WikiLeaks Vault 7 reveals staggering breadth of ‘CIA hacking’

David Glance | (The Conversation) | – –

WikiLeaks today released what it claims is the largest leak of intelligence documents in history. It contains 8,761 documents from the CIA detailing some of its hacking arsenal. The Conversation

The release, code-named “Vault 7” by WikiLeaks, covers documents from 2013 to 2016 obtained from the CIA’s Centre for Cyber Intelligence. They cover information about the CIA’s operations as well as code and other details of its hacking tools including “malware, viruses, trojans, weaponized ‘zero day’ exploits” and “malware remote control systems”.

One attack detailed by WikiLeaks turns a Samsung Smart TV into a listening device, fooling the owner to believe the device is switched off using a “Fake-Off” mode.

The CIA apparently was also looking at infecting vehicle control systems as a way of potentially enabling “undetectable assassinations”, according to WikiLeaks.

One of the greatest focus areas of the hacking tools was getting access to both Apple and Android phones and tablets using “zero-day” exploits. These are vulnerabilities that are unknown to the vendor, and have yet to be patched.

This would allow the CIA to remotely infect a phone and listen in or capture information from the screen, including what a user was typing for example.

This, and other techniques, would allow the CIA to bypass the security in apps like WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by collecting the messages before they had been encrypted.

If it is true that the CIA is exploiting zero-day vulnerabilities, then it may be in contravention of an Obama administration policy from 2014 that made it government policy to disclose any zero-day exploits it discovered, unless there was a “a clear national security or law enforcement” reason to keep it secret.

Another potentially alarming revelation is the alleged existence of a group within the CIA called UMBRAGE that collects malware developed by other groups and governments around the world. It can then use this malware, or its “fingerprint”, to conduct attacks and direct suspicion elsewhere.

Year Zero

According to WikiLeaks, this is only the first part of the leak, titled “Year Zero”, with more to come.

WikiLeaks’ press release gives an overview on the range of the hacking tools and software, and the organisational structure of the groups responsible for producing them.

WikiLeaks hasn’t released any code, saying that it has avoided “the distribution of ‘armed’ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should [be] analyzed, disarmed and published”.

WikiLeaks founder, Julian Assange, made a statement warning of the proliferation risk posted by cyber weapons:

There is an extreme proliferation risk in the development of cyber “weapons”. Comparisons can be drawn between the uncontrolled proliferation of such “weapons”, which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of “Year Zero” goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective.

There hasn’t been time for there to be any validation that what WikiLeaks has published is actually from the CIA. But given the scale of the leak, it seems likely to be the case.

WikiLeaks has indicated that its “source” wants there to be a public debate about the nature of the CIA’s operations and the fact that it had, in effect, created its “own NSA” with less accountability regarding its actions and budgets.

This release of documents from the CIA follows on from a much smaller release of some of the NSA’s “cyber weapons” last year. In that case, the hackers, calling themselves the “Shadow Brokers”, tried to sell the information that they had stolen.

At the time, it was thought that this hack was likely to be the work of an insider but could have also been the work of the Russian secret services as part of a general cyber campaign aimed at disrupting the US elections.

This release also follows the much larger release of NSA documents by Edward Snowden in 2013.

While WikiLeaks may have a point in trying to engender a debate around the development, hoarding and proliferation of cyber weapons of this type, it is also running a very real risk of itself acting as a vector for their dissemination. It is not known how securely this information is stored by WikiLeaks or who has access to it, nor how WikiLeaks intends to publish the software itself.

WikiLeaks has redacted a large amount of information from the documents – 70,875 redactions in total – including the names of CIA employees, contractors, targets and tens of thousands of IP addresses of possible targets and CIA servers.

Damage done

The damage that this release is likely to do to the CIA and its operations is likely to be substantial. WikiLeaks has stated that this leak is the first of several.

How the CIA chooses to respond is yet to be seen, but it is likely to have made Julian Assange’s chance of freedom outside the walls of the Ecuadorian Embassy even less likely than it already was.

The fact that the CIA would have an arsenal of this type or be engaging in cyber espionage is hardly a revelation. WikiLeak’s attempts to make the fact that the CIA was involved in this activity a topic of debate will be difficult simply because this is not surprising, nor is it news.

The fact that an insider leaked this information is more of an issue, as is the possibility of it being another example of a foreign state using WikiLeaks to undermine and discredit the US secret services.

US intelligence officials have declined to comment on the disclosure by WikiLeaks, in all probability because they would need to analyse what information has actually been posted and assess the resulting damage it may have caused.

David Glance, Director of UWA Centre for Software Practice, University of Western Australia

This article was originally published on The Conversation. Read the original article.

——-

Related video added by Juan Cole:

Al Jazeera English: “WikiLeaks exposes alleged CIA hacking programme”

Shares 0

4 Responses

  1. and this is news???? hey this knowledge about technology has been out for some time. do democracies spy on their own citizens, you bet, regardless of what they tell you.

  2. “The fact that an insider leaked this information is more of an issue, as is the possibility of it being another example of a foreign state using WikiLeaks to undermine and discredit the US secret services.”
    This is not the patriotic Snowden act of revealing potential violation of citizen rights, rather this is a punch-in-the-gut to the counter intelligence community and seems highly probable that it comes from foreign adversary or enemy of the state (e.g. White House… hah!).

  3. Like almost every outlet and pundit covering this story, the author focusses entirely on the content of the hacks while completely foregoing what Wikileaks themselves see as the most damaging factor:

    “Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

    It is not about WHAT this software can do, it’s about WHO controls it.
    As a non-US citizen completely devoid of american exceptionalism, I wholeheartedly welcome anyone opposing the proliferation of hundreds of millions of dollars worth of stolen/copied weaponized software.

    After all, if even the CIA themselves can’t keep track of who has what, there should be no doubt in anyones mind that a lot of these tools have been bought, sold and used by people with anything but the general public’s best interest in mind.

    The only way to ‘fix’ a vulnerability is to expose and patch it, so the hacker has to start over. For that reason alone I hope Wikileaks goes even further than they already have.

    Beyond that, I still disagree that these leaks brought ‘nothing new’ to the table.
    Was it general knowledge that TVs were not only hackable, but effectively hacked? Or that the tech existed to make a hack look like that of another state actor?
    Before, these things were educated guesses at best, conspiracy theories at worst.
    Now they are actual proven facts.

    I can’t wait to see the other 99% of Vault7.

Comments are closed.