CIA hacking tools: Should we be worried?
Thousands of documents said to detail the CIA’s hacking tools were published by Wikileaks on Tuesday.
WikiLeaks has published a massive trove of confidential documents in what appear to be the biggest ever leak involving the US Central Intelligence Agency (CIA).
WikiLeaks announced series Year Zero, under which the whistleblower organization will reveal details of the CIA’s global covert hacking program.
As part of Year Zero, Wikileaks published its first archive, dubbed Vault 7, which includes a total of 8,761 documents of 513 MB (torrent | password) on Tuesday, exposing information about numerous zero-day exploits developed for iOS, Android, and Microsoft’s Windows operating system.
WikiLeaks claims that these leaks came from a secure network within the CIA’s Center for Cyber Intelligence headquarters at Langley, Virginia.
The authenticity of such dumps can not be verified immediately, but since WikiLeaks has long track record of releasing such top secret government documents, the community and governments should take it very seriously.
CIA’s Zero-Day Exploits & Ability to Bypass Encrypted Apps
According to initial analysis and press release, the leak sheds light on the CIA’s entire hacking capabilities, including its ability to hack smartphones and popular social media messaging apps including the world’s most popular WhatsApp messaging app.
“These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Weibo, Confide and Cloackman by hacking the smartphones that they run on and collecting audio and message traffic before encryption is applied,” WikiLeaks said.
The exploits come from a variety of sources, including partner agencies like NSA and GCHQ or private exploit traders, as well as the CIA’s specialized unit in its Mobile Development Branch that develops zero-day exploits and malware for hacking smartphones, including iPhones and iPads.
“By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other weaponized malware,” WikiLeaks said.
The agency can remotely activate smartphones’ cameras and microphones at its will, allowing it to hack social media platforms before encryption can be applied, WikiLeaks claims in the statement on their website.
Should we be worried?
“It’s not a surprise that people who have a mission to find bad guys and protect nations are using every means at their disposal to gather intelligence on a focused target,” said Don Smith from cybersecurity firm SecureWorks.
“If the CIA doesn’t have capabilities for eavesdropping, it’s not doing its job.”
Alan Woodward, a security researcher who advises Europol and previously advised UK spy agency GCHQ, said the public should be “encouraged” by the information published.
“Most of the leaked documents are about targeted attacks. This is not about mass surveillance and vacuuming up a haystack of data to search for a needle,” he told the BBC.
“They need warrants, they can’t just tap in to any phone – it doesn’t work like that. One of the reasons people have faith in the security services is that they tend to obey the law, and when they don’t it comes out.”
However, Access Now said the CIA’s decision to keep security flaws to itself had “significant repercussions for human rights and digital security”.
Whistleblower Edward Snowden criticised the scope of the CIA’s methods.
“Imagine a world where the actual CIA spends its time figuring out how to spy on you through your TV,” he wrote on Twitter. “That’s today”.
HammerDrill v2.0: A Malware to Steal Data From Air Gapped PCs
The CIA’s cyberweapon arsenal also includes a cross-platform malware, dubbed Hammer Drill, that targets Microsoft, Linux, Solaris, MacOS, and other platforms via viruses infecting through CDs/DVDs, USBs, data hidden in images, and other sophisticated malware.
What more interesting? Hammer Drill v2.0 also added air gap jumping ability used to target computers that are isolated from the Internet or other networks and believed to be the most secure computers on the planet.
Besides listing all hacking tools and operations, the documents also include instructions for using those hacking tools, tips on the configuration of Microsoft Visual Studio (which is classified as Secret/NOFORN), as well as testing notes for various hacking tools.
Some of the leaked documents even suggest that the CIA was even developing tools to remotely control certain vehicle software, allowing the agency to cause “accidents” which would effectively be “nearly undetectable assassinations.”