Paranoid Technology All things cybersecurity


Initial Thoughts on WikiLeaks Vault 7 Leak Series

WikiLeaks issued a Press Release yesterday  announcing a new series of leaks from the CIA that they code named "Vault 7", claiming that it is the largest classified information leak from the agency.  The way the documents are distributed makes it difficult to confirm authenticity, but historically where there is smoke there is fire, and later releases may provide more proof. A quick glance reveals it is the continuum of the joint operation between the US and the UK – showing that the CIA has created an internal hacking capability for delivering signals intelligence and tailored access capabilities that rivals that of the NSA.  Exploit sets range from Android, iOS smartphones to Samsung TVs, Linux, Mac, Windows 0 day attacks and more.

What is also interesting is, it shows the distrust between the agencies...

From a review of the documents, the scale and scope of the CIA's hacking ability is significant – as WikiLeaks describes:

“By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”

What is targeted? Pretty much everything that is connected…

In a project called Fine Dining – popular applications like Thunderbird, Chrome, Sophos Virus Removal Tool, Kaspersky TDSS Killer, McAfee Stinger, Skype, LibreOffice, Notepad++  are susceptible to dynamic link library (DLL) hijacking.  Signal, WhatsApp, and others are seemingly in the cross hairs of the CIA, however there is no evidence that these apps are compromised; what the documents show is that the agency is capable of breaking into a range of devices including smartphones and tampering with their security libraries to bypass the encryption; once a device is pwned it’s pwned anyway so no surprise there.  It's also possible to infer something of the theater of operations  – for example the “Small Routers” document focuses on Routers in Pakistan and China, as well as routers popular in Amazon.

No one should be shocked by all this - just look at the global reach of the CIA, and kudos to them for catching up with the times and investing in the right areas...  What should be worrisome is that these toolsets are proliferating, increasingly used by governments to monitor citizens, and that more aggressive and invasive variations will result from either a release of the sources or even from clues in these documents.  The average user has no way to know if they're compromised, and even sophisticated users will need to expend some effort to know; more technical details may come, but for now, how do you know if the CIA is watching you?  You don't.

This wikileak points to increasing erosion of public safety - despite having these tools at hand, world governments (US, UK, Germany) continue to push for encryption back doors. Equation Group’s leak (NSA) late 2016 and this latest CIA leak once again prove all organizations have their OpSec issues - the three letter agencies are themselves at risk; backdoors, once discovered, work just as well for foreign spies, cyber-criminals and script kiddies.  Who is protecting the innocent? 

With this as backdrop and 5G on the horizon, one can visualize a world of unprecedented connectivity - self driving cars, IoT, connected medical devices, smart grid is here; impacting real human beings. Security must become part of the average person's mindset - what's the risk of adopting technology?  what's the value of better security?  Vote with your dollars, and vendors will have to re-prioritize.  While this shift is in progress, it's likely to get worse before it gets better; people will start shying away from technology and wondering what their TV does with all the conversation it listens to.

Meanwhile, if your Smart TV gets ransomware don't be alarmed ...

Comments (0) Trackbacks (0)

Sorry, the comment form is closed at this time.

Trackbacks are disabled.