Yesterday, Wikileaks announced the release of their Vault 7 file release on Twitter. The release contains 8,761 documents from the CIA’s Center for Cyber Intelligence. The tweet included a link to the torrent of the file along with instructions on how to access the release. Wikileaks has provided a press release and basic analysis of the Vault 7 leaks which can be viewed here.
The release indicates a number of things:
1) The CIA has been hacking devices and accessing the personal information of all Americans for some time now.
2) The CIA has hoarded technology exploits for use in intelligence gathering rather than promoting the closing of vulnerabilities. This has resulted in the public holding severely compromised hardware and software, which can be exploited by enemies of the United States and criminals.
3) The CIA was careless with the information on these exploits and the information was leaked to foreign states, effectively resulting in a complete loss of the CIA’s arsenal to foreign entities.
4) The CIA can use subsets of hacking techniques to effectively frame third parties for attacks; saying that the hacking techniques are like “fingerprints.”
5) Users online are starting to examine specific attack methods to see if they may have been responsible for real world occurrences that members of the public suspected were the result of intelligence operations.
A list of highlights from the release, along with relevant screenshots from the documents, can be found below:
- The CIA is able to hack car computer systems and use them in nearly undetectable assassinations. The same principle could be applied to airplanes as well. This raises questions about a number of suspicious deaths involving vehicles, including that of journalist Michael Hastings.
- The CIA can mask the identity of its malware and masquerade it as belonging to foreign intelligence agencies. They also maintain a substantial library of attack techniques to mimic other agencies, including those of the Russian Federation. This would allow them to stage a hacking attack and attempt to blame it upon another state actor.
- The CIA’s malware targets iPhones, Androids, and smart TV’s. Any microphone or camera-equipped device is remotely controllable. This can even be done when a device is in standby mode. The vulnerability into Samsung smart TVs was developed in collaboration with MI5.
- The CIA should have disclosed the major vulnerabilities it exploited, but failed to do so in breach of the Obama administration’s commitments. Many of the vulnerabilities are “pervasive” and have since been discovered by rival intelligence agencies and cyber criminals.
- The US Embassy in Frankfurt, Germany is the center for CIA hacking efforts in Europe. Agents are issued “black” diplomatic passports and given instructions on how to enter the country without attracting undue attention.
- The CIA’s negligent handling of their cyber weapons has created a serious proliferation risk. The majority of its hacking arsenal has been leaked and documents show that their hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and other documentation is known to be in the hands of former U.S. government hackers and contractors in an unauthorized manner. One of these individuals provided Wikileaks with the archive.
- The CIA’s toolkit includes successful attack methods against most well known antivirus programs. Instructions include detailed Powerpoints with instructions and lists of vulnerabilities.
- The CIA toolkit includes the ability to steal passwords “saved” by Internet Explorer.
- The CIA’s hacking tools are unclassified and non-copyrighted, meaning they can be legally downloaded in most countries.
- The CIA has capabilities allowing it to access encrypted information on messaging apps Whatsapp, Signal, Telegram, Wiebo, Confide and Cloackman. Wikileaks has clarified does not mean that apps like Signal are unsafe, but the exploits allow Android/iOS to be cracked, bypassing applications’ security measures.
- A document shows CIA guidelines for users on how to “shill” or post covertly online to distract other users.
- User guides 1 and 2, on how to use CIA malware to infest Windows, Linux and other operating systems.
- A list being proliferated online showing multiple CIA programs and toolkits, with names such as Rainmaker, RickyBobby and Fight Club.
- A document reveals that the U.S. government is paying for critical vulnerabilities in devices, then failing to disclose them in order to spy on journalists and human rights groups.
- The CIA hacks its own double agents (“liaison asset”) so frequently, they’re on a check box ‘menu’ of popular attacks.
- Guidelines from the CIA on how to skip the Windows 8 product key activation process, making it possible to pirate the operating system.
- A classified list of Android/Chrome vulnerabilities/zero day exploits.
- A chart constructed by Wikileaks showing the organizational structure of the CIA.
- Development of a covert device to rapidly copy 3.5″ floppy disks. Systems such as dams, power plants and satellite dishes still use 3.5″ floppy disks for offline databases, especially in “undeveloped” countries. It is unknown as to what exactly this capability was being used for.
- A CIA tool allowed infected Android phones to bulk-spy on WiFi networks around them. A Reddit post has broken down the process, identifying the “survey app” responsible for data collection which is initially launched through another app called Apollo, a “music player app” found on the Google Play store. It has also identified the individual likely responsible for creating the app on behalf of the CIA.
- The creators of chat application Telegram have released a statement explaining that while their app is secure, the vulnerabilities of the operating systems they run on will always present issues for security. They have called on device and operating system producers Apple, Google, and Samsung to respond with fixes to these issues.
- A CIA cable details how malware techniques were stolen and repurposed from malware in foreign states.
- The CIA classified documents on hacking to avoid having their hacking attacks attributed to the CIA by law enforcement.
- CIA bragged that they had the “dankest trojans” and collection tools for use against Windows.