In a major blow to USA’s Central Intelligence Agency (CIA), WikiLeaks yesterday released 8,761 classified and top-secret documents which cover the agency’s global hacking activities which began in an effort to obtain sensitive information.
The documents have been published as part of ‘Year Zero’, the first full part release in a series of leaks by WikiLeaks which will cover CIA’s activities under a (WikiLeaks) program codenamed ‘Vault 7’. This is by far the largest leak of confidential data dealing with CIA.
WikilLeaks has claimed that the leaks emanated from either a former U.S. government hacker or contractors and the files themselves were picked up from an isolated, high-security network which is situated inside CIA’s Centre for Cyber Intelligence at the agency’s headquarters in Langley, Virginia.
A Press release following the publication of the documents by WikiLeaks read “Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency.”
Detailing the nature of documents leaked it reads “Recently, the CIA lost control of the majority of its hacking arsenal. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. “Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products.”
Through the release of the documents, WikiLeaks aims to initiate a public debate about CIA’s hacking capabilities and if it has exceed its mandated powers while echoing calls for a debate about the security, creation, use, proliferation and democratic control of cyberweapons worldwide.
The leak, which is being termed as mildly devastating by cyber security experts, have brought to light CIA’s capabilities in hacking smart phones, computers, laptops, smart TVs and virtually every electronic device using its globe-spanning covert hacking force.
A scroll through the documents revels that specialised malwares, viruses, zero days (developing hacking techniques by using existing vulnerabilities in a system) and trojans were designed to infiltrate user’s private data by hacking Apple’s Iphone, Windows Operating System powered Laptops and computers, Google’s Android powered Smart phones and also Samsung’s Smart TVs.
The documents give an initial impression that these hacked devices were used either as visual or audio surveillance devices giving CIA unmatched eavesdropping capabilities. Most of the malwares were built by CIA’s Engineering Development Group (EDG) which is an integral part of the agency’s Directorate for Digital Innovation (DDI).
CIA itself has declined about the authenticity of the leaked documents but has however acknowledged the impending damage they may cause if they are indeed authentic.
The documents have further indicated that America was actively using its Frankfurt consulate, the biggest such facility, as a forward covert hacking base. The unverified documents further claim that hackers operating out of the consulate were dispatched to Germany as support technicians and had full diplomatic cover and had travelled on ‘Black’ passports. WikiLeaks has claimed that this base was used extensively to mount operations in Europe, Middle East and the African continent.
Germany reacting to these revelations has decided to launch an immediate independent probe and has already communicated to the US government to seek better clarity about the program’s existence and its scope.
The covert program by 2016 had over 5000 registered users. In a chilling revelation, WikiLeaks claims that CIA was seeking to develop malwares to infect control systems of vehicles, which might have been used to mount undetectable assassination programs.
What devices are at risk?
A scroll through the documents reveals that almost every single device which has a connection to the internet is at the risk of being infected by these targeted malwares. According to the documents, CIA had developed specialised malwares and viruses to target specific devices.
While a tool named ‘weeping angle’ was developed to hack into Samsung Smart TVs, a virus named ‘Hammering Drills’ was developed to target computers and laptops using Windows OS.
The ‘weeping angle’ spying tool was developed in close cooperation with British‘s Internal Intelligence agency – the MI5. This tool would effectively convert Samsung Smart TVs into listening devices by remotely triggering microphones which were mounted to enable voice recognition functionality by the company. Samsung, however, in the past had in fine print warned the customers of possible loopholes in its devices.
The documents revels that CIA had for years used a tool termed ‘wreaking crew’ which could be used to crash targeted systems running on Windows OS and through it could momentarily crash the system and then gain temporary access and control over it.
WikiLeaks has further claimed that by possessing capabilities to control Android and IOS devices, CIA had the requisite tools to infect close to 97% of the mobile phones being used globally. Smart phones, tablets and handheld devices once infected could be remotely triggered to emit their active geo-location and would also give the perpetrator access to audio and video functionality of the device. The documents acknowledge that close to 24 weaponised android zerodays (developing hacking techniques by using existing vulnerabilities in a system) had been developed by CIA.
Most of these tools were either built by CIA’s Mobile Devices Branch (MBD) of CCI or was directly acquired from contractors or government funded hackers (?). These tools are known to have had capabilities to flow through even the most advanced firewall and anti-virus software.
Apple reacting to the leaks in a detailed release has rebuffed the concerns and has said that most of the vulnerabilities listed in the leak had already been addressed to in prior IoS updates.
The company further stated “the technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80% of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security update.”
Samsung, whose Smart TVs were targeted according to the documents in a press release said “Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter.”
Should you be worried?
The answer would be a ‘NO’ for most but ‘Yes’ for a few. All these tools, malwares and viruses were widely developed to gain access to popular smart phones, computers and electronic devices used by common public. Hence everyone who is using these devices are at the risk of being exposed to the brunt of these tools.
But, the documents partially hint that these tools were used only as part of targeted surveillance programs and that no mass surveillance programs were floated by CIA. Individuals or organisations involved in illegal activities will surely remain a worried lot.
Was the CIA right in developing and using these tools?
This is one of those questions which promise to evoke debates across all fronts and make rounds in the coming months. CIA is an intelligence agency and is tasked with the crucial task of forewarning America and her allies about any hostile actions being planned by either hostile states or organisations such as Terror groups.
It is necessary that CIA has credible intelligence (information) about the activities of entities deemed hostile by the state. At the core of intelligence gathering efforts of any agency are the use of surveillance devices to pick-up raw data. In this drastically evolving world, where the population is rapidly shifting towards the usage of technology for all activities, a greater impetus has been given by intelligence agencies in developing smarter and sophisticated surveillance techniques and devices.
In a time where agencies are fighting hard to combat ‘online Jihad or radicalisation’, usage of these techniques takes the forefront and partially answers the concerns of the nation. Proper targeted usage of these tools might have in the past and in the future avert attacks on a country.
But, if the documents are authentic and the programs ever existed, the usage of these tools and virtually breaching an individual’s privacy by CIA, still remains a topic of discussion.
© Karthik Kakoor