The CIA’s Tools and Wikileak’s Vault 7
The new series of leaks is titled “Vault 7”, and the first load of documents released called “Year Zero”. The documents focus on a section in the CIA called the Center for Cyber Intelligence. The unit was tasked with creating and using an arsenal of hacking tools (Malware, viruses, Trojans, weaponized ‘zero day’ exploits) to perform a range of subversive and covert operations.
The fact the CIA have secrets is not anything new. It is expected that there are secrets that the public should not know. What the issues include – A lack of oversight and accountability (The ‘who watches the watchmen’ question). The scope and aim of the possible targets, the added cost to the taxpayer of having two similar systems in place (Why can’t the NSA and CIA share information and resources, rather than spend billions to create similar programs?), and what happens if the hacking tools get into the wrong hands?
Wikileaks claim the CIA has lost control of most of its hacking arsenal. If these documents are real (The CIA’s responses and actions tend to make it seem like they are the real deal) and a hacker got access to them, what’s stopping hackers from stealing lines of code from the CIA? From all the hacking being claimed in the media, it is likely that someone, or a few people, have been able to access the information. Which is a scary thought.
What’s Been Compromised?
The hacking tools found can spy on people using smartphones, tablets and televisions. Users of Apple’s iPhone, Google’s Android, Microsoft’s Windows and Samsung smart televisions can have the devices hacked, and information read before it is encrypted. So, if you use an encrypted messenger service like WhatApp, Telegram or Signal, you are still not even close to being private or secure.
OSx, Linux and removable devices have been compromised as well. Data can be hidden in USB, CD/DVDs or image files that the user is not aware of. The people who these effects are anyone who has an Android, iOS, Windows, OSx, Linux system or smart television. The scope of these people includes politicians, CEOs, system administrators, the US President and other world leaders.
Maintaining Control of the Hacking Tools Near Impossible
The CIA keeping these vulnerabilities to themselves means that anyone who uses nearly any smartphone, tablet or PC is at risk of an attack. Another issue is terrorism, and if these tools fall into the wrong hands. There’s nothing to say they already haven’t. If Wikileaks has the lines of code for thousands of cyber weapons, then others having that information is a possibility.
It is not just information that the CIA can gather. Progress is being made by the CIA to be able to hack cars and potentially assassinate people without anyone knowing what happened. That would not be so bad if there were a trust there that the technology will not be used for nefarious means, but there’s not. Even with the best intentions, there’s little trust that even if the CIA use these tools correctly that they can keep them secure.
What Will Tech Companies Do?
For technology companies, this disclosure could change how they innovate and evolve their devices and operating systems. Security and privacy is a big selling point with digital devices as no one wants their personal information hacked by anyone.
When the Snowden leaks came to light, tech companies tightened their security to stop unauthorised people from gaining access. After all, if a person has nothing to hide, then the authorities have no reason to gain access to their information.
Users Need Protection
The U.S. government are not happy with the changes tech companies to make to secure their digital technology. However, someone must look out for innocent people when the ones protecting them are also spying on them. The common user needs protection from blackhat hackers who could steal their identity, use personal information to blackmail them or other digital crimes.
There needs to be a discussion about cyberweapons the same way as with nuclear weapons. With so many devices controlled digitally via an internet connection, there’s a lot of scary possibilities. The ideal situation would see government agencies like the CIA working with technology companies to protect innocent folks from being hacked with a reason.
Some of the projects involved in the CIA’s cyber arsenal are:
UMBRAGE – Remove any fingerprints that can be traced back to the U.S. Government.
Fine Dining – A list CIA agents use to identify the tools needed for a hack.
Improvise (JQJIMPROVISE) – A toolset to hack Windows, OSx and Linux systems.
HIVE – To be implanted in Windows, Solaris, MikroTik and Linux platforms.
What will change from these leaks is questionable for the moment. No doubt technology companies will be trying to find and close off any zero-day issues to protect their users. When the users range from a high school student to the President, it is not a good thing that anyone with these tools can hack anyone with ease.