WikiLeaks exposes CIA hacking tools that can be used to spy on people worldwide

WikiLeaks exposes CIA hacking tools that can be used to spy on people worldwide

The CIA has been hiding technological vulnerabilities.

By  Alexandra Jacobo March 8, 2017  | News Analysis – Nation of Change

On Tuesday, WikiLeaks released new documents that reveal an arsenal of CIA hacking tools that are being used to break into internet-connected devices such as smartphones, computers, and even televisions.

The document dump, code-named “Vault 7,” was acquired by WikiLeaks from someone who they say is a “former U.S. government hacker and contractor.” WikiLeaks says that their source provided them with the documents because they raise serious questions that need to be debated in public, such as the amount of public oversight needed for the CIA and the “security, creation, use, proliferation and democratic control of cyberweapons.”     

The first part of the dump, which is promised as a series, is called “Year Zero” and “comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.”

WikiLeaks claims that the CIA recently lost control of tools in its hacking arsenal, including viruses, malware, weaponized “zero day” exploits and malware remote control systems.

This amounts to more than several hundred million lines of code, the entire hacking capacity of the CIA, and now could be in the hands of anyone around the world. As WikiLeaks states, “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner.” This means that the CIA’s arsenal of privacy-crushing cyberweapons could be in the hands of criminals and foreign spies.

The hacking tools that are part of the CIA’s arsenal include tools in which to hack U.S. and European company products such as Apple’s iPhone, Google’s Android, and Samsung TVs. According to the documents, the tools the CIA uses can hack into these products and operate them remotely, and turn them into surveillance devices.

“The potential privacy concerns are mind-boggling”

Politicians are responding to the leak by calling for an immediate congressional investigation. U.S. Rep. Ted Lieu (CA) stated, “I am deeply disturbed by the allegation that the CIA lost its arsenal of hacking tools. The ramifications could be devastating. We need to know if the CIA lost control of its hacking tools, who may have those tools, and how do we now protect the privacy of Americans.”

Julian Assange believes the documents show “an extreme proliferation risk in the development of cyber ‘weapons.’”

According to the leak, the program nicknamed “Weeping Angel” uses Samsung smart TVs as listening devices. Even when the TV appears to be turned off (“Fake-Off”) it can operate as a bug, recording conversations in the room and sending them over the internet to a covert C.I.A. server.” This technology was created with the help of British Intelligence.

The documents also claim that in 2014 the CIA was exploring the possibility of hacking into the internet-connected systems of modern cars.

CIA spokeswoman Heather Fritz Horniak responded by saying, “We do not comment on the authenticity or content of purported intelligence documents.”

WikiLeaks took care to redact any names and other identifying information from the collection so as not to expose individuals involved in the leak. This includes the redactions of “tens of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. They also made sure to withhold computer code for any of the usable cyberweapons “until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analyzed, disarmed and published.”

Not only do the documents revealed by WikiLeaks show that the CIA has managed to infiltrate personal devices, and use them to spy on people’s personal lives, but that they also practice framing other hackers for their deeds. The CIA policy is that its hackers must use cyberweapons in a way that cannot be traced back “CIA, U.S. government, or its witting partner companies.”

The techniques used by the CIA are effective against encryption software that many people use on the smartphones, such as WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman, by “hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”

CIA hoards vulnerabilities

Another serious implication of the documents reveals that rather than disclose serious vulnerabilities, exploits, bugs or “zero days” to device manufacturers – something that the U.S. technology industry was assured of by the Obama administration – the CIA has hidden these problems.

After the U.S. government was lobbied by technology companies they stated that they would disclose all pervasive vulnerabilities discovered after 2010. These documents show that this has not been the case. The CIA has instead been discovering these vulnerabilities and then utilizing them for their own advantage. Because they have not shared them, manufacturers such as Apple and Google will not be aware and may not fix the holes, leaving devices hackable.

Hiding these vulnerabilities poses a huge risk. It leaves critical infrastructure at risk to foreign intelligence or cyber criminals. As WikiLeaks states, “If the CIA can discover such vulnerabilities so can others.”

If authentic, Vault 7 will one of the biggest leaks of classified information in recent years, in the same category as the Chelsea Manning leaks of 2010 and the NSA leaks by Edward Snowden in 2013.

Cyberwarfare and cyberweapons are serious business and extraordinarily difficult to contain. Not only are they built on data that can be copied quickly with very little cost, once any of these cyberweapons are set “loose” they can spread around the world in seconds.

Read the entire analysis of the Vault 7 release here.

 

 

Post a comment or leave a trackback: Trackback URL.

Comments

  • guyaneseonline  On March 11, 2017 at 3:55 pm

    WikiLeaks latest data dump undermines case against Russia election hack
    Uh-Oh, there goes the Democrats’ whole ‘Russia Did It’ campaign.

    http://www.nationofchange.org/2017/03/11/wikileaks-latest-data-dump-undermines-case-russia-election-hack/

    By Dave Lindorff – March 11, 2017 | Op-Ed 6 Comments 336

    The so-called Deep State and Democratic Party campaign to demonize Russia for allegedly “hacking the US election,” and delivering the country into the hands of Donald Trump suffered a huge and probably mortal blow this week with the release by WikiLeaks of over 7000 secret CIA documents disclosing secret CIA hacking technologies.

    The case being made against Russia as being the source of leaked emails of the Democratic National Committee and of Clinton Campaign Chair John Podesta – documents that proved that the DNC had been corrupting the primary process in favor of corporatist candidate Hillary Clinton and undermining the campaign of Vermont Senator Bernie Sanders, and that also revealed the embarrassing contents of Clinton’s highly paid secret speeches to a number of giant Wall Street banks – had always been tenuous, with no hard evidence ever presented. All the intelligence agencies would say was that they had a “high degree of certainty,” or “strong reason to believe” that the Russians were the source of the deeply damaging documents late in the campaign season.

    Adding to doubts that Russia had actually hacked the DNC was WikiLeaks itself, which insisted that it had obtained the DNC and Podesta emails not from a hack of computers, but from an internal DNC staffer who actually pulled them off computers with a thumb drive and provided them to the organization – a person later identified as Seth Rich, who was mysteriously murdered on his way home from DNC headquarters in Washington, shot in the back at night in an unsolved case that the local police quickly labeled a “botched burglary,” although nothing was taken from his body by his assailant – not his wallet or watch even. (Wikileaks has offered a $20,000 reward for information that helps solve that uninvestigated case.)

    But one thing the blame-Russia conspiracy theorists did have going for them was their assertion that the leaked DNC documents contained routing information and ISPs that pointed to Russia as the source of the hacks.

    Now, however, the new CIA documents released by WikiLeaks – the first of a much larger trove of such documents that are reportedly going to be released as WikiLeaks goes through them to remove information that might jeopardize agents or national security – show that among the technologies and hacking tools that the CIA has been using to attack targeted computers, internet servers and even so-called “smart” appliances in people’s homes, like Samsung TV sets, are a number of Russian-developed hacking programs.

    As the New York Times wrote in its article on the latest Wikileaks document release, which it is calling “Vault 7”:

    “Another program described in the documents, named Umbrage, is a voluminous library of cyber-attack techniques that the CIA has collected from malware produced by other countries, including Russia. According to the WikiLeaks release, the large number of techniques allows the CIA to mask the origin of some of its attack and confuse forensic investigators.
    “The WikiLeaks material includes lists of software tools that the CIA uses to create exploits and malware to carry out hacking. Many of the tools are those used by developers around the world: coding languages, such as Python, and tools like Sublime Text, a program used to write code, and Git, a tool that helps developers collaborate.”
    What this means is that current efforts by Democratic Party leaders and Deep State leakers in the government intelligence sector to pin the blame on Russia for hacking the election or for trying to help elect Trump as president, now must confront the counter-argument that the Deep State itself, in the form of the CIA, may have been behind the hacks, but is making it look like the Russians did it.

    As fellow investigative reporter Robert Parry puts it on his site, Consortium News:

    “The WikiLeaks’ disclosures add a new layer of mystery to whether the Russians were behind the ‘hacks’ of the Democratic Party or whether Moscow was framed.
    “For instance, the widely cited Russian fingerprints on the ‘hacking’ attacks – such as malware associated with the suspected Russian cyber-attackers APT 28 (also known as ‘Fancy Bear’); some Cyrillic letters: and the phrase ‘Felix Edmundovich,’ a reference to Dzerzhinsky, the founder of a Bolsheviks’ secret police – look less like proof of Russian guilt than they did earlier.
    Or put differently – based on the newly available CIA material – the possibility that these telltale signs were planted to incriminate Moscow doesn’t sound as farfetched as it might have earlier.”
    Even the Wall Street Journal yesterday cited an “unnamed intelligence official” acknowledging that the CIA’s “Umbrage” library of foreign hacking tools could “be used to mask a U.S. operation and make it appear that it was carried out by another country…. That could be accomplished by inserting malware components from, say, a known Chinese, Russian or Iranian hacking operation into a U.S. one.”

    Why would the CIA do that? Well, if the concern was that Trump, as he stated throughout the campaign, wanted to end US hostility towards Russia, and to develop friendly relations with that country and its leader, President Vladimir Putin – a development that deeply opposed by Neoliberals, Neocons, and the defense/intelligence establishment – what better way to toss a spanner into such plans than to make it look like Russia had tried to corrupt the US election?

    That charge has been largely adopted unquestioningly by the corporate media in recent months, but it now founders on the new evidence that the CIA has the ability to pose as a Russian hacker!

    It looks like the campaign to portray President Trump as a Putin puppet, and to portray Russia as an evil underminer of US democracy will have to come up with another way to attack the Trump administration, and to gin up a new Cold War with Russia. The current effort will no longer pass the laugh test. Democrats seeking to undermine Trump with the US public will have to do better – like maybe actually analyzing the reasons for their epic election defeat, and coming up with a genuinely populist, as opposed to corporatist, program to show ordinary Americans that the party has their interests at heart, and not just the interests of rich campaign contributors.

    WikiLeaks and its founder Julian Assange, the latter holed up these past four years under threat of arrest in the Equadoran Embassy in London, have done it again.

    Although the Deep State hasn’t given up. The NY Times,, in its report today on the WikiLeaks documents, also includes the rather lame argument by James Lewis, described as “an expert on cybersecurity at the Center for Strategic and International Studies” (a Washington think-tank closely linked to the US defense and intelligence establishment), that the latest WikiLeaks documents “most likely” were provided not by a “conscience-stricken CIA whistleblower,” but rather via another source. Lewis then suggests that:

    “…a foreign state, most likely Russia, stole the documents by hacking or other means and delivered them to WikiLeaks, which may not know how they were obtained.”
    Lewis gives no real explanation as to why a Russian hack would be “more likely” than a whistle-blowing CIA employee or contractor to be the source of the leaked documents provided to WikiLeaks, but the Times and its intelligence establishment sources are putting that alternative out there anyhow, clearly in an effort to keep the crumbling anti-Russia campaign afloat.

    It will be interesting to see how far the McCarthyite campaign to demonize Russia and to damage the Trump presidency by linking it to Russian perfidy will go, given this new information that the CIA was well-equipped to do its hacking work posing as a Russian entity.

  • Albert  On March 11, 2017 at 7:56 pm

    All the evidence base on the polls show Hilary would win the election. It was also known that she would not remove the sanctions and might even be tougher on that country. Knowing this why would the CIA do anything to hurt her chances of winning.

    • London woman  On March 12, 2017 at 11:22 am

      This is another good example of being snooped on – You need to switch off your TV. Do not have it on stand by for people who can connect to Internet on their smart Television. If it’s on stand by your conversation is being recorded.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: