WikiLeaks on Tuesday dumped thousands of classified documents onto the Internet, exposing hacking programs used by the U.S. Central Intelligence Agency.
The torrent of data is just the first in a series of dumps WikLeaks is calling “Vault 7.” This first installment includes 8,761 documents and files stolen from an isolated high-security network within the CIA’s Center for Cyber Intelligence in Langley, Virginia.
This first batch of data, according to WikiLeaks, introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal, and dozens of zero-day weaponized exploits against a wide range of U.S. and European company products — among them, Apple’s iPhone, Google’s Android operating system, Microsoft’s Windows OS, and Samsung’s smart TVs, which are turned into covert microphones.
The source leaking the documents to WikiLeaks did so to raise policy questions about the CIA’s hacking program, the organization said, and to open a discussion about the agency’s power and the government’s oversight mechanisms to keep it in check.
The CIA offered a terse response to WikiLeak’s actions: “We do not comment on the authenticity or content of purported intelligence documents,” agency spokesperson Heather Fritz Horniak told TechNewsWorld.
Bigger Than Facebook
According to WikiLeaks, by the end of 2016, the CIA had produced more than a thousand hacking systems, trojans, viruses and other weaponized malware.
“Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook,” it stated.
“The CIA had created, in effect, its ‘own NSA’ with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified,” WikiLeaks contended.
In a departure from the way it has carried out previous data dumps, WikiLeaks appears to have taken some steps to avoid collateral damage from its latest revelations.
“One thing that strikes me this time is the apparent care WikiLeaks took to redact sensitive information,” said Mark Graff, CEO of Tellagraff.
“They were much more responsible this time than they’ve been in the past,” he told TechNewsWorld.
Hurting US Security
WikiLeaks claimed it redacted ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States, and that it avoided including information in its data dump that could lead to the distribution of “armed” cyberweapons.
No matter how careful WikiLeaks may have attempted to be, its “Year Zero” data dump undermines U.S. national security, according to Robert Cattanach, an attorney with Dorsey & Whitney.
“WikiLeaks’ release will rock the intelligence communities,” he told TechNewsWorld.
The CIA’s ability to access the target devices and technologies certainly is compromised, Cattanach maintained, noting that the release appears to contain highly sensitive organizational and operational internal CIA information.
The uses foreign intelligence services might have for such data can only be imagined, he added.
Then there’s the threat of that actual tools the CIA has used for hacking having been obtained but not yet released, Cattanach said.
Loss of Important Tools
Although no source code for the hacking tools appear to have been included in this batch of data, the information that has been released may still be turned into a weapon, noted John Hayes, CTO of BlackRidge Technology.
“There are going to be some very bright people looking at this, and if they’re pointed in the right direction, you may be giving them enough hints to recreate some of this stuff even if they don’t have the source code,” he told TechNewsWorld.
The Vault 7 leaks have the potential to be very damaging to the U.S. intelligence community, said Adam Klein, a senior fellow with the Center for a New American Security.
“It could mean the loss of some very important tools for the intelligence community,” he told TechNewsWorld — “tools that would be directed at great power adversaries: Russia and China, rogue states like Iran and North Korea, terrorist groups, drug traffickers, and criminal enterprises around the world.”
The extent of the damage may be tempered if WikiLeaks has overplayed its hand.
“Given WikiLeaks’ past record, it is unlikely that all or even most of the allegations are true,” maintained James Scott, a senior fellow at the Institute for Critical Infrastructure Technology.
“If nothing else, the tools and malware capabilities provided are not exceptionally devastating over the tools and exploits already available on Deep Web markets and forums,” he told TechNewsWorld.
The first step the U.S. government should take is to authenticate the data in the dump, Scott said.
“If the documents are authentic, then the CIA already knows what secure network was compromised, which tools are now exposed, and what exploits now need to be patched against adversarial use,” he explained.
“After the Snowden incident and the NSA platform leak, it is possible that the agency even has an incident response plan for this scenario,” Scott added.
The Vault 7 material may have been turned over to WikiLeaks by a CIA insider, but the assistance of a nation state can’t be ruled out.
“Some experts are speculating that exfiltration at this scale would necessitate the involvement of a well-resourced nation state threat actor,” Scott said.
“These disclosures help the adversaries of the United States,” Klein added. “That’s not a concern for WikiLeaks, but it’s a concern of me — and it should be a concern of all Americans.”