WikiLeaks dropped a bombshell on Tuesday, March 7th when it began a new series of leaks on the U.S. Central Intelligence Agency. Code-named Vault 7, Year Zero is the first series and is comprised of 8,761 documents and files from inside the Central Intelligence Agency’s (CIA) high-security network. Below are 7 revelations from Vault 7.
Independent confirmation of the leaks has not been established yet, but most experts agree the documents appear to be legitimate.
1. Stolen Weapons
Protecting digital weapons is exponentially more difficult than protecting physical weapons like a nuclear bomb or an F35 fighter jet. The same hacking tactics used by the CIA and NSA have been, and will continue to be, turned against them to steal and manipulate digital weapons.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day"exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
While digital weapons won’t cause the kind of mass destruction that a nuclear bomb will, they can massively affect the political landscape of entire countries.
2. The CIA Knowingly Left Vulnerabilities Exposed
During the Obama Administration, the U.S. technology industry secured a commitment that U.S. government entities would disclose zero-days, exploits, bugs, or other serious vulnerabilities to Apple, Google, Microsoft, and other U.S.-based manufacturers. However, ‘Vault 7’ exposes the CIA for continuing to hoard these zero-day vulnerabilities rather than disclosing them.
3. Don’t worry they aren’t spying on you - Probably
Spying, it’s what the CIA and NSA are all about, right? Vault 7 shows that spying has been taken to an entirely new level. The days of agents physically placing a bug (listening bug) are gone. They can now exploit a software bug in your iPhone from anywhere in the world and begin listening in on every conversation, email, and text message exchange.
The CIA’s Mobile Devices Branch (MDB) developed hacking tools designed to remotely hack and control smart phones. The infected devices are used to send the CIA the user’s location, audio, and text communications as well as activate the phone’s camera and microphone without the user’s knowledge. For Android devices specifically, 7 Vault shows that as of 2016, the CIA had 24 weaponized Android ‘zero-days’ which enable the CIA to bypass encryption in applications such as WhatsApp, Signal, Telegram, Wiebo, Confide, and Cloackman. The zero-days are used to collect audio and messages on the user’s devices before the encryption is applied in the application.
As far as the Smart TVs are concerned, an attack named ‘Weeping Angel’ was developed by the CIA’s Embedded Devices Branch (EDB) which infects Smart TVs and transforms them into microphones. ‘Weeping Angel’ places the infected TV in a ‘Fake Off’ mode so the user believes the TV is off when it’s actually still on. In this mode, the TV records conversations in the room and proceeds to send them over the Internet to a CIA server.
These are very targeted efforts and not mass recording systems, so unless you are on the CIA’s radar they aren’t likely listening in. The question becomes, do we want any entity to have the power, with no oversight, to start listening in any time they want?
4. Fingerprinting
No, not your actual fingerprints. In a document titled ‘Tradecraft DO’s and DON’Ts,’ WikiLeaks outlines the CIA’s rules on how its malware should be written to avoid leaving fingerprints. By doing this, they are ensuring that the CIA, U.S. government or its partner companies can’t be traced back in the event that the malware undergoes a forensic review. The reason for doing this is because of what happened to the NSA when their spying was uncovered and released by Edward Snowden.
To further alleviate the chance of an attack being traced back to the CIA, an entity of the Remote Devices Branch named UMBRAGE collects and maintains a massive library of attack techniques that are stolen from malware produced by other nations. This not only allows the CIA to have a greater number of attack techniques, but also allows them to place ‘fingerprints’ of these attacks behind. By leaving these fingerprints, forensic analysis of an attack will lead investigators back to the group the technique was stolen from, instead of leading them to the CIA.
5. Tip of the Iceberg
Year Zero is just the tip of the iceberg of the Vault 7 series of leaks. The first part of the series, covered here, goes by the name of Year Zero. Year Zero introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal, and dozens of zero-day weaponized exploits against a wide range of U.S. and European technology products. Since 2001, the CIA has been building its own fleet of hackers. Its hacking division freed the CIA from having to disclose their often controversial operations to the NSA in order for them to increase the hacking capacity over the NSA.
The CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CII), has over 5,000 registered users as of the end of 2016. The division has produced more than a thousand hacking systems, has less accountability than the NSA, and doesn’t have to answer questions on their massive budgetary spending.
6. 22,000 U.S. IP Addresses
WikiLeaks, in a surprising moment of restraint, redacted massive amounts of the leaked documents. Over 70,000 names, email addresses, and external IP addresses were redacted from the released pages. It is presumed this was done to protect individuals and allow vulnerabilities to be patched before being released to the masses.
22,000 public IP addresses in the United States are redacted from the documents, so it’s clear that the CIA’s targets aren’t only foreign. It isn't clear what these 22,000 U.S. IP addresses were being used for.
7. More Vulnerable Than Ever
The hacking division of the CIA has produced more than one thousand hacking weapons. The CIA lost control of their extensive arsenal, and the malware is now available for cybercriminals and friends and enemies of the state to use as they please if and when they get their hands on it. This leaves everyone, from the everyday citizen to the CIA itself, more vulnerable than ever to a cyberattack. It’s likely that these weapons are the most sophisticated of their kind, leaving the possibility of the biggest and most dangerous cyberattack that we have ever seen to be very likely. You would think the CIA would have an unbreakable cybersecurity system in place. Apparently not. Thanks, CIA.
By hoarding these zero-days, the CIA is placing manufacturers, the general population, and critical infrastructure at massive risk to foreign intelligence or cyber criminals.
Basically, if the CIA can discover these vulnerabilities, experienced hackers can as well. The point of disclosing vulnerabilities to the technology industry is so they can fix or patch the vulnerability to prevent attacks from happening.
Final Thoughts:
If the CIA, NSA, and other U.S. government entities were required to disclose hardware and software vulnerabilities, would they spend billions of taxpayer dollars doing so? I would argue that they would not. This would leave those vulnerabilities undiscovered or more likely discovered by the very cyber criminals and enemies the CIA is after.
It has been shown time and again that digital weapons can’t be protected. We need a system in place that allows the CIA to do their job while still protecting the masses from cyberattack. There are no easy answers to this debate. I’m sure many of you have the solution, so please share your insights in the comments below.
