WikiLeaks has begun a new series of leaks on the US Central Intelligence Agency, code-named Vault 7.
The first full part of the series, “Year Zero”, is made up of a massive amount of over 8,000 documents from an isolated, high-security network located inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.
According to a press release from WikiLeaks, recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. Zero-day flaws are previously undiscovered vulnerabilities in software, which can be exploited to alter the behavior of a product and the WikiLeaks document shows that the CIA has built up a significant stockpile of zero-day flaws to use for surveillance.
“Year Zero” brings forth the weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into undercover microphones.
Here are some of the most important documents set to be brought forth by WikiLeaks:
iPhones, Android devices and smart TVs, the main targets of the CIA malware
It appears that the CIA has developed a software capable of spying on just about every piece of electronic equipment people use, from smartphones to routers and smart TVs. Thus, everything recorded by those devices, from deliberately sent messages, user location to everything we say or do near those gadget’s microphones and cameras can become accessible to the US intelligence agency.
Samsung smart TVs for instance get infected with the “Weeping Angel” malware, developed by the CIA’s Embedded Devices Branch (EDB). Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
Microsoft Windows and Linux users, also targeted
The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools.
Air gap jumping viruses such as “Hammer Drill” infect software distributed on CD/DVDs, removable media such as USBs, and hide data in images or in covert disk and to keep its malware infestations going.
Vulnerabilities allow for CIA data to be hacked, putting population at risk
The WikiLeaks disclosure brings forth serious vulnerabilities which place a large part of the population at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of these issues.
Furthermore, the agency has exploited bugs discovered in phones and computers running Apple, Google and Microsoft software. Since they never revealed them, they did not enable the companies to fix them and keep their users safe from potential hacker attacks.
WikiLeaks noted that those unfixed exploits affected everyone using the equipment, including “the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers”.
Reactions from Apple, Samsung, Microsoft and Cisco
Apple, Samsung and Microsoft have reacted to the WikiLeaks disclosure which directly affects them. Apple said that it has already addressed some of the vulnerabilities, Samsung emphasized that protecting consumers’ privacy and the security of their devices is a top priority at Samsung, while Microsoft representatives declared to be aware of the report and currently looking into it.
Although Cisco is waiting for more details to be disclosed, the company has released a blog article with a reaction to the initial Vault 7 disclosure and determined the following:
- Malware exists that seems to target different types and families of Cisco devices, including multiple router and switches families.
- The malware, once installed on a Cisco device, seem to provide a range of capabilities: data collection, data exfiltration, command execution with administrative privileges (and without any logging of such commands ever been executed), HTML traffic redirection, manipulation and modification (insertion of HTML code on web pages), DNS poisoning, covert tunneling and others.
- The authors have spent a significant amount of time making sure the tools, once installed, attempt to remain hidden from detection and forensic analysis on the device itself.
- It would also seem the malware author spends a significant amount of resources on quality assurance testing – in order, it seems, to make sure that once installed the malware will not cause the device to crash or misbehave.
Encryption apps such as WhatsApp, easily bypassed
WikiLeaks also revealed that the CIA has the ability to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.
How does the agency do this? Apparently, it hijacks the entire phone and listens in before the applications encrypt and transmit information.
As The Hacker News explains, “it’s like you are sitting in a train next to the target and reading his 2-way text conversation on his phone or laptop while he’s still typing, this doesn’t mean that the security of the app the target is using has any issue.”
More information is coming soon
All the over 8,000 documents have not been verified completely. They are being uploaded on WikiLeaks website, so keep looking through the files for even more useful and revealing information.
Bear in mind that the “Year Zero” leaks are just the first in a series of “Vault 7” dumps, according to Julian Assange.
When taken together, those “Vault 7” leaks will make up the biggest intelligence publication in history, claims WikiLeaks.
Comments from Edward Snowden and Gus Hosein
NSA-contractor and later whistleblower Edward Snowden said on his Twitter channel that the leaked documents were “the first public evidence” of the US government “secretly paying to keep US software unsafe.” He noted: “The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words.”
Gus Hosein, executive director of campaign group Privacy International, made a similar point: “If the CIA knew of security weaknesses in the devices many of us use – from ‘smart’ phones to ‘smart’ TVs – they should have been working with companies to fix the vulnerabilities, not exploit them.”
The CIA responded to WikiLeaks’ disclosure of the agency’s hacking arsenal on Wednesday afternoon, saying that Americans should be “deeply troubled” by the revelations.
“The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists or other adversaries,” the statement read.
“Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm,” the statement continued.
Get the full statement at this link.
How to keep your smartphone & other smart devices private
Using a VPN can fully encrypt and anonymize one’s Internet activity. Thus, what you access online will be known only by you, in case you do not somehow disclose that information to someone.
The reason for this is easy: CyberGhost VPN, for instance, assigns you one of its very own IPs which you will also share with tens of other users. Thus, it will become virtually impossible for you to be identified online. You can download and use the CyberGhost software for free, but a Premium subscription is recommended for full and faster access to all of the app’s features.
Bear in mind that hardware elements such as microphones and cameras remain vulnerable even when using a VPN though, as well as SMS messages sent via phone operators.
However, to keep your phone/laptop camera from being hijacked, you could disable or obscure it. If you have a smart TV, you can unplug it to stop it from potentially spying on you.
More such advice to come in a future CyberGhost blog article.