Vault7: Key revelations from WikiLeaks’ release of CIA hacking tools

© Monika Skolimowska / www.globallookpress.com

Bombshell claims by WikiLeaks that the CIA actively developed “hacking tools” to compromise billions of everyday electronic devices, only to then lose control of the techniques, has stunned the cyber community.

On March 7, WikiLeaks released documents leaked from a “high security” network within the CIA. The files, dubbed “Vault 7,” have been described by the whistleblowing site as the “largest ever publication of confidential documents” on the CIA.

The documents purportedly hold details about the agency’s capabilities to tap into smartphones, televisions and messaging apps, even before encryption has been applied.



The CIA has refused to comment on the authenticity of the documents and the source of the leak has not been revealed. However, the incident has reignited fears about whether privacy can ever truly be guarded in the modern world.

Here’s what you need to know about the Vault 7 release:

- A treasure trove of spy material 
WikiLeaks said the release is just 1 percent of the Vault 7 documents it has obtained. The first leak contains approximately 8,761 files and millions of codes, which allegedly originate from a CIA center in Langley, Virginia and date from 2013 to 2016.
The details provided so far by WikiLeaks read like a program hell-bent on gathering information that could be used to exploit security vulnerabilities in tech made by some of the world’s biggest manufacturers.



According to the leaks, malicious software capable of leaving false author fingerprints may also have been developed by the CIA, in order to pin the blame of global hacks on different nations.
“The technology is designed to be unaccountable, it’s designed to be untraceable, it’s designed to hide itself,”

CIA virus creation rules show obsession with avoiding US attribution for its attacks and evading forensic analysis https://t.co/Uawo423qYu pic.twitter.com/aAb9HJXmph

— WikiLeaks (@wikileaks) March 12, 2017

Assange said of the spy material. “It’s designed to throw off people looking to see where there are fingerprints that might demonstrate who authored that technology.”

- CIA ‘hacking arsenal’
Labelled a “hacking arsenal”by WikiLeaks, the documents offer information about a CIA Engineering Development Group (EDG) tasked with developing a “global covert hacking program.” The program includes ways to gather “geolocation, audio and text communications” from phones without people’s knowledge.

#WikiLeaks release #Vault7 with details of CIA's 'global covert hacking program' pic.twitter.com/pMihFkNPqn

— Colm McGlinchey (@ColmMcGlinchey) March 7, 2017

The leaks also state the CIA created malware and trojans to allow hackers to covertly take over computers. To date, Apple’s iOS operating system, Google’s Android phones, Telegram, WhatsApp and Microsoft Windows programs are said to have been targets.
The top selling television brand in 2015, Samsung, was also subject to the surreptitious advances by the CIA, according to WikiLeaks. The company’s smart television device was reportedly earmarked for a fake “off-mode” hack, through which audio could be secretly recorded.

- Assange offers to coach companies on CIA tactics
In a livestream Thursday, Assange said WikiLeaks is prepared to offer its technical expertise to companies that have suffered “billions of dollars of damage” as a result of nation-state hacking.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” he said.

Showdown intensifies between WikiLeaks and the feds! Assange says WikiLeaks will work with tech companies as FBI looks for mole pic.twitter.com/11GINuKL4X

— FOX & friends (@foxandfriends) March 10, 2017

Tech firms such as Samsung and Apple have since moved to allay customers’ fears, although company concern over unknown software vulnerabilities is palpable. “While our initial analysis indicates that many of the issues today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” Apple said.

A day later, Samsung reacts to the CIA news with a statement. https://t.co/alBbm2BjWJ pic.twitter.com/X5MfxtOZv1

— Lorenzo Franceschi-B (@lorenzoFB) March 8, 2017

Statement from Google on CIA dump: pic.twitter.com/BMiNLFcLoc

— Jenna McLaughlin (@JennaMC_Laugh) March 9, 2017

Tech giants #Apple, #Samsung & #Microsoft express concern about #CIA hacking after #WikiLeaks dump https://t.co/nailD7mqGs#Vault7 #YearZero pic.twitter.com/aMauSmWXs1

— RT (@RT_com) March 8, 2017

Samsung said: “Protecting consumers’ privacy and the security of our devices is a top priority,” and added, “We are aware of the report in question and are urgently looking into the matter.”
Google says it is confident that its security updates have patched areas open to exploitation. However, it is continuing to carry out an investigation into their concerns. “Our analysis is ongoing and we will implement any further necessary protections,” the search engine giant told Recode.


© Jason Reed / Reuters

Meanwhile, Microsoft told CNET that customers using Windows 10 are safe from “dated” vulnerabilities, saying: “We take security issues very seriously and are continuing a deeper analysis to determine if additional steps are necessary.”

Telegram, the encrypted messaging service, pointed out that it is up to the device and operating system manufacturers to plug gaps open to prying intelligence agencies. It added: “The tools from ‘Vault 7’ are like a map of [secret] tunnels. Now that device and OS manufacturers like Apple and Google will get this map, they can start filling in the holes and boarding up the passages.”

Chat application Telegram issues statement on CIA attacks in today's WikiLeaks' "Year Zero" publication https://t.co/acTMkdl1A7 pic.twitter.com/XVKbMkG3gj

— WikiLeaks (@wikileaks) March 7, 2017

The #CIA has access to all files, and can turn cameras on and off... to spy on each one of our lives, says #Wikileaks pic.twitter.com/gFPmqHFKsK

— DW - Business (@dw_business) March 10, 2017