The latest tranche of files to be released by the Wikileaks has dealt a significant new blow to the US intelligence community as it has revealed startling new details about the tools they use to hack into people’s phone’s, computers, and electronic devices.
The latest release, which consists of thousands of documents gives a fascinating insight into how the CIA accesses people’s online and communications data and also shows how they worked together with British intelligence on some hacking technology.
The documents have been named Vault 7 by Wikileaks and appear to originate from the CIA’s Centre for Cyber Intelligence. They are dated from 2013 to 2016 and, according to Wikileaks, there are plenty more files still to be released.
The source for the documents is, in typical Wikileaks style, vague. The only reference made by Wikileaks stated that “the archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive.”
Amongst the non-technical information contained within the documents is the revelation that the CIA has been running a covert CIA hacking operation out of their consulate in Frankfurt, Germany. Hackers there have been given diplomatic passports and advice on how to get through German customs and counter-intelligence measures.
How the CIA hacks
But it is the technical revelations that have garnered most of the headlines so far as the documents have revealed a surprising amount of detail on how the CIA goes about its hacking operations.
The documents show that the CIA maintains a database of vulnerabilities into all popular electronic devices, whether it is actively exploiting those vulnerabilities or not. This revelation goes counter to previous statements from the US Government which have claimed that any vulnerabilities identified by the CIA are reported to manufacturers.
Manufacturers have leapt on this revelation with many claiming the vulnerabilities identified in the documents have already been fixed, while others have said they are actively investigating the claims.
Perhaps amongst the most worrying revelations was the claim in the Wikileaks Press Release that the CIA has techniques to “to bypass the encryption” of messenger services such as WhatsApp and Signal. It is thought that they have not broken the encryption of these services, but rather develop tools to access the data once it has been decrypted on the endpoint device.
Then there is also the fact, picked up on by Edward Snowden, that the US Government has actually been paying to knowingly keep devices unsafe and stop identified vulnerabilities being made public. The documents detail an iOS exploit referred to as Earth/Eve which was apparently bought by the NSA from an unnamed researcher and then passed on to both the CIA and GCHQ in the UK.
That is not the full extent of British Intelligence agencies involvement, however. They were also involved in the development of malware which can be used to compromise a range of smart TVs developed by Samsung.
The bug, which is dubbed ‘weeping willow’ appears to have been developed jointly by the CIA and MI5 and allows users to compromise Smart TVs and turn them into remote listening bugs. It even enabled them to use the TVs as bugs when they were switched off.
Needless to say, the revelations have provoked strong reactions, with the gist of the privacy community response being ‘we told you so’.
Privacy International said in a statement that the Wikileaks documents “demonstrate what we’ve long been warning about government hacking powers — that they can be extremely intrusive, have enormous security implications, and are not sufficiently regulated.”
It is hard to disagree with that given the contents, but inevitably the US intelligence agencies have been robust, if controversial, in their response.
The Director of the FBI, James Comey, has said: “there is no such thing as absolute privacy in America.”
So, if US citizens were in any doubt, it seems the case is now settled. As far as the US authorities are concerned, privacy is now a thing of the past.