On 7 March 2017, Wikileaks published a new series of classified information called “Vault 7.” 1 It is claimed to be one of the largest ever published leak by Wikileaks. For those who don’t know, Wikileaks is a non-profit organization that publishes confidential, secret or classified data on its website Wikileaks.org . The Vault 7 series contains thousands of classified files from the CIA’s Cyber intelligence center in Virginia, exposing the CIA’s malware program that would infect a host of day to day devices.
Here are the main highlights of the Vault 7 leak:
- Year Zero: The first leak consisting of 8,761 files is called Year Zero. This program introduced the CIA’s secretive hacking programs. The archive of classified malware programs were circulating among ex-US government officials and is said to have made its way to Wikileaks by one of these sources.
- Zero day: Many of the malwares created by the CIA were backed by “zero day” attacks. A zero day attack in computer systems is a phenomenon when the areas of vulnerability are unknown to the software manufacturer.
- Massive Budgets: In 2001, the CIA started receiving a larger share of budgets over the NSA. This sum of finance was used to create an army of hackers to develop thousands of viruses, Trojans and Malware as cyber weapons. Conclusively, the CIA’s cyber division was now competing with the NSA. This was even more dangerous as the CIA has less accountability and does not need to address underlying issues publicly.
- Department for Digital Innovation: The Engineering and Development Group (EDG), that falls under the Department for Digital Innovation (DDI) is responsible for the development of malware. You could see the entire structure here: https://wikileaks.org/ciav7p1/files/org-chart.png
- Virality of cyber weapons: Unlike a nuclear missile that demands an infrastructure and is very easily revealed to the public, cyber weapons could be replicated and spread at enormous speeds. A simple chain of hackers could spread these cyber weapons in seconds, thus reaching terrorist organizations and small time hackers.
- Malware that targets commonly used devices: Since it the best way to spy on anyone, would be through devices used by the common masses, the CIA focused its malware on infecting IPhones, Android smartphones and Smart TVs. Needless to say, we already had Snowden reveal how phones were used as spying devices. The Mobile Devices Branch (MDB) was instrumental in developing malware that would switch on a phone’s microphone or camera without the owner’s knowledge. The CIA apparently purchased zero day exploits from other organizations. Then they would infect IPhones and other iOS devices. It even managed to bypass Whatsapp’s encryption feature.
- Fake-Off feature: Nobody ever suspects their Television sets to be infected and neither do Smart TVs come with an anti-virus. The CIA with the help of a corporation in UK called MI5/BTSS developed a malware that would specifically target Samsung Smart TVs. It gave birth to a ‘Fake-off’ mode, wherein the TV would transmit conversations to a CIA server even after it was turned off.
- Untraceable assassinations: In 2014, the CIA was keen on infecting vehicles that were governed by modernized control systems. While the motive for this is unclear, Wikileaks states that this could have been used for secret assassinations.
- Presidential Twitter accounts: Some malware would use zero day exploits to hijack mobile phones that are or have had previously had access to presidential twitter accounts.
- U.S. consulate at Frankfurt is a CIA hacker base: This place serves as a base to all CIA hackers in Africa, Middle-east and Europe. These hackers working from the consulate are under the cover of being U.S. government officials and are given diplomat passports. Further, such covers were used to skip through German Customs regulations, and if questioned, they were to describe themselves as technical consultants at the consulate. Another great advantage of gaining access to the base at Germany is that, the hackers could freely move into France, Italy and other neighboring countries sharing the open border.
- Physical presence missions: Spies were asked to use malware infected USB drives to gain control over systems like police databases that were not connected to the internet.
- Increase of proliferation risks: The CIA did not patent its spying softwares as they were against the U.S. constitution. This allowed the software to be freely pirated.
- An ongoing infection: Even after the target system was infected and the goal was achieved, the CIA continued to infect the system. Thus there was no end to the madness and most infections were permanent.
- The rule book: The CIA maintained a sort of a rule book called “Tradecraft Do’s and Don’ts” that laid down rules on how the malware must be written. This was done to avoid any kind of trace back to the CIA.
While this has been just the first of the Vault 7 series, we would expect many more revelations of the CIA’s covert hacking operations. Wikileaks claims that it is still in the process of analyzing the huge chunk of classified files and isn’t quite worried of the CIA to take action against them. The website was attacked several times in the past by alleged U.S. government entities, but was mirrored by its supporters.