WikiLeaks leaks “Vault 7” regarding CIA’s hacking capabilities
March 15, 2017
WikiLeaks commenced its latest series of leaks code-named “Vault 7,” including 8,761 documents and files regarding the United States Central Intelligence Agency’s powerful hacking tools that can target everyday devices including smart televisions, cell phones, and cars.
The U.S. government is potentially surveilling billions of users worldwide, according to the WikiLeaks documents released March 7. This is the largest publication of confidential documents on the agency, with reports of the CIA having the capability to record the sounds, images, as well as the private text messages of users.
Along with spying capabilities, the CIA has also reportedly studied if they could possibly infect vehicle control systems, which WikiLeaks claims could be used to get away with “nearly undetectable assassinations.”
Due to the archive being circulated without authorization amongst current and former U.S. hackers as well as contractors, portions have been provided to WikiLeaks to disclose the first full part of the series, titled “Year Zero.”
“Year Zero” shows the lengths the CIA is going to for their global covert hacking program that includes malware arsenal and dozens of weaponized exploits that target a variety of popular products.
The products included are Apple’s iPhone, Google’s Android, Microsoft’s Windows, and even as far as Samsung Smart TV’s which can be put into a dummy off mode when in reality they are on and acting as a microphone.
“After infestation, ‘Weeping Angel’ places the target TV in a “Fake-Off” mode, so that the owner falsely believes the TV is off when it is on. In “Fake-Off” mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.”
The problem with the CIA creating these weaponized malware is that once a cyber ‘weapon” is created, it can end up spreading around the world in a matter of seconds only to be used by rival hackers alike.
The CIA’s malware and hacking tools are created by Engineering Development Group (EDG), which is a software development group within the Center for Cyber Intelligence.
Along with EDG, the CIA also has a Mobile Devices Branch (MDB) which has developed a number of attacks that would allow them to remotely hack and control popular smart phones allowing the CIA to request a user’s geolocation, audio or text communications, and goes as far as to covertly activate the phone’s camera and microphone without the user being aware.
The MDB ultimately produces malware to infest, control, and exfiltrate data from both iPhones and Google Androids, which are used to run a majority of the world’s smartphones.
The malware allows the CIA to bypass encryption by hacking smartphones and collecting all the data before the encryption is even applied, posing a major threat to national security in the U.S. if similar malware were to get into the wrong hands.
Furthermore, after the Edward Snowden NSA leaks, the U.S. technology industry made a commitment to disclose any serious vulnerabilities, bugs or exploits to Apple, Google, Microsoft as well as other U.S. based manufacturers.
When these vulnerabilities are not reported to the manufacturers, it places a huge risk for all from cyber criminals who may be aware of the vulnerabilities at play, thus taking advantage of the opportunity to hack you.
Even though the U.S. government abides by the Vulnerabilities Equities Process, which basically means they would disclose all pervasive vulnerabilities discovered after 2010, “Year Zero” documents clearly indicate that the CIA breached the Obama administration’s commitments by failing to disclose those vulnerabilities. In doing so, the CIA is able to attack software through undisclosed security vulnerabilities, which can be mimicked by anyone who discovers these same vulnerabilities and they will remain concealed from Apple and Google until the CIA discloses them to allow the vulnerabilities to be fixed. Until then, phones will remain hackable.
“By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone, at the expense of leaving everyone hackable.”