The last time the CIA was in the news for hacking it was for hacking into U.S. Senate computers to spy on staffers working on the torture report.
Now, thanks to leaked materials published by Wikileaks, the CIA is once against facing questions about its cyber activities. The Wikileaks press release calls the collection “Vault 7.”
Former CIA officer John Kiriakou told Shadowproof earlier this year that it was the CIA who actually carried out cyberwarfare operations at the human level and there was no such thing as “NSA agents” operating abroad. Vault 7 appears to confirm that analysis, with the CIA conducting specific human-based operations rather than broad electronic dragnets.
Wikileaks is calling the first part of the Vault 7 series “Year Zero,” which consists of 8,761 documents and files from an “isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.”
While the exact source of the information is unknown, Wikileaks attributes the leak to someone in the Snowden tradition of being interested in forcing a public debate on an out of control government spying program. According to the press release “the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation.”
It is going to take a considerable amount of time to go through all the files and Wikileaks is holding some information back at the moment to ensure the cyberweapons are not re-purposed or misused. Nonetheless what has already been released is considerable.
According to Wikileaks, the CIA has the ability to break into Android and iPhone handsets which defeats encrypted messaging apps like Signal, Telegram and WhatsApp.
The CIA also has a program named “Weeping Angel,” which hacks into so-called Smart TVs and turns them into microphones. The target believes the TV is turned off when in truth the unit is still on and providing audio surveillance to the CIA.
One revelation that is particularly unnerving is that the CIA is focused on hacking into cars. As Wikileaks notes, “The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.” Barrett Brown believes that information justifies opening an investigation into the death of journalist Michael Hastings, who died in a car accident in 2013 that many consider suspicious.
But perhaps the most important story to come out of Year Zero disclosures so far is the CIA’s “false flag” attacks, where the CIA puts suspicion for its own cyberattacks on other state actors:
The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from. UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
So, just as a thought experiment, the CIA could hack into the systems of somewhere like the Democratic National Committee and leave electronic fingerprints pointing to the Russian Federation as the perpetrator. Or, really, any actor whose “fingerprints” they had on file.
The takeaway from all this as that while the United States government is constantly presenting itself as the victim in the new cyberwar, every revelation—from Stuxnet to Snowden—makes it more and more obvious that the U.S. is playing offense as much as defense, if not more.