WikiLeaks is releasing thousands of documends and files that the organization claims comprise the most of the CIA’s hacking tools.
The organization calls the group of materials “Vault 7,” and plans to release nearly 9,000 items eventually, starting with today’s “Year Zero” release. The full Vault 7 archive is said to include viruses, trojans, and other malware used to spy on people through their phones, computers, and even smart TVs.
While WikiLeaks says it’s taking steps to make sure that “weaponized” software isn’t released to the public (so that people won’t be able to use the tools to conduct their own spying), the organization says the way it obtained the data shows that it was already out of the hands of the CIA.
WikiLeaks claims “the archive appears to have been circulated among former US government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
The source is said to be doing that because of a belief that the CIA exceeded its authority and that there should be a “public debate about the security, creation, use, proliferation, and democratic control of cyberweapons.”
The CIA has not verified the authenticity of the documents. In statements to several news organizations including the New York Times and Washington Post, a spokesperson said the agency does not comment on “the authenticity or content of purported intelligence documents.”
Among other things, the documents allegedly show that the CIA has tools to:
- Bypass encryption used in mobile communications apps such as WhatsApp, Signal, Telegram, and Weibo (not because those services have been hacked, but because if your phone is compromised, messages can be intercepted)
- Covertly turn on smartphone cameras and microphones
- Bug users of Samsung Smart TVs by turning on the mic when it looks like the TV is off
- Infect and control Windows, Mac, and Linux computers and target routers
WikiLeaks also claims that the CIA has hoarded a series of “zero day” vulnerabilities, which basically means the spy agency has discovered various security holes in various products and failed to disclose them to the companies responsible. This increased the CIA’s ability to spy, but puts user privacy and security in jeopardy, since third parties that become aware of the same vulnerabilities could also make use of them.
It isn’t immediately clear to me if the documents allege that the CIA actually used any of these tools to spy on people without proper government authorization. But the hoarding of exploits and the fact that the documents are said to be already be in the wild and beyond the control of the CIA both present cause for concern.
Expect to see a lot more analysis of the “Vault 7” leak in the coming days, weeks, and months as security, privacy, and legal experts examine the documents more thoroughly.
Interestingly, some of the documents aren’t so much about nefarious hacking as useful tips for CIA officials trying to perform certain functions. For example, here’s a guide on how to share a PC’s internet connection with an Android phone… which seems to have been copied from an xda-developers thread.
This Assange guy.. at the very start I thought it was perhaps interesting what he was doing, but the one sided vendetta he has and the massive ego he’s demonstrating, and the complete lack of personal responsibility.. I don’t know..
I could see a situation where I’d start punching him in the face and never get bored. It could turn into a hobby. Some people may even pay me to perform this public service.
^ Comment above is by NSA, FBI, or CIA contract worker.
^ Comment above is by teh FSB, state sponsored hacker group or Donald Trump.
Some of Assange’s former colleagues at Wikileaks have also turned against him. I certainly believe that the Russian agencies used him to their own advantage during the election campaign, and the fact that he didn’t realize this (or, worse, knew but didn’t care) speaks volumes.
As for this leak. I’m going to wait an see what the security experts make of it all before passing judgement. It should come as no surprise that the CIA is doing all it can to find ways to infiltrate networks and devices. That’s never going to change. As always, it’s not the technology that’s going to determine whether or not we live in an oppressive surveillance state (the Soviet and East German regimes operated them with virtually no modern technology at all), it’s the strength of our civil society and our institutions, and it looks like these will be sorely test over the next four years.
Already, there are more than a dozen laws around the country being introduced that greatly increase penalties for civil disobedience and disturbances at public demonstrations (all written by the GOP, by the way) including in Arizona, making it a felony conspiracy under the RICO act to have organized a peaceful protest that turns violent (even if you had nothing to do with the violence!). Any one of those laws, if passed (and they probably won’t, fortunately) is more dangerous to our freedom than the CIA having the ability to hack into someone’s camera phone.
Aman brother, aman.
Comments are closed.