Wikileaks’ latest data dump finds the CIA’s hacking kits. The leaks, dubbed “Vault 7,” outline the CIA’s new strategy for surveillance and a full set of hacking tools to get the job done. The documents cover a few new strategic plans using attacks such as malware, viruses, exploits and even botnets. While it is nothing new (and should be expected) for the Federal Government to use hacking kits, think Magic Lantern and Wolf, it is the first time the public will get a solid chance to see their lineup, even if somewhat incomplete. Never the less, there’s really nothing that revealing or unexpected in the documents.
The leaked documents outline how the CIA is going directly after the mobile market, extending their capabilities to iOS, Android and Windows phones. Also in the mix is a persistence attack on Apple computers running OS-X. They even went after some low-hanging-fruit by attacking Samsung smart TV’s, to turn them into listening devices. No need to place physical devices in the home when you can hack something and turn it into an open mic.
Wikileaks was responsible for hinting that the CIA could break endpoint encryption communication applications such as Signal and WhatsApp, as well as encrypted email services. It is important to note that the actual encryption used had NOT been compromised, and the CIA is not yet able to circumvent those applications’ security features. This doesn’t mean however, that the CIA can’t take control over a device running those applications, and essentially gain access. So there’s room to wriggle, if you’re into semantics.
Wikilieaks did not release the actual code used in the tools but did provide enough code snippets to verify the legitimacy of the documents. They do plan on releasing the code once they have verified the contents and can safely present it to the public without anybody accidentally infecting their own machines.
There is very little doubt that the hacking tools leak is going to cause another shake up. The strategies listed in the documents were clearly updates from the wake of the Edward Snowden leaks from a few years ago. And of course these new revelations will be by run through with a fine tooth comb by corporations in a rush to patch the exposed areas. This could be seen as a major setback for the CIA, NSA, and any other division that uses the methods described in the documents. No doubt that other nations will also be affected by the leaks as well. Pretty much anyone that uses the current processes or tactics as described in the leaks is going to have to start over. Well, maybe not completely over. The tools leaked were believed to have only been part of the CIA’s bag-o-tricks.
This only confirms that the Federal government is indeed aggressively going after personal communication devices. And possibly in a manner that violates the rights of its citizens? As more of the hacking tools come to light, be prepared for a flood of patches and updates from vendors.