Nothing to fear, citizens. Keep consuming. Keep smiling.
WikiLeaks has dumped online what appears to be a trove of CIA documents outlining the American murder-snoops’ ability to spy on people.
The leaked files describe security exploits used to compromise vulnerable Android handhelds, Apple iPhones, Samsung TVs, Windows PCs, Macs, and other devices, and remote-control them to read messages, listen in via built-in microphones, and so on. The dossiers discuss malware that can infect CD and DVD disc file systems, and USB sticks, to jump air-gaps and compromise sensitive and protected machines – plus loads more spying techniques and tools.
Yes, government surveillance has a chilling effect on freedom of expression. But, no, none of this cyber-spying should be a surprise. Meanwhile, tech giants keep putting exploitable microphone-fitted, always-connected devices into people’s homes.
The tranche of CIA documents – a mammoth 8,761 files dubbed “Year Zero” – accounts for “the entire hacking capacity of the CIA,” WikiLeaker-in-chief Julian Assange boasted today. He said the documents show the intelligence agency had lost “control of its arsenal” of exploits and hacking tools, suggesting they were passed to the website by a rogue operative.
“‘Year Zero’ introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal, and dozens of ‘zero day’ weaponized exploits against a wide range of US and European company products, [including] Apple’s iPhone, Google’s Android, Microsoft’s Windows and even Samsung’s TVs, which are turned into covert microphones,” the WikiLeaks team said in a statement.
“The archive appears to have been circulated among former US government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive,” it added.
We’re still poring over the files. So far, from what we can tell, these “zero days” are said to affect older versions of Android and iOS. In any case, WikiLeaks wants to spur public debate over the CIA’s capabilities:
By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other ‘weaponized’ malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its ‘own NSA’ with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
When NSA techie Edward Snowden leaked documents from his agency, he got journalists to screen and, where necessary, redact portions of his vast PowerPoint slide dump. For today’s Vault 7 leaks, WikiLeaks said it had done this work itself:
WikiLeaks has carefully reviewed the ‘Year Zero’ disclosure and published substantive CIA documentation while avoiding the distribution of ‘armed’ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should be analyzed, disarmed and published.
WikiLeaks has also decided to redact and anonymize some identifying information in ‘Year Zero’ for in-depth analysis. These redactions include tens of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States.
Despite these stated precautions, WikiLeaks is likely to come under fire. The general public will probably quickly lose interest in the spying tools; the code is more likely to pique the interest of shady software developers, who can exploit any remaining unpatched bugs uncovered by the CIA to develop spyware.
One silver lining is that this demonstrates that it is so difficult to crack today’s end-to-end encryption apps, such as Signal and WhatsApp, that spies have to drill into the underlying devices and computers to snoop on people. That’s a lot of effort, cost, and risk, compared to tapping into communications over the wire, which strong end-to-end cryptography comfortably thwarts. Agents are therefore forced to carry out targeted snooping rather than mass blanket surveillance.
Meanwhile, some folks are speculating that the source of the leak could be the Russians, and its true purpose is to derail the CIA for political gain.
Year Zero is the first part of a larger release of information codenamed “Vault 7” by WikiLeaks, and is touted as the largest-ever publication of confidential documents on the intelligence agency.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.