WikiLeaks
recently published 8,761 pages of
allegedly leaked
Central Intelligence Agency documents - more than was released during the first
three years of the Edward Snowden NSA leaks. And that's just Part One. WikiLeaks
claims it will soon release more CIA files as part of a series called Vault7
that it says will make up the largest intelligence publication in history.
Year Zero
The
first part of the series includes documents from a high-security network
located at the CIA's Center for
Cyber Intelligence
in Langley, Virginia. The leaks expose the direction of the CIA's hacking
program and information on the agency's many zero-day hacking
tools,
attempts to access information that exploits vulnerabilities the user,
developer or vendor is unaware of.
According
to WikiLeaks, the source said they want to begin a public debate about the use
and control of cyberweapons, public oversight of the CIA and whether the agency
is overstepping its authority.
Vulnerabilities in
Smart Devices
It's
not just our phones and computers that keep us connected anymore. More and more
of our devices, from cars and kitchen appliances to streetlights, are being
equipped with internet access and the ability to communicate with each other
online. This web of connected devices, known as the Internet of Things (IoT),
has its benefits but also creates new vulnerabilities for hackers to take
advantage of.
Included
in the leaks were claims that the CIA was working on methods of infiltrating
devices from cars to smart TVs. Many of these devices include microphones for
voice control. Samsung's smart TVs have one and, according to the disclosures,
the CIA devised a way to access the microphone while causing the TV
to appear to be turned off.
The
point of entry, however, was the device's USB port. This means the CIA would
need to have physical access to the TV.
CIA "Hoarded" Vulnerabilities
In
response to lobbying by the technology industry, the Obama Administration committed to alerting
developers like Apple, Google and Microsoft to any vulnerabilities government
agencies discovered in their devices from 2010 and on. WikiLeaks says the
documents show the CIA broke this commitment and "hoarded" many of the
susceptibilities it found.
The
agency's cyberattack method may have allowed them to listen in on smartphone
users and even control their devices. Companies like Apple and Google, though,
are claiming they have already fixed most of the
weaknesses revealed
in the report and say they are working to fix any others that come up.
What Does This Mean
for the CIA?
It's
not clear how many of the CIA's cyberweapons this leak disclosed, but this
incident will likely have some implications for the agency. First of all, if
the CIA wants to continue working on infiltrating these devices, they'll need
to start over, as any progress they made has now been revealed and the
vulnerabilities they discovered will now be covered up.
This
new information will also likely spark a public debate on government's use of
cyberweapons. If this results in Congressional action, it may change the way
intelligence agencies operate.
This
event will also erode some citizens' trust in their government. The CIA will
lose the trust of the tech industry due to the fact that they did not divulge the
susceptibilities they discovered.
What Does This Mean
for Me?
Vault7
will probably cause some citizens to become warier of their government. The
leaked documents demonstrate how much power the CIA could have if successful in
its hacking attacks. The agency would have the power to listen in on anybody at
any time. As WikiLeaks points
out,
controlling a vehicle would allow the agency to execute assassinations without
a trace. If someone doesn't trust the government, these revelations could be extremely
disconcerting.
Even
if you do trust the CIA, these leaks still uncover a frightening reality. The
more connected we become, the more vulnerable we are to cyberattacks. If the
CIA can find ways to infiltrate our devices, so can other people. WikiLeaks
also notes that the CIA's cyberweapon archive appears to have been circulated among government hackers and contractors without proper
authorization. If these weapons were to fall into the wrong hands, serious
damage could be done.
If
you're concerned about cyberattacks on your devices, there are some precautions
you can take. Keep your software as up-to-date as possible and change your
passwords regularly. Never use the default password on connected devices. Also,
when contracting with IT professionals, choose technical
specialists under employee status for more peace-of-mind.
The
vast array of newly internet-connected devices we're using makes our lives more
convenient and productive, but also creates additional ways for hackers to
access our information. The first installment of the Vault7 leaks reveals just
how vulnerable we are. They also expose the lengths to which some in the government
will go in order to take advantage of these susceptibilities, whether you
believe they do it for noble reasons or not.
For
now, the world will continue to analyze these disclosures while anxiously
awaiting WikiLeaks' next release of Vault7 documents.
##
About the Author
Kayla Matthews is a tech-loving blogger who writes and edits ProductivityBytes.com. Follow her on Twitter to read all of her latest posts!
Image by Negative Space