WikiLeaks' "Vault 7": How the latest dump affects the CIA and national security
WikiLeaks continues to be a thorn in the CIA's side.
On Tuesday, the group released what it said is a trove of documents, which it’s calling “Vault 7,” that shows how the CIA turns cell phones, computers and “smart” devices into listening devices. According to WikiLeaks, the CIA “recently ... lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation.”
"The entire hacking capacity of the CIA"
WikiLeaks claims to have the CIA's arsenal of hacking tools at its fingertips. The trove contains “more than several hundred million lines of code,” which represent “the entire hacking capacity of the CIA,” WikiLeaks said in a statement released alongside the documents.
The CIA would neither confirm nor deny the authenticity of the documents. However, it “all but said they were genuine Wednesday,” according to the New York Times, when it issued a statement condemning WikiLeaks.
“The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community’s ability to protect America against terrorists and other adversaries,” the agency said. “Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm.”
According to the Times:
The documents, taken at face value, suggest that American spies had designed hacking tools that could breach almost anything connected to the internet — smartphones, computers, televisions — and had even found a way to compromise Apple and Android devices. But whether the CIA had successfully built and employed them to conduct espionage remained unclear on Wednesday.
“It looks like really the backbone of their network exploitation kit,” a source cited as “a former hacker who worked for the National Security Agency” told the Washington Post.
But, as the Times also pointed out, much of what’s in the leak appears to affect older devices with “known security flaws.”
One document, for instance, purports to show how the CIA allows agents to “rapidly copy 3.5" floppy disks in a covert manner.” Two others purport to show how the CIA hacks devices running iOS, such as iPhones and iPads, and Android devices.
"Already patched"
Apple says it’s already fixed most of the issues identified by WikiLeaks. “While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” the company told TechCrunch.
"We are aware of the report and are looking into it," a spokesman from Microsoft told BBC News.
WikiLeaks claims to have released less than 1% of the documents in its possession. If the group is sitting on documents that show how the CIA exploits more modern devices, such a leak could prove damaging both to the agency’s reputation and to its ability to gather intelligence.