Cybersecurity

4 Takeaways from the Wikileaks 'Vault 7' CIA Leak

From using smart TVs for spying to hoarding IT vulnerabilities

|

Foter.com

Wikileaks released "Vault 7" this morning, consisting of what Wikileaks says is the "largest ever publication of confidential documents" on the CIA—more than 8,000 documents detailing various CIA cyberwarfare and electronic surveillance activities. Wikileaks says it is only the first set of documents to be released, with more to follow as the organization is able to verify and analyze more documents. Wikileaks had promoted the Vault 7 disclosures for some time—the documents were released under the title "Year Zero"; they contain 7,818 web pages and 943 attachments from a development groupware used by the CIA's engineers, and include previous versions of many pages.

Wikileaks says that while President Trump's executive order calling for a cyberwar review did not influence the timing, it did increase "the timeliness and relevance of the publication". Wikileaks noted in its extensive press release that while it highlighted some of the major findings from the documents released so far, more research and investigation would uncover more.

1. The CIA developed malware for iPhone and Android, as well as Windows, OSx, Linux, and internet servers.

According to Wikileaks, the documents show the CIA has a specialized unit specifically for stealing data from Apple products like the iPhone and the iPad, and another unit for Google's Android mobile operating system. These units create malware based on "zero day" exploits that the companies that develop the compromised systems are not aware of. While after the Edward Snowden disclosures the Obama administration promised to share such exploits when agencies like the National Security Agency discovered them, Wikileaks says the documents it released show that has not been the case. Such "hoarding," as is noted by Wikileaks and has been long noted by critics of cyberwar tactics, can exacerbate security risks—any exploit the CIA can use to compromise a U.S. system foreign powers can also.

The malware the CIA has developed for iPhones and Android phones allow, according to Wikileaks, "the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the 'smart' phones that they run on and collecting audio and message traffic before encryption is applied." This doesn't mean the CIA has cracked the encryption of any specific application, but rather that it has made such encryption obsolete for phones it is able to compromise with its malware. According to Wikileaks, other CIA efforts target Microsoft Windows, Linux, and internet infrastructure and webservers. Wikileaks also details efforts by the CIA to develop a "Fake Off" mode to use on Samsung smart televisions in order to turn them into effective surveillance devices, as well as conceptual efforts toward taking remote control of "smart" vehicles.

2. The CIA has a "menu" of hacking tools for its assets to use, as well as "fingerprints" of other states.

A questionnaire under the program "Fine Dining" allows CIA case officers to identify their specific needs and receive hacking tools tailored to them. The list of possible targets includes asset, liaison asset, system administrator, foreign information operations, foreign intelligence agencies and foreign government entities. "Notably absent," Wikileaks points out, "is any reference to extremists or transnational criminals."

The CIA's UMBRAGE group also keeps a "substantial library of attack techniques 'stolen' from malware produced in other states," Wikileaks notes, helpfully adding that that includes Russia. Such a library of digital fingerprints, which Wikileaks compares to a distinctive knife wound, could help "misdirect attribution." Questions over just how Russia-specific purported Russia-specific telltale signs in the DNC hacks were fuel much of the suspicion about the certainty of the accusations against Russia.

3. The archive Wikileaks released was likely passed around among former U.S. hackers and contractors.

Wikileaks warns that the "CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation," and that the documents it was publishing it had received from a former U.S. government hacker or contractor, a community within which the documents had been previously circulation.

"There is an extreme proliferation risk in the development of cyber 'weapons,'" Wikileaks noted in its press release. "Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade." According to Wikileaks, the documents it released were not considered classified information because the nature of malware requires code to be left on target computers—handling classified information in such a way is prohibited.

4. The CIA appears to have duplicated the NSA's cyberwarfare efforts to avoid information sharing.

According to Wikileaks, for years the CIA has been developing "its own substantial fleet of hackers," one that has "freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities."

The CIA, Wikileaks explains, "had created, in effect, its 'own NSA' with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified."

It calls to mind the quote from the 1996 film Contact: "First rule in government spending: why build one when you can have two at twice the price?" Especially if it's secret!

NEXT: Obamacare Replacement Bill Pleases No One, Women Go on Strike: P.M. Links

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. The CIA’s UMBRAGE group also keeps a “substantial library of attack techniques ‘stolen’ from malware produced in other states,” Wikileaks notes, helpfully adding that that includes Russia. Such a library of digital fingerprints, which Wikileaks compares to a distinctive knife wound, could help “misdirect attribution.” Questions over just how Russia-specific purported Russia-specific telltale signs in the DNC hacks were fuel much of the suspicion about the certainty of the accusations against Russia.

    The Deep State wanted Trump? Dar Adal is so forward thinking!

    1. Remember, the “evidence” that the Russians were the ones who hacked the DNC server was that the intrusion came from a Russian-based server. Yes, the media and the Democrats actually claimed with a straight face that Russian intelligence hacked the DNC and was not bright enough to do so from a server outside of Russia.

      When you are dealing with national intelligence agencies, anyone who claims they can attribute the actions is either an idiot, lying or both.

      1. Everyone knows it was Nixon and Reagan who robbed the bank. You can see their faces on the tape.

      2. All the more reason for a special prosecutor and a more vigorous investigation to set us all straight John, but it’s pretty fucking clear that’s the last thing you or Trump wants.

        1. Wait… what’s the reason for a special prosecutor?

          To investigate claims made on TV backed by no evidence? Seems a little gun jumpy.

          1. If the Democrats want to take down Trump, they will wait until they have something a bit stronger than the accusations of hysterics. But taking down Trump, while it would please them, isn’t the actual goal – at least I believe it isn’t.

            The Democrat establishment pulled some very smelly stunts to get Hillary the nomination. The voters – at least a large bunch of Democrat voters – wanted Uncle Bernie. But the panjandrums didn’t want Sanders. They wanted Her Shrillness. So they arranged it in a Tammany Hall a bit of shenanigans as anything they’ve pulled on their own people this (admittedly young) century.

            Now, if Hillary had won the general election, they could probably have smoothed that over. She didn’t. And a lot of Democrat voters are very, very angry. And the Democrat establishment desperately wants them to be angry at somebody other than the Democrat establishment. So they are flailing away at Trump, hoping nobody (on their side at least) will remember that if anyone did any stealing this election, it was THEM.

            Will they succeed in getting the base all ready to accept another had picked (and probably pretty bad) anointed one in 2020? We shall see. They’d better come up with somebody a little more exciting and a tad less loathsome than Hillary “I really should be wearing orange” Clinton.

      3. Fun fact: Russia has a pretty big population of hackers working for organized crime. Including a lot of phishing operations.

        “Russian server” is more likely to point to Russian mobsters than Russian hackers.

      4. … Russian-based server

        Ukraine-based server, but close enough.

  2. Ed, you rock. Already saw this but thanks for posting.

  3. According to Wikileaks, for years the CIA has been developing “its own substantial fleet of hackers,” one that has “freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.”

    Ed, that is not about paying twice the price for something. That is about how dysfunctional the US IC is. The CIA did this because NSA wouldn’t share its information with the CIA and the CIA didn’t want to share its information with the NSA. These organizations all hate each other. They don’t share information with each other much less law enforcement or the military or anyone who could take any action based on it. They are all worthless.

    1. So it’s like the Bureau of Reclamation and the Army Corps of Engineers.

    2. Yeah, but if it was all reduced to one single agency, then the 1st floor would be hating the 2nd floor crowd, or those who took lunch hour at 11:30am would be denounced because they hogged the best food before the Nooners could get it.

    3. No John, you dolt… its about the CIA doing this in extralegal fashion, and keeping all of this unclassified as to avoid normal intelligence agency oversight.

      This is about the Obama administration being shady and criminal as fuck. That’s what THIS is about.

  4. “Notably absent,” Wikileaks points out, “is any reference to extremists or transnational criminals.”

    Questions over just how Russia-specific purported Russia-specific telltale signs in the DNC hacks were fuel much of the suspicion about the certainty of the accusations against Russia.

    Why do I find it impossible to believe the idea that an Agency that shows absolutely no compunction about hacking foreign assets of every stripe never once conceived of the idea of even Red Teaming it’s own devices? Even if only those devices were in the employ of a foreign power.

    Also, while Russia is relevant, these disclosures cover at least the last 1.5 administrations.

    1. Seatec Astronomy

      1. Cootys rat semen

  5. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother. I Love Big Brother.

    1. No matter how many times you say it, Big Brother knows whether it’s sincere or not.

      This sounds as sincere as Scott Adams’ endorsement of Hillary.

  6. Thanks Ed. I’m glad you’re giving this story it’s space.

    1. Agreed.

  7. There have been different takes on this, but mine (based only on a superficial read of the stuff) is that there’s little actual new information here.

    People knew any networked device was “hackable” long ago.
    Snowden mentioned that Iphones have been vulnerable since inception.
    Agencies using other people’s signatures to mask their own activity is simply old-style espionage tactics being applied to a digital environment. Its also not a practice limited to Americans; the 2015 report about Russian cyber-espionage mentioned that it was standard practice for many govt-connected groups to borrow toolkits from other countries or from commercial-hackers for their own espionage activities.

    if anything all the dump really seems to indicate is that there’s even less reason to assume that ‘Russian’ hacking is at all unique or different than what the US already does.

    Particularly in context of their (little covered here or elsewhere) allegations that the CIA had meddled in the 2012 French elections

    It does seem like the point of all this is simply to make the US Govt’s claims about ‘Russians’ seem a bit weak-tea in context. It doesn’t do anything to deny russian activity, but it simply shows that “everyone has their fingers in other people’s stuff”

    1. Unless it’s the Russians who provided WikiLeaks with the stolen documents. Then it intensifies America’s (and Trump’s) “Russia problem.”

      1. How so?

        We know the CIA is able to mask its action and have it appear Russia was doing it.

        How is this a Trump issue at all? He’s been President for a month and a half.

        I thought the Church Committee overdid its controls on the CIA. It now seems clear they didn’t go far enough.

    2. Hypothetical vs specific.

    3. if anything all the dump really seems to indicate is that there’s even less reason to assume that ‘Russian’ hacking is at all unique or different than what the US already does.

      It’s been obvious since the early days of cracking that once one cracker got an exploit, others would too, and zero day exploits which were truly known to only one group on day zero were known to all within a day.

      Because there isn’t just one zero day exploit, I bet all crackers have cracked into all other cracker’s computer and know almost everything that is going on.

      This of course includes the CIA, NSA, MIn, and whatever other State groups want to jump in the pool. Hackers are nothing if not a group of kids having fun with State protection and no downside, and they will tell each other everything, just as all kids do when playing games.

  8. Who here will stop using his smart phone, TV and home computer because of this criminal hack?

    1. Who here will stop using his smart phone, TV and home computer because of this criminal hack?

      All the time or just when I repeatedly take trips to the Northwest that keep ending in tragic boating accidents?

    2. Not me, but I hope you stop using your internet access.

  9. I will splinter the CIA into a thousand pieces and scatter it into the winds.

    John F. Kennedy : I think that no president since will ever even think of shuting down them just because of the conspiracy surrounding the assaination

      1. Whoa are you allowed to post in not your own?!?!

      2. Thanks for the link I looked up this Senator Daniel Patrick Moynihan and was surprised to find out who succeeded him on jan 4 2001 [hillary clinton] and just for fun i looked up that lone gunman episode was aired on march 4 2001

      3. That’s a great article, Ron.

        1. Indeed, excellent article. Ron is awesome.

  10. The CIA seems very upset that someone in their org leaked this.

    Nobody seems too upset that the CIA is engaged in blatantly illegal surveillance.

  11. The writer asks why the CIA and NSA don’t share all their intelligence gathering techniques with each other. This compromise of so many CIA techniques, if accurate, answers his question.

    Were the CIA really dumb enough to leave their crown jewels in easily-lost digital form after the Snowden leak? Or is this data from pre-Snowden times only?

    1. Through 2016.

  12. So basically spy agencies spy on people?

    1. It’s even worse. They spy on computers.

    2. Except for political candidates. It’s totally crazy to think that spy agencies spy on those people.

  13. The Bombshell of the Century seems to have fizzled like a wet Roman candle.

  14. just before I saw the receipt that said $7527 , I accept that my mom in-law wiz like actually making money in there spare time from there pretty old laptop. . there aunt had bean doing this for less than twenty months and at present cleared the dept on there apartment and bout a great new Citroen CV . look here…..
    _________________+_+_+_+_+… .. http://www.cashneways.com

  15. No more watching TV in my underwear, damn it!

  16. My Uncle Nolan recently got Infiniti G Sedan by working part-time from a macbook… go to
    the website…………. https://tinyurl.com/5days-job

  17. Most of us want to have good income but dont know how to do that on Internet there are a lot of methods to earn huge sum, but whenever Buddies try that they get trapped in a scam/fraud so I thought to share with you a genuine and guaranteed method for free to earn huge sum of money at home anyone of you interested should visit the page. I am more than sure that you will get best result. Best Of Luck for new Initiative!

    ,,,,,,,,,,,,,,,,,,,,,,,,, http://www.moneytime10.com

  18. I read your entire article and I genuinely like it.
    Remove Unwanted App Permission to use Lucky Patcher

Please to post comments

Comments are closed.