Virtualization Technology News and Information
The CIA's "Vault7" Leak: What You Need to Know

CIA Hack 

WikiLeaks recently published 8,761 pages of allegedly leaked Central Intelligence Agency documents - more than was released during the first three years of the Edward Snowden NSA leaks. And that's just Part One. WikiLeaks claims it will soon release more CIA files as part of a series called Vault7 that it says will make up the largest intelligence publication in history.

Year Zero

The first part of the series includes documents from a high-security network located at the CIA's Center for Cyber Intelligence in Langley, Virginia. The leaks expose the direction of the CIA's hacking program and information on the agency's many zero-day hacking tools, attempts to access information that exploits vulnerabilities the user, developer or vendor is unaware of.

According to WikiLeaks, the source said they want to begin a public debate about the use and control of cyberweapons, public oversight of the CIA and whether the agency is overstepping its authority.

Vulnerabilities in Smart Devices

It's not just our phones and computers that keep us connected anymore. More and more of our devices, from cars and kitchen appliances to streetlights, are being equipped with internet access and the ability to communicate with each other online. This web of connected devices, known as the Internet of Things (IoT), has its benefits but also creates new vulnerabilities for hackers to take advantage of.

Included in the leaks were claims that the CIA was working on methods of infiltrating devices from cars to smart TVs. Many of these devices include microphones for voice control. Samsung's smart TVs have one and, according to the disclosures, the CIA devised a way to access the microphone while causing the TV to appear to be turned off.

The point of entry, however, was the device's USB port. This means the CIA would need to have physical access to the TV.

CIA "Hoarded" Vulnerabilities

In response to lobbying by the technology industry, the Obama Administration committed to alerting developers like Apple, Google and Microsoft to any vulnerabilities government agencies discovered in their devices from 2010 and on. WikiLeaks says the documents show the CIA broke this commitment and "hoarded" many of the susceptibilities it found.

The agency's cyberattack method may have allowed them to listen in on smartphone users and even control their devices. Companies like Apple and Google, though, are claiming they have already fixed most of the weaknesses revealed in the report and say they are working to fix any others that come up.

What Does This Mean for the CIA?

It's not clear how many of the CIA's cyberweapons this leak disclosed, but this incident will likely have some implications for the agency. First of all, if the CIA wants to continue working on infiltrating these devices, they'll need to start over, as any progress they made has now been revealed and the vulnerabilities they discovered will now be covered up.

This new information will also likely spark a public debate on government's use of cyberweapons. If this results in Congressional action, it may change the way intelligence agencies operate.

This event will also erode some citizens' trust in their government. The CIA will lose the trust of the tech industry due to the fact that they did not divulge the susceptibilities they discovered.

What Does This Mean for Me?

Vault7 will probably cause some citizens to become warier of their government. The leaked documents demonstrate how much power the CIA could have if successful in its hacking attacks. The agency would have the power to listen in on anybody at any time. As WikiLeaks points out, controlling a vehicle would allow the agency to execute assassinations without a trace. If someone doesn't trust the government, these revelations could be extremely disconcerting.

Even if you do trust the CIA, these leaks still uncover a frightening reality. The more connected we become, the more vulnerable we are to cyberattacks. If the CIA can find ways to infiltrate our devices, so can other people. WikiLeaks also notes that the CIA's cyberweapon archive appears to have been circulated among government hackers and contractors without proper authorization. If these weapons were to fall into the wrong hands, serious damage could be done.

If you're concerned about cyberattacks on your devices, there are some precautions you can take. Keep your software as up-to-date as possible and change your passwords regularly. Never use the default password on connected devices. Also, when contracting with IT professionals, choose technical specialists under employee status for more peace-of-mind.

The vast array of newly internet-connected devices we're using makes our lives more convenient and productive, but also creates additional ways for hackers to access our information. The first installment of the Vault7 leaks reveals just how vulnerable we are. They also expose the lengths to which some in the government will go in order to take advantage of these susceptibilities, whether you believe they do it for noble reasons or not.

For now, the world will continue to analyze these disclosures while anxiously awaiting WikiLeaks' next release of Vault7 documents.


About the Author

Kayla Matthews is a tech-loving blogger who writes and edits Follow her on Twitter to read all of her latest posts!

Image by Negative Space

Published Monday, March 13, 2017 7:31 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2017>