Bombshell claims by WikiLeaks that the CIA actively developed “hacking tools” to compromise billions of everyday electronic devices, only to then lose control of the techniques, has stunned the cyber community.On March 7, WikiLeaks released documents leaked from a “high security” network within the CIA. The files, dubbed “Vault 7,” have been described by the whistleblowing site as the “largest ever publication of confidential documents” on the CIA.
The documents purportedly hold details about the agency’s capabilities to tap into smartphones, televisions and messaging apps, even before encryption has been applied.
The CIA has refused to comment on the authenticity of the documents and the source of the leak has not been revealed. However, the incident has reignited fears about whether privacy can ever truly be guarded in the modern world.
Here’s what you need to know about the Vault 7 release:
- A treasure trove of spy material
WikiLeaks said the release is just 1 percent of the Vault 7 documents it has obtained. The first leak contains approximately 8,761 files and millions of codes, which allegedly originate from a CIA center in Langley, Virginia and date from 2013 to 2016.
The details provided so far by WikiLeaks read like a program hell-bent on gathering information that could be used to exploit security vulnerabilities in tech made by some of the world’s biggest manufacturers.
According to the leaks, malicious software capable of leaving false author fingerprints may also have been developed by the CIA, in order to pin the blame of global hacks on different nations.
“The technology is designed to be unaccountable, it’s designed to be untraceable, it’s designed to hide itself,”
CIA virus creation rules show obsession with avoiding US attribution for its attacks and evading forensic analysis https://t.co/Uawo423qYu pic.twitter.com/aAb9HJXmph— WikiLeaks (@wikileaks) March 12, 2017
- CIA ‘hacking arsenal’
Labelled a “hacking arsenal”by WikiLeaks, the documents offer information about a CIA Engineering Development Group (EDG) tasked with developing a “global covert hacking program.” The program includes ways to gather “geolocation, audio and text communications” from phones without people’s knowledge.
#WikiLeaks release #Vault7 with details of CIA's 'global covert hacking program' pic.twitter.com/pMihFkNPqn— Colm McGlinchey (@ColmMcGlinchey) March 7, 2017
The top selling television brand in 2015, Samsung, was also subject to the surreptitious advances by the CIA, according to WikiLeaks. The company’s smart television device was reportedly earmarked for a fake “off-mode” hack, through which audio could be secretly recorded.
- Assange offers to coach companies on CIA tactics
In a livestream Thursday, Assange said WikiLeaks is prepared to offer its technical expertise to companies that have suffered “billions of dollars of damage” as a result of nation-state hacking.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” he said.
Showdown intensifies between WikiLeaks and the feds! Assange says WikiLeaks will work with tech companies as FBI looks for mole pic.twitter.com/11GINuKL4X— FOX & friends (@foxandfriends) March 10, 2017
A day later, Samsung reacts to the CIA news with a statement. https://t.co/alBbm2BjWJ pic.twitter.com/X5MfxtOZv1— Lorenzo Franceschi-B (@lorenzoFB) March 8, 2017
Statement from Google on CIA dump: pic.twitter.com/BMiNLFcLoc— Jenna McLaughlin (@JennaMC_Laugh) March 9, 2017
Tech giants #Apple, #Samsung & #Microsoft express concern about #CIA hacking after #WikiLeaks dump https://t.co/nailD7mqGs#Vault7 #YearZero pic.twitter.com/aMauSmWXs1— RT (@RT_com) March 8, 2017
Google says it is confident that its security updates have patched areas open to exploitation. However, it is continuing to carry out an investigation into their concerns. “Our analysis is ongoing and we will implement any further necessary protections,” the search engine giant told Recode.
© Jason Reed / Reuters
Meanwhile, Microsoft told CNET that customers using Windows 10 are safe from “dated” vulnerabilities, saying: “We take security issues very seriously and are continuing a deeper analysis to determine if additional steps are necessary.”
Telegram, the encrypted messaging service, pointed out that it is up to the device and operating system manufacturers to plug gaps open to prying intelligence agencies. It added: “The tools from ‘Vault 7’ are like a map of [secret] tunnels. Now that device and OS manufacturers like Apple and Google will get this map, they can start filling in the holes and boarding up the passages.”
Chat application Telegram issues statement on CIA attacks in today's WikiLeaks' "Year Zero" publication https://t.co/acTMkdl1A7 pic.twitter.com/XVKbMkG3gj— WikiLeaks (@wikileaks) March 7, 2017
The #CIA has access to all files, and can turn cameras on and off... to spy on each one of our lives, says #Wikileaks pic.twitter.com/gFPmqHFKsK— DW - Business (@dw_business) March 10, 2017