CIA ‘Vault 7’ leaked
Documents reveal the scale of the CIA’s global hacking.
Much has been made of Wikileak’s recent reveal of over 8,000 documents, known as ‘Vault 7’, claimed to lay bare the CIA’s global hacking and surveillance programme. Wikileaks (at: https://wikileaks.org/ciav7p1) states that “The first full part of the series, ‘Year Zero’, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina . . . this extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.”
Vault 7 appears to show that the CIA created hacking and malware tools to target iPhone and Android devices, allowing infected phones to send the CIA people’s geolocation, audio and text communications, as well as activating the camera and microphone. A more alarming revelation is of a malware codenamed “Weeping Angel”, which it is claimed was created with MI5 to target Samsung smart TVs, pretending they are off when they are still on and recording conversations using the builtin microphone of the TV. Linux, and embedded devices were also apparently targets.
While “The CIA can hack your TV to spy on you” is an irresistible headline, some have questioned Wikileak’s claims, and challenged the alarmist reporting. A blog post by Errata Security ( http://bit.ly/2ncTg4M) highlights some of the scaremongering. For example the claims that the CIA hacked Samsung TVs reveals on closer inspection that the CIA has to install its software via USB, making it unlikely it is listening through your TV (unless you recently caught a CIA agent in your living room with a USB drive). If these leaks are legitimate, they suggest that the CIA is a bit behind the times – and also demonstrate the benefits of encryption, given the lengths the CIA allegedly has to go to to circumnavigate it. As Nicholas Weaver, a security teacher at the University of California, points out: “if the US government wants to get your data, they can’t hope to break the encryption... They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago.”