Tuesday, March 7, 2017

Wikileaks has released Vault7 and it's all about the CIA.

As you are probably aware of, Wikileaks has released it's Vault7 Year Zero trove of CIA documents. The press release for the release can be found here. This particular release, the first is a series that Wikileaks is hyping as the largest intelligence release ever, concerns the CIA hacking tools and supposedly it covers everything they have. Here's a few of the most disturbing revelations from the leak:

1. The CIA has lost control of many of their hacking tools. According to Wikileaks this trove of hacking tools, viruses and exploits were being freely passed around among former CIA employees and contractors. That's how Wikileaks got control of these leaks in the first place.

This is, quite frankly, extremely bad. Given the scale and power of these hacking tools it means that every scary thing that the CIA is capable of could be out in the wilderness under the control of rogue actors or, even worse, foreign governments. I am guessing if one of the contractors saw how important these tools are and provided them to Wikileaks, another could have realized how important they were and sold them to the highest bidder. This is a massive problem and should be a major concern for the Trump White House. Whoever allowed these tools to circulate beyond the CIA, regardless of whatever else happens due to this leak, needs to be punished, not because it got to Wikileaks, but because it may have spread way beyond that.

Keep this in mind as you read the rest of this post or other revelations from the Vault7 series. Every single tool in this toolkit has been allowed out of control of the CIA. Other state actors could indeed have control of these tools and even rouge actors like ISIS and other terror groups could have them now too...

2. Your mobile devices and even your TV are probably compromised and the CIA can easily spy on them if they choose to do so. Both Android and iPhone have several "Zero Day" exploits that the CIA can easily exploit. By doing so they can bypass any encryption on various "safe" apps and programs on these phones. They never get a chance to become encrypted since they compromised. Just assume that if you are an enemy of the CIA, that no mobile device is safe.

Even more disturbing on a personal level for me is that the CIA developed a hack on Samsung Smart TV's. The "Weeping Angel" exploit allows Samsung TV's to operate in a "Fake Off" mode where it appears that the TV is off but is in fact recording everything it can hear with it's internal microphone. This one strikes pretty close to home for me since I own a Samsung Smart TV and I do, in fact, have it running in the background as I write this...

3. The CIA has developed the ability to interfere with vehicles, specifically cars. They can use malware to shut down any car with a computer system. Even worse they could use the same malware to cause a fatal accident, essentially making it an undetectable assassination tool. Finally, now that many cars are connected to the internet, the CIA can upload this malware remotely. Before they had to physically work with the car to infect it with the malware.

The fact that the CIA can do this calls into question several recent deaths, the most notable of which was the death of Buzzfeed and Rolling Stone journalist Michael Hastings. Hastings made several very powerful enemies with his stories on the NSA and General Stanley McChrystal. The CIA was on his list for investigative reporting and some believe that his death was caused by hacking his car.

I personally don't believe that but I think the theory is a lot more credible then it was just a couple of days ago. I think that Hastings was probably driven to suicide or a reckless death to actual harassment by the CIA and other federal agencies but I don't think there was any direct action against him. But the case for assassination, always one of the more credible conspiracy theories, has not become much stronger.

I also have to point out an obvious extension of this program. It's not just cars that are vulnerable to this kind of malware. Airplanes as well could be vulnerable. Though no current airplanes are connected to the internet, it wouldn't be that hard to manually upload malware to interfere with the operation of a plane...

All of this means that we should probably start to investigate every single suspicious car or plane crash for possible CIA or rouge actor involvement. Though I don't know if these viruses would be detectable after a crash, it should still be looked for. And I really think we need to reconsider connecting things that can kill us to the internet... I know for me that I am glad that my 2010 car isn't connected to the internet. If anyone wants to kill me with malware they at least have to work at getting physical access to my car...

4. The CIA developed spoofing software that can fake the digital signature of attacks. These fingerprints can be used to deflect blame on CIA attacks and could be used as a "false flag" attack. The CIA also holds a massive amount of viruses and other programs taken from other sources, like the Russian Federation...

Obviously this throws the entire "Russian hacking" election narrative into doubt. If the CIA is capable of spoofing an attack to make it look like the Russians did something then how do we know they didn't do that here? The evidence that the Russians were the ones that broke into the DNC and John Podesta's account could have been faked out of whole cloth. And since the CIA tools have leaked out into the wilderness it could have been anyone!

All that being said, there is more. For one, this is just release one in a larger project. Wikileaks is saying that this is the largest intelligence release in history and given that history includes the Podesta e-mails, the DNC hack and the Snowden revaluations that is an extraordinary statement. This release alone qualifies for Snowden 2.0. While Snowden aired out the NSA's dirty laundry, it appears that this leaker has done the same thing to the CIA.

Secondly, it is still possible that people will find more interesting things in this release. I personally wasn't able to dig into these files myself but others are doing so and may find something else crazy. I have already seen that the CIA apparently was very interested in internet memes and may have been trying to exploit them, which would be very interesting if it wasn't so sad. Other revelations may come soon.

I am guessing that this leak will be the only one covering the hacking tools of the CIA. Those of you disappointed somehow in this leak should keep heart knowing that more is coming. I won't speculate as to what those further leaks will be, but keep paying attention, they will probably be shocking.

No comments:

Post a Comment