Just as the world comes to some amount of terms with the extent of the NSA’s surveillance capabilities, WikiLeaks has released a trove of information on the CIA’s advanced hacking tools which provide almost unfettered access to smartphones, PCs, and even TVs.
As part of a series on CIA documents entitled ‘Vault 7’, WikiLeaks has released the first complete part called ‘Year Zero’ which is comprised of 8,761 documents and files obtained from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virginia.
If the scale of the hacking tools isn’t scary enough, WikiLeaks claims they have fallen into the hands of people outside the agency to provide them with essentially the entire hacking capacity of the CIA. Acting responsibly, WikiLeaks won’t distribute the tools and will await a consensus on how the ‘weapons’ should be analysed and disarmed before they are published.
"There is an extreme proliferation risk in the development of cyber weapons. Comparisons can be drawn between the uncontrolled proliferation of such weapons, which results from the inability to contain them combined with their high market value, and the global arms trade,” says Julian Assange, WikiLeaks editor. “The significance of ‘Year Zero’ goes well beyond the choice between cyber war and cyber peace. The disclosure is also exceptional from a political, legal and forensic perspective."
Smartphone, TV, and Connected Car Malware
As we make things “smart”, we also make them more vulnerable. This is coming to light more every day as IoT (Internet of Things) devices are hacked to carry out further attacks, steal data, or surveil on their users.
The most widespread smart devices are smartphones and televisions – making them a prime target for hackers and surveillance agencies like the NSA or CIA.
CIA malware and hacking tools are built by EDG (Engineering Development Group) which is a software development group within the CCI (Center for Cyber Intelligence) part of the organisation’s large and complex structure. The group develops, tests, and supports all backdoors, exploits, malicious payloads, trojans, viruses, and any other kind of malware for the CIA.
‘Weeping Angel’ is a program which focuses on infecting smart TVs and turning them into covert microphones. The attack against one large target, Samsung’s smart TVs, was developed in cooperation with the UK’s MI5 and put the infected TV into a “fake-off” mode which continued recording conversations in the room and sending them to a CIA server.
WikiLeaks’ documents also detail that, as of October 2014, the CIA was looking at ways to infect and hijack the control systems of modern connected cars. While it’s not specified why this would benefit the organisation, it would, in theory, allow the CIA to carry out remote assassinations with little chance of detection.
A dedicated Mobile Devices Branch (MDB) of the CIA ensures the organisation can access the world’s most popular smartphone through malware and ‘zero-day’ exploits. Despite the iPhone being a minority in market-share, a unit within the CIA is focused on iOS-based devices. WikiLeaks theorises this extra focus could be due to a popularity of the iPhone in elite circles – including within politics and business.
The CIA doesn’t leave out Android devices, which have the biggest global market share by a wide margin. As of 2016, the CIA has 24 exploits it could use against Android devices.
For both iOS and Android, the CIA either develops its own malware, obtains it from other agencies within the US such as the NSA or FBI, agencies outside the US such as the UK’s GCHQ, or purchase it from cyber arms contractors such as Baitshop.
While most apps now encrypt traffic to prevent interception, the use of exploits on the device allows the agencies to directly obtain information before the encryption is applied in order to circumvent it.
Ongoing hoarding of exploits will be controversial as – under legislation introduced by Obama’s administration known as the Vulnerabilities Equities Process – security agencies must not withhold details of vulnerabilities and instead disclose them to manufacturers to be patched. This is an effort to prevent cybercriminals from discovering and exploiting the vulnerabilities themselves.
Infecting PCs and Routers
PCs remain a high target due to most organisations relying on them, and the CIA’s program to infect Windows, in particular, is staggering.
The CIA’s Automated Implant Branch (AIB) is able to automate infestation by implanting malware hidden as official system updates, including via Windows Update. The names of the related attack systems include ‘Assasin’ and ‘Medusa’.
A specialist Embedded Devices Branch (EDB) develops multi-platform attack and control systems which can exploit Windows, Mac, Solaris, Linux, and more, such as the ‘HIVE’ multi-platform malware suite. Attacks which target internet infrastructure, like routers, are developed by the Network Devices Branch (NDB).
More standard practices are also employed to infect devices including the use of local and remote zero-day exploits similar to those mentioned earlier against iOS and Android devices. A virus the CIA calls ‘Hammer Drill’ can “jump” from device-to-device by infecting software distributed on CDs, removable media such as USB drives can be infected, and data can be hidden in covert disk areas through something the CIA calls “Brutal Kangaroo”.
At this point, we're far from reaching a true conclusion. Thousands of documents have been leaked in this first part alone, and it’s going to take as many man hours to go through them all. As with the leaked NSA documents, we could be hearing new revelations years down the line.
From the small part which has been analysed so far, it’s clear this leak is going to cause even more social and political upset. The documents mention being able to exploit the free borders of the Schengen zone, for example, so CIA hackers can travel without checks across 25 European countries. Some people also believe the CIA used some of their location-spoofing techniques to fabricate some hacks to have come from Russia for political reasons.
We’ll be looking deeper into the leaked documents to see what else we can find, and we’ll be sure to keep you updated with any significant discoveries.
What are your thoughts on WikiLeaks’ CIA documents? Let us know in the comments.
Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.