Back to Insights
Vault 7: WikiLeaks Dumps Massive Trove of Alleged CIA Hacking Tools
March 7, 2017 | Insider Threats
By Chris Gonsalves, IANS Director of Technology Research
Information security professionals on Tuesday were scrambling to make sense of a sizable dump of alleged CIA surveillance tools and techniques that appears to detail methods for hacking into networks, computers, smartphones and internet-connected consumer devices such as smart TVs.
Notorious document leakers WikiLeaks released the trove of nearly 8,000 pages and 1,000 attachments, which includes supposed details of the CIA’s hacking arsenal such as malware, viruses, trojans, weaponized zero-day exploits and malware remote control systems. WikiLeaks officials said the Tuesday document dump, dubbed Vault 7, constitutes “the largest ever publication of confidential documents on the agency” and is just the first part of what it promises will be an ongoing release with “several hundred million lines of code” comprising “the entire hacking capacity of the CIA.”
While security industry insiders work to verify the authenticity -- and relative importance -- of the documents and the code in the release, the claims raising the most concern include details of the CIA’s ability to work around encryption efforts in popular mobile messaging apps by capturing message data in compromised endpoints prior to encryption. The Vault 7 release indicates robust and focused efforts by the CIA to develop and hoard exploits targeting Apple's iPhone, Google's Android and Microsoft’s Windows operating systems.
Perhaps most damaging, the release, which includes verifiable CIA code names and organization charts, exposes CIA playbooks showing how the agency conducts operations, evades detection and deploys malware.
According to a statement from WikiLeaks accompanying the Vault 7 dump, the CIA over the past seven years has been developing an elite hacking division to compete with its main cyber-intelligence rival, the NSA. By last year, the CIA hacking unit, which falls under the Center for Cyber Intelligence, had more than 5,000 registered users and “had produced more than a thousand hacking systems, trojans, viruses and other weaponized malware.”
The collection of CIA hacking tools and techniques, many of which appear fairly routine on first inspection, “appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive,” WikiLeaks officials said. Dates on the released documents range from 2013 to 2016.
If ultimately proven authentic, the Vault 7 document collection will also be notable for revealing:
- In addition to its operations in Langley, Va., the CIA also uses the U.S. consulate in Frankfurt, Germany, as a covert base for hackers working in Europe, the Middle East and Africa.
- The CIA's arsenal includes numerous local and remote zero days obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop.
- CIA hackers have developed successful attacks against most well known anti-virus programs and have targeted anti-exploitation defenses such as EMET.
“Honestly, this pretty much kills large aspects of the United States offensive capabilities, techniques, and ability to perform operations,” noted security expert and IANS Faculty Dave Kennedy said on Twitter in the wake of the Vault 7 release.
“While I agree on having debate on what the government should be able to do and oversight in that, this is something different,” Kennedy said. “To me, this seems extremely aggressive for WikiLeaks, more than I’ve ever seen. This really hurts operations abroad for true hostiles.
"Truth of the matter is if I was an adversary against the United States, this is exactly what I would do…Burn capabilities globally,” added Kennedy.
| Faculty Report
IANS Vulnerability and Breach Update: Q3 2017
M&A Playbook: Merging Domains in the Cloud
Phishing Stories From the Wild
Poll: Does Tagging External Email Promote Awareness?