Wikileaks released a data dump of what it is calling as the alleged Central Intelligence Agency (CIA) tools used for hacking into smart devices. The leak is code-named Vault 7 and comprises around 8761 documents, which have been sourced from an isolated high-security network inside CIA’s Centre for Cyber Intelligence.
These documents that have been released primarily deal with techniques that are allegedly used by CIA for hacking and surveillance. These tools are used to break into smartphones, messaging apps as well as other electronic devices such as smart TVs.
What is Vault 7?
Vault 7 is the code-name for the collection of documents that were leaked by Wikileaks, documents that have been sourced from CIA’s Centre for Cyber Intelligence. According to Wikileaks, CIA had recently lost a lot of its hacking tools including malware, viruses, trojans, weaponised ‘zero day’ exploits along with their associated documentations. This comprised over a 100mn lines of code as well. This basically has given the original hacker access to CIA’s tools and software, which is being circulated in an unauthorised manner among former US govt hackers as well as contractors. One such independent entity has provided Wikileaks with part of the entire archive.
What is at stake?
The ‘zero day’ exploits in the data dump include programs to target US and European products. This includes Apple’s iPhone, Google’s Android smartphones and tablets, Microsoft Windows OS along with messaging apps. It even had tools to convert Samsung Smart TVs into covert microphones!
CIA has an Engineering Development Group (EDG) within its software development group called Centre for Cyber Intelligence (CCI). The CCI is part of the Directorate of Digital Innovation (DDI) group, which is one of the give major directorates of the CIA.
A tool called ‘Weeping Angel’ which has been developed by CIA’s Embedded Branch Division (EDB) has been used to infiltrate smart TVs and has converted them into covert, always-on microphones. The Samsung Smart TV attacks mentioned in one of the documents talks about how the Weeping Angel program would trigger a ‘Fake-Off’ mode on the smart TVs. This would make the users think that their TV was off, when in fact it wasn’t and was slyly recording audio conversations. CIA also had plans to infest vehicle control systems that are used by modern cars and trucks.
According to Wikileaks, CIA’s Mobile Devices Branch (MDB) has been instrumental in infecting smartphones via remote hacking and control techniques. The infected phones can send CIA information pertaining to geolocation, audio and text communication and also covertly activate the users’ phone camera and microphone. Apple iPhones and iPads have also been under attack via these malwares. Android smartphones from players such as Sony, HTC and Samsung were also targetted. According to the leak, CIA had around 24 weaponised Android ‘zero days’ attacks ready, which were developed inhouse as well as got from GCHQ, NSA and other cyber arm contractors. According to Wikileaks, some of the programs even let CIA bypass the encryptions on services such as WhatsApp, Signal, Telegram, Wiebo, Confide and so on by hacking audio and message traffic before encryption is applied.
The CIA also has tools to infect Microsoft Windows users by releasing zero-day exploits, air gap jumping viruses which infects software distributed on CD/DVDs, systems to hide data in images and so on. There are tools to infect and control other operating systems such Mac OS X, Solaris, Linux and more.
Some revelations from the leak
CIA has been getting higher budgets and more political prominence over the National Security Agency (NSA) since 2001.
CIA has been building not only its own drone-fleet, but is has also heavily invested in its own team of black-hat hackers. Also the CIA hackers are not obliged to disclose their controversial operations to the NSA. By end of 2016, this hacking division had around 5000 registered users who produced more than a thousand hacking systems, trojans, viruses and other weaponised malware.
These CIA hackers have allegedly written and utilised more code than all that is required to run Facebook.
The time period covered is from 2013 to 2016.
CIA is not anwerable to NSA or anyone else over how it is spending its massive budgets.
Wikileaks has redacted and anonymised a lot of data from the leak which pertains to thousands of CIA targets and attack machines through Latin America, Europe and the US.
This leak, which is being called part 1 of the ‘Vault 7’ claims to have more data than the NSA leaks that were released by Edward Snowden in 2013.
CIA’s Engineering Development Group (EDG) management systems have around 500 different project each with their own set of hacker tools and malware. This is allegedly used for purposes such as ‘penetration, infestation (implanting), control and exfiltration.’
This is the entire table of contents of the data leaked.
Wikileaks claims to have done around 70,875 redactions in total. The redactions include names, email addresses and external IP addresses. Wikileaks, which has in the past released war logs without much redactions had come in for a lot of flak. But with this data dump Wikileaks has taken special precautions and its own time to redact information which could prove detrimental to the objective of the leak.
Additional redactions include: Authors of some of the documentation; redacted names are replaced with user IDs so readers have a track; archive attachments have been replaced with a PDF listing all the file names in the archive; attachments with binary content has been replaced by a hex dump to prevent accidental invocation of binaries; routable IP addresse references; and more.
The motive behind the leak
The leaker that Wikileaks spoke to has questioned whether CIA’s hacking capabilities have gone way beyond the power mandated to it. The source has also made clear that he/she wants to start a public discussion on the ‘security, creation, use, proliferation and democratic control of cyber weapons.’
Julian Assange’s statement on the matter
Julian Assange, WikiLeaks editor said, “There is an extreme proliferation risk in the development of cyber ‘weapons’. Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of “Year Zero” goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective.”
The reason behind the timing
According to Wikileaks, the data leak has been published now because it has been completely verified, analysed and all the redactions have been made.
“In Febuary the Trump administration has issued an Executive Order calling for a “Cyberwar” review to be prepared within 30 days. While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date,” says Wikileaks.