Vault 7 was released by WikiLeaks, exposing the scope and scale of CIA covert hacking.
The first installment of what will be the largest intelligence publication in history has been released by WikiLeaks, with the first installment dubbed ’Year Zero’ revealing CIA hacking tools.
In a dossier which reveals CIA malware targeted iPhone, Android and smart TV users, ‘Year Zero’ comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.
‘Year Zero’ reveals the scope and direction of CIA’s global covert hacking program, with the documents suggesting that the program had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware by the end of 2016. Such is the scale of the CIA hacking program, that its hackers apparently utlilise more code than that used to run Facebook.
The reason for this latest leak by WikiLeaks is that the documents suggest that the CIA has created “its own NSA with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”
The Source behind these leaks told WikiLeaks that certain policy questions need to be urgently debated in public including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.
The source, WikiLeaks states, wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
Arguing that a single ‘loose’ cyber weapoin can spread around the world in seconds and be used by rival states to teenagers, WikiLeaks Editor Julian Assange said:
“There is an extreme proliferation risk in the development of cyber ‘weapons’. Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of “Year Zero” goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective.”
‘Year Zero’ reveals that CIA malware and hacking tools targeted consumer devices, with the tools built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence).
The CIA’s Embedded Devices Branch developed malware called ‘Weeping Angel’ for covert surveillance, with the malware infesting smart TVs and transforming them into covert microphones. The malware was used in one such attack alongside the UK’s MI5:
“The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.”
Similar attacks were deployed against smartphones, with the Mobile Devices Branch developing numerous attacks to remotely hack and control phones. Indeed, there was even a specialised branch to solely look at ways to invest and infect iPhones:
“CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.”
A similar unit targeted Android, with the leak revealing that the CIA had 24 ‘weaponised’ Android ‘zero days’ as of 2016.
The leak also revealed covert efforts to infect and control Microsoft users, with malware developed to target Windows. Many of the Windows infection efforts were pulled together by the CIA’s Automated Implant Branch, while the CIA’s Network Devices Branch targeted Internet infrastructure and webservers.
“The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools,” said WikiLeaks.
‘Year Zero’ has disclosed the vulnerability ‘hoarding’ which followed Edward Snowden’s NSA leaks. Instead of disclosing serious vulnerabilities, which had the backing of the Obama administration, the CIA instead hoarded them.
“Year Zero” documents show that the CIA breached the Obama administration’s commitments. Many of the vulnerabilities used in the CIA’s cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
“As an example, specific CIA malware revealed in “Year Zero” is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities (“zero days”) possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.”
The leak also revealed that a US Consulate in Frankfurt is in fact a covert CIA hacker base. The CIA hackers who work in Frankfurt are given diplomatic passports and State Department cover. Once in Frankfurt, CIA hackers can travel with no further border checks across 25 European countries. What is key about this revelation is that a number of the CIA’s hacking techniques rely on physical proximity. In these cases, CIA spies actually infiltrate a workplace, with WikiLeaks giving an example:
“For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos). But while the decoy application is on the screen, the underlaying system is automatically infected and ransacked.”
One of the final disclosures was that the CIA had unclassified its hacking tools, a move called by WikiLeaks as “one of the most astounding intelligence own goals in living memory.” Blaming the CIA for dramatically increasing the proliferation of risks, WikiLeaks said:
“The CIA made these systems unclassified.
“Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the ‘battlefield’ of cyber ‘war’.