WikiLeaks released thousands of purported CIA documents Tuesday, the first part of a leak the website has named “Vault 7.”
The first part of the leak is named “Year Zero” and, according to a press release by WikiLeaks, “introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits against a wide range of U.S. and European company products.”
“This shouldn’t be a surprise to anybody other than the few people left who think we’re a bunch of Good Guys and we always operate above the law”
These include Apple iPhones, Google Androids, and Microsoft Windows devices. The thousands of lines of code included in the dump include a program dubbed “Weeping Angel,” a hack developed by the CIA’s Embedded Devices Branch (EDB) that was evidently used to turn Samsung TVs into listening devices.
The program appears to include dozens of various malicious hacks and viruses and reveals the CIA’s possession of a number of local and remote “zero days” — vulnerabilities in software that can be exploited by hackers — including 24 weaponized zero days specifically for Android operating systems.
The information included in Tuesday’s leak also alleges the U.S. consulate in Frankfurt, Germany, is in fact a covert hacker base. The content and code in Tuesday’s WikiLeaks dump appear legitimate, Steve King, COO of cybersecurity firm Netswitch, told LifeZette.
According to WikiLeaks, they received the files from a former government-employed hacker, an explanation that “makes sense” according to King, as “technically it’s not illegal.” Indeed as WikiLeaks explains in its press release, strict classification rules prevent information which inherently lives online — i.e. malware code — from being classified.
“In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of ‘Vault 7’ — the CIA’s weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems — the agency has little legal recourse,” the press release explains.
“The only difference from conventional counter-espionage has been the change in venue,” said King, but “all of the implications around the internet … make it difficult or impossible to keep this stuff classified,” he said.
This is also what makes the CIA’s cyber-arsenal particularly dangerous. “Cyber ‘weapons’ are not possible to keep under effective control” because they are “in fact just computer programs which can be pirated like any other,” the WikiLeaks press release states.
Tuesday’s leak suggests the CIA’s cyberwarfare activities are massive and global. “By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other ‘weaponized’ malware,” WikiLeaks claims.
[lz_related_box id=”281010″]
“Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook,” according to the press release.
The vast volume of the code released Tuesday suggests that “we’re probably responsible for more of the malware strains and malware versions that are out there on the web than any other single entity,” said King.
“We’re pretty self-righteous about pointing the finger at all these nation-state actors for all of these attacks, when in fact we’ve probably created more malware than all four of them combined. It’s kind of a karmic slap in the face,” he said.
“This shouldn’t be a surprise to anybody other than the few people left who think we’re a bunch of Good Guys and we always operate above the law or something.”
Join the Discussion
Comments are currently closed.