bit-tech.net

WikiLeaks publishes massive 'Vault 7' CIA cracking trove

WikiLeaks publishes massive 'Vault 7' CIA cracking trove

WikiLeaks has published a trove of nearly 9,000 documents which it claims detail cyber espionage and warfare capabilities of the US CIA, many of which stand against previous government agreements on the sharing of security vulnerability information.

WikiLeaks has released what it claims to be the largest ever publication of confidential documents from the US Central Intelligence Agency (CIA) covering a large proportion of its electronic espionage and warfare arsenal.

Dubbed Vault 7 by the organisation, the document trove is being released in dribs and drabs, beginning with a nearly 9,000-strong release WikiLeaks has codenamed 'Year Zero,' but has already - if true - revealed much about the CIA's Centre for Cyber Intelligence. Documents released so far by WikiLeaks include details of zero-day vulnerabilities exploited by the CIA for Windows, macOS, Linux, iOS, Android, and other operating systems, which the CIA had refused to share with manufacturers in order to continue exploiting them - leaving users at risk of attack both from the CIA itself and from anyone who got their hands on the exploits, either through independent discovery or via leaks from the CIA's trove of attack code.

'There is an extreme proliferation risk in the development of cyber 'weapons'. Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade,' claimed controversial WikiLeaks editor Julian Assange of the documents contained in the release. 'But the significance of "Year Zero" goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective.'

The documents released thus far make for sobering reading for privacy enthusiasts and strong validation for paranoiacs: tools built by the CIA's Engineering Development Group include backdoors and exploits for all major mobile and desktop operating systems, a tool dubbed 'Weeping Angel' which allows the CIA to listen in on conversations made within range of the microphone on Samsung smart TVs even when they are supposedly switched off, the ability to take remote ownership of vehicle control systems as a potential means of assassination, and the hoarding of zero-day vulnerabilities against the Vulnerabilities Equities Process which has required government agencies to alert manufacturers and vendors to any and all discovered security vulnerabilities in their products since 2010 in order that they may be patched.

The legitimacy of the documents has, naturally, not been confirmed by the CIA itself. Apple, however, has lent credence to the leak by issuing a statement confirming the legitimacy of many of the claimed vulnerabilities documented therein but claiming they have since been patched in order to protect users, while claiming to be actively investigating the remaining vulnerabilities in order to close those holes as well.

Interested parties can read the redacted documents on the official leak page, though those who do not make regular use of anonymising technologies such as VPNs or the Tor network are advised that clicking on the link unprotected will bring your interest to the attention of your national security authorities.

3 Comments

Discuss in the forums Reply
Corky42 8th March 2017, 10:44 Quote
When they said years ago that the internet will become governments new battlefield they weren't kidding, they seem so focused on this new battlefield that they're ignoring the innocent civilian casualties, then again what's new.
AiA 9th March 2017, 00:51 Quote
I didn't know terrorists have the latest samsung smart tv's.

I'm guessing just recording everything your phone mic picks is it alot more useful, dont even have to intercept the calls.
edzieba 9th March 2017, 07:56 Quote
I'm kind of in two minds about this:
On the one hand, these are exactly the sort of capabilities we want our Sneaky Beakey agencies to be developing. That's rather the point of having them.
On the other, by having these capabilities public they can be fixed, and there's no guarantee whatsoever that these same exploits have not been independently developed and exploited by others.

What's honestly far more interesting than the contents of the 'leak' is how it came to Wikileaks in the first place. This doesn't seem to be like the case of Chelsea Manning or Edward Snowden, with a specific "look at this specific shady **** being pulled" archive and a story attached, but what appears to be an anonymous dump of internal documentation. Was this an internal source (or disgruntled ex-employee who had too much access) who has just decided "**** everything"? External contractor who wanted to make a buck and poor OPSEC on the CIA's part? A foreign intelligence agency with active penetration they just lost access to, and want to send a message (and decimate an adversary's arsenal) while they could?
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums