of lawsuits coming.
Forget the internet connectivity issue, that has nothing to do with it because first you have to be able to monitor someone. And a device can’t monitor sounds without a microphone nor monitor images without a camera. And I’ve never heard of a TV…smart or otherwise….that has those.
What am I missing here?
Many TVs have some form of voice control. Therefore they have microphones. Many have ambient light sensors which could simply be cameras since camera modules are so cheap.
Well, I agree about the voice control, but I’m not so sure about the ambient light sensors. From what I’ve been able to investigate so far, that is strictly a photodiode that responds with varying voltages depending on the overall amount of light energy that is hitting it. It does NOT appear to have the lens/image capture quality that must exist for a device to capture and record actual images…i.e. a camera.
Again, in general I do NOT think that….unlike a speaker (or an electric motor), a picture projection device’s operation can be “reversed” to be used as a camera.
However, from what I’m reading, it seems like it’s a moot point because, apparently, many many of today’s smart TV’s DO in fact come with a small camera installed….just like a smartphone or laptop. I’m not sure why this is the case, but I would say that for anyone who has a smart TV, if you want to protect yourself, the first thingh to do is find that little mini-camera lens and disconnect it or cover it up with a piece of black tape!
See this CNET article for more info & links re the (alleged) Samsung Smart TV Voice Control hack … https://www.cnet.com/how-to/samsung-smart-tv-spying/
All great points, prompting me to do a Google search “how do smart TVs listen”:
https://www.cnet.com/how-to/samsung-smart-tv-spying/
“a speaker’s operation cannot be “reversed” to become a microphone”
.
Incorrect. As a boy, one of the first electronic projects I built was a home intercom
system in which the speakers doubled as microphones. It worked great. Maybe
those little plastic slugs soldered onto computer motherboards wouldn’t work very
well, but a paper-cone speaker three or four inches in diameter makes a very
sensitive microphone.
You are correct, sir, and I apologize for my “senior moment” (it’s amazing how the forgetfulness increases when one hits 60 years old!), I too did a similar experiment back in high-school electronics club (many many years ago) with an old Heathkit, if I recall. A speaker’s construction definitely can capture sound waves in a manner that makes its diaphragm move and….if it can move…it can generate electricity in the coil and that, of course, can be recorded and played back as sound.
So…..one point lost on my part about the speaker/microphone side of things….I’m still pretty positive about the display screen though. And…although I don’t mean in any way to diminish the severity of being surreptitiously spied on strictly by sound….I think there is a greater fear by the public that us being secretly “spied on” by our smart TV is more troubling when the thought is that they can secretly SEE us….rather than just HEAR us.
>>”I know electronics well enough to know that…unlike, say, an electrical motor that can be reversed to become a generator (and vice versa)….a speaker’s operation cannot be “reversed” to become a microphone,”
I’m gonna have to go ahead and disagree with you there.. I believe that physics would allow a speaker to act as a microphone.
Cheap 8 ohm speakers were routinely used as microphones in low-cost CB walkie-talkies, and later in very-low-cost 49 MHz walkie-talkies. Those units had LARGE (many pole double throw) push-to-talk switches that did interesting things to the circuitry to make it all work.
es, Yes, this has been covered thoroughly, you need to please read all responses below my original message before redundantly simply re-stating what had already been specifically pointed out above………..it was my bad, speakers definitely can be used as microphones (albeit not as efficiently as a purpose built mike).
And microwaves, as well. 🙂
So now we know what has held up the Mineservers — The CIA et al are still putting in their back doors.
.
I wonder if one of the “very specific new security approaches” you’ll talk about next week (aka Q3 2018) is never ship any products? It’s secure AND profitable.
@Roger – If you really want to get in touch with Cringley, why not call him? He lists his phone number on this site. You could find out once and for all and report back.
.
If he was a decent person would he respond here or on the kickstarter? Sure, but at this point it’s clearly not happening.
Many people have tried calling him directly and getting in contact with him via MANY other means (multiple sites, multiple email addresses, multiple phone numbers), myself included. He’s not answering/returning any of the communication. Short of showing up on his doorstep, he isn’t granting us any sort of an audience, though it isn’t from lack of trying, I promise you that.
So why doesn’t someone knock on his door then?
@W Smith – I have a better idea. Oh ans by the way, FYI the actual response of Kickstarter is to ignore any and all responsibility.
http://ci.santa-rosa.ca.us/departments/police/Documents/fraud.html
Perhaps if you jammed his internet service. He has written about having a varied setup.
@MikeN – jamming his Internet service would be illegal. I would rather not lower myself to Mark’s level (lack) of ethics.
Well of course. But it would be hilarious to spoof his wifi so when he opens a webpage, it shows
“WHERE ARE THE MINESERVERS?”
“Arguing that you don’t care about privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
– Edward Snowden
If Snowden said that he’s not very logical. I may have nothing to say, but since I care to listen to what others choose to share, I’d like to know their speech is not being curtailed. That said, there is no guarantee the CIA can be trusted not to abuse such power, hence it is of concern. That said, in a world of nuclear weapons and cyber-warfare, we really have no choice except to trust them.
How is that not logical?
The more I consider the statement the more similarities I see… including daisy-chaining the two ( given that privacy is important while researching/developing/discussing topics that rely on the doctrine of free speech to disseminate ). If you consider it further; I would argue that free speech can’t even get out the door without privacy.
Re: “given that privacy is important while researching/developing/discussing topics”. Why? It sounds like you’re saying privacy is necessary because privacy is important.
If you can forgive my tone and re-read my comment maybe my point will be more apparent. Sorry.
There is something very similar to this in nature. Through selective breeding or genetic modification we develop a new strain of plant that is more pest resistant. For a while it works very well in agriculture. Then mother nature finds a way to deal with this new organism. Since farmers tend to plant only one strain of crop seed in time the only insects that survive with it are the ones who are adapting to the new strain. Then surprise! As the insects adapt and multiply the crop is wiped out.
.
In the days before the Internet and smart devices, electronic and cyber eavesdropping was directed at INDIVIDUALS. With the advent of the Internet eavesdropping can be directed at everyone and everything, and by many parties. When you introduce a new technique of surveillance (eg a new strain of plant) on a large scale it is only a matter of time until it is discovered and the world (eg nature) adapts against it.
.
It is very important that we understand the CIA, NSA, and other USA intelligence agencies are not the only ones doing this stuff. Anyone who has managed the cyber security for a high profile Internet connection can tell you probes and attacks come from all over the world — from both government and criminal sources. While many of us have known for years the CIA, NSA, and countless other actors have been doing stuff like this — the mistake the USA government has made has been the SCALE of operation they are conducting. Focused surveillance of small groups of people is hard to detect. Massive surveillance of large parts of the Internet will be discovered, or leaked.
Off-topic, possibly related, could I request please consider enabling SSL for the cringley site, to ensure readers posting comments remain secure in transit, and protect readers from nefarious states and corporations from tracking the content of site page visits and interactions. I and many others can only visit SSL-enabled sites these days, and miss cringley’s content.
Re: “I…can only visit SSL-enabled sites”. Why is that? You seem to be able to visit this site.
@Ronc: with thanks to the Tor project…
In the comments section of the previous Cringely article, Mineserver made this interesting comment about the limited benefit of SSL: “I believe FatStud was referring to traffic analysis which isn’t blocked by SSL. https://en.wikipedia.org/wiki/Traffic_analysis “
@Jen – Using a VPN will block most of the attempts at traffic analysis since all of your network traffic will appear to be to/from the IP address of your VPN provider, not the actual websites that you are visiting. However, if your VPN provider is compromised, all of your traffic will become available. TOR is a more “hardened” VPN provider where your traffic is to/from a larger number of providers. There are TOR exploits so even it isn’t a perfect guarantee of security. Also, your use of a VPN or TOR could be used against you since “you seem to have something going on that you need to hide”.
@Ronc – thanks for the mention
From a consumer protection standpoint, couldn’t a hardware Firewall upstream from a consumer prevent or break the path of the snooping? Outbound traffic isn’t as time sensitive as what is being received in the home so perhaps some intelligent inspecting and flagging of that outbound traffic would turn up at least remote snooping? If they had a van sniffing your WiFi from down the street that would not help but would make casual unfocused snooping too resource intensive..
On second thought, if your SmartTV wasn’t connected to the internet, wouldn’t that prevent remote access/snooping via the internet?
@Greg Asman – Even if you don’t give a smart TV (or other IOT device) access to your password protected WiFi, exploit code could be written to search for and then access any available open WiFi.
That’s an interesting concept I never thought of – open wi-fi nearby could pose a security threat to others with otherwise disconnected ‘smart’ TVs and IoT devices, looking to call home with your accumulated private telemetry and who knows what else… Now that’s some next-level shit right there man… we’re all fu&%ed.
60 minutes on h1b visas, something bob has covered
https://www.cbsnews.com/videos/60-minutes-examines-h-1b-visas-outsourcing-american-jobs/
Kınanın en güzel ve en etkileyici unsuru kesinlikle bindallı ‘dır. Nişanınızda ortamı üzerinizdeki eşsiz tasarımlar ile renklendirebilir muhteşem hatıralar ile geçmişte kalıcı izler bırakmak sizlerin elinde. Kadıköy bindallı olarak bağdat kaftan öncülüğünde tüm düğün organizasyonlarını yürütmekteyiz. Kalitelinin kadıköydeki tek adresine siz değerli müşterilerimizide bekliyor olacağız.
http://bagdatkaftan.com/