WikiLeaks opens Vault 7, exposes CIA hacking tools

WikiLeaks has begun a new series of leaks on the US Central Intelligence Agency, code-named Vault 7.

The first full part of the series, “Year Zero”, is made up of a massive amount of over 8,000 documents from an isolated, high-security network located inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.

According to a press release from WikiLeaks, recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. Zero-day flaws are previously undiscovered vulnerabilities in software, which can be exploited to alter the behavior of a product and the WikiLeaks document shows that the CIA has built up a significant stockpile of zero-day flaws to use for surveillance.

“Year Zero” brings forth the weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into undercover microphones.

Here are some of the most important documents set to be brought forth by WikiLeaks:


iPhones, Android devices and smart TVs, the main targets of the CIA malware

It appears that the CIA has developed a software capable of spying on just about every piece of electronic equipment people use, from smartphones to routers and smart TVs. Thus, everything recorded by those devices, from deliberately sent messages, user location to everything we say or do near those gadget’s microphones and cameras can become accessible to the US intelligence agency.

Samsung smart TVs for instance get infected with the “Weeping Angel” malware, developed by the CIA’s Embedded Devices Branch (EDB). Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

Your #TV could be spying on you even when it's off. Find out how from the #WikiLeaks #Vault7 dumps Click to Tweet


Microsoft Windows and Linux users, also targeted

The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools.

Air gap jumping viruses such as “Hammer Drill” infect software distributed on CD/DVDs, removable media such as USBs, and hide data in images or in covert disk and to keep its malware infestations going.

WikiLeaks reveals through #Vault7 that #CIA data on the population is very vulnerable to #hacker attacks Click to Tweet


Vulnerabilities allow for CIA data to be hacked, putting population at risk

The WikiLeaks disclosure brings forth serious vulnerabilities which place a large part of the population at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of these issues.

Furthermore, the agency has exploited bugs discovered in phones and computers running Apple, Google and Microsoft software. Since they never revealed them, they did not enable the companies to fix them and keep their users safe from potential hacker attacks.

WikiLeaks noted that those unfixed exploits affected everyone using the equipment, including “the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers”.


Reactions from Apple, Samsung, Microsoft and Cisco

Apple, Samsung and Microsoft have reacted to the WikiLeaks disclosure which directly affects them. Apple said that it has already addressed some of the vulnerabilities, Samsung emphasized that protecting consumers’ privacy and the security of their devices is a top priority at Samsung, while Microsoft representatives declared to be aware of the report and currently looking into it.

Although Cisco is waiting for more details to be disclosed, the company has released a blog article with a reaction to the initial Vault 7 disclosure and determined the following:

  • Malware exists that seems to target different types and families of Cisco devices, including multiple router and switches families.
  • The malware, once installed on a Cisco device, seem to provide a range of capabilities: data collection, data exfiltration, command execution with administrative privileges (and without any logging of such commands ever been executed), HTML traffic redirection, manipulation and modification (insertion of HTML code on web pages), DNS poisoning, covert tunneling and others.
  • The authors have spent a significant amount of time making sure the tools, once installed, attempt to remain hidden from detection and forensic analysis on the device itself.
  • It would also seem the malware author spends a significant amount of resources on quality assurance testing – in order, it seems, to make sure that once installed the malware will not cause the device to crash or misbehave.


Encryption apps such as WhatsApp, easily bypassed

WikiLeaks also revealed that the CIA has the ability to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

How does the agency do this? Apparently, it hijacks the entire phone and listens in before the applications encrypt and transmit information.

As The Hacker News explains, “it’s like you are sitting in a train next to the target and reading his 2-way text conversation on his phone or laptop while he’s still typing, this doesn’t mean that the security of the app the target is using has any issue.”

The #CIA apparently found a way to bypass the encryption from #WhatsApp, shows #WikiLeaks #Vault7. Get more: Click to Tweet


More information is coming soon

All the over 8,000 documents have not been verified completely. They are being uploaded on WikiLeaks website, so keep looking through the files for even more useful and revealing information.

Bear in mind that the “Year Zero” leaks are just the first in a series of “Vault 7” dumps, according to Julian Assange.

When taken together, those “Vault 7” leaks will make up the biggest intelligence publication in history, claims WikiLeaks.

#WikiLeaks reveals how #CIA hacks our #smartphones. Learn how to keep your personal data safe Click to Tweet


Comments from Edward Snowden and Gus Hosein

NSA-contractor and later whistleblower Edward Snowden said on his Twitter channel that the leaked documents were “the first public evidence” of the US government “secretly paying to keep US software unsafe.” He noted: “The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words.”

Gus Hosein, executive director of campaign group Privacy International, made a similar point: “If the CIA knew of security weaknesses in the devices many of us use – from ‘smart’ phones to ‘smart’ TVs – they should have been working with companies to fix the vulnerabilities, not exploit them.”

Edward #Snowden has called the #CIA hacking program revealed through #Vault7 'reckless beyond words'. Find out… Click to Tweet


CIA’s reaction

The CIA responded to WikiLeaks’ disclosure of the agency’s hacking arsenal on Wednesday afternoon, saying that Americans should be “deeply troubled” by the revelations.

“The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists or other adversaries,” the statement read.

“Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm,” the statement continued.

Get the full statement at this link.


How to keep your smartphone & other smart devices private

Using a VPN can fully encrypt and anonymize one’s Internet activity. Thus, what you access online will be known only by you, in case you do not somehow disclose that information to someone.

The reason for this is easy: CyberGhost VPN, for instance, assigns you one of its very own IPs which you will also share with tens of other users. Thus, it will become virtually impossible for you to be identified online. You can download and use the CyberGhost software for free, but a Premium subscription is recommended for full and faster access to all of the app’s features.

Bear in mind that hardware elements such as microphones and cameras remain vulnerable even when using a VPN though, as well as SMS messages sent via phone operators.

However, to keep your phone/laptop camera from being hijacked, you could disable or obscure it. If you have a smart TV, you can unplug it to stop it from potentially spying on you.

More such advice to come in a future CyberGhost blog article.

About the author

Corina Dobre
Corina Dobre

A professional wordsmith, Corina has improved her writing skills through extensive experiences in journalism, advertising and marketing. Curious by nature, she enjoys learning foreign languages and discovering everything, as well as everyone around her.


Leave a comment
  • if you keep any logs, CIA can hack/bypass cyberghost vpn. We are in danger, i’m using cyberghost vpn for online banking, shopping etc…

    • Hi there! We keep no logs, no need to worry about that. Read further on our no logs policy here . Your online identity is safe with CyberGhost VPN!

  • Just a question….,Is not the whole of my data traffic compulsalry sent by my ISP to the govt “services” for their access and extraction before it is then sent back to my own ISP who will then send it out to the wider world including the Cyberghost VPN server service?
    So in actual, fact, according to govt documents it makes no difference to the authorities whether you use Cyberghost or not because it is already intercepted before it gets to the Cyberghost VPN Server.

    • Hi there, George! To answer your question, no, the CyberGhost VPN service provides a server through which your data passes already encrypted, but all that data is encrypted locally by the application. As with Tor and other similar services, if you have a local key logger or security issue, your data is still vulnerable but not at the connection-side. Even so, your entire Internet connection is encrypted and third-parties shouldn’t be able to identify your IP address or who sent that data. That’s why the local CyberGhost VPN service (linked with the application) cuts your Internet connection before connecting to our servers.

      Also, to provide better protection, we do not allow port forwarding or other services, so that external malicious attempts cannot create a tunnel and extract your data via an open port.

      Should you need further information, please don’t hesitate to drop us a line. Cheers and have a good day!

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

© 2017 CyberGhost