6 Scariest Finds from the WikiLeaks CIA Dump

Today’s WikiLeaks CIA data dump, ominously labelled “Year Zero,” is only the first part in a series of releases dubbed “Vault 7.” This is already the largest data dump of its kind, producing head-spinning revelations about the inner workings of the CIA, and how they have far surpassed the NSA in spying capabilities.

The sexiest tidbit of the release, garnering much of the mainstream media’s attention, is the revelation that Samsung Smart TV’s can be turned into bugs capable of becoming inconspicuous living room spies. This fact didn’t even make our list – the severity of what has been exposed is much more nefarious than TV takeovers.

6) The CIA’s hacking arsenal was stolen and released into the wild

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, and weaponized “zero day” exploits, which are known vulnerabilities exposing users. The CIA took advantage of these for their own hacking gains.

They then lost control of this information, which according to WikiLeaks, “amounts to more than several hundred million lines of code, [and] gives its possessor the entire hacking capacity of the CIA.”

That capacity could now be in the hands of criminals, governments, competing intelligence agencies, and high school students alike.

5) Cyber ‘weapons’ for sale?

WikiLeaks states that “[o]ver the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booz Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.” These exfiltrations often involve what have come to be called cyber ‘weapons.’

Cyber ‘weapons’ don’t play by the same rules that plague traditional weapons systems which must contend with physical restrictions. Cyber ‘weapons,’ once created, cannot be reasonably contained, and can spread around the globe in seconds.

There are substantial price incentives for government hackers and consultants to obtain copies of these since there is a global “vulnerability market” that will pay hundreds of thousands to millions of dollars for copies of such ‘weapons’. Similarly, contractors and companies who obtain such ‘weapons’ sometimes use them for their own purposes, obtaining advantage over their competitors in selling ‘hacking’ services.

Several unknown intelligence community members have already been arrested or subject to federal criminal investigations in separate incidents regarding abuse of such information.

4) The CIA hoarded vulnerabilities instead of notifying software makers (ie. Google, Microsoft, etc.)

WikiLeaks reports that the CIA has made a habit of abusing such “zero day” vulnerabilities, or holes in certain software or operating systems which expose users, while neglecting to inform the companies and manufacturers (Apple, Google, etc. ) involved so that the proper patches could be implemented. This is in direct conflict to the promise made by the Obama administration that the government would share any discovered vulnerabilities with US-based manufacturers involved.

The CIA has been knowingly leaving those vulnerable who they are meant to protect. This includes the U.S. Cabinet, Congress, and anyone else living in the 21st Century.

If the CIA can discover such vulnerabilities so can criminals or other governments. Although they might not need to look too hard, due to the runaway hacking arsenal mentioned in #6.

3) The CIA has created, in effect, its “own NSA”

Many Americans have been walking around with the false notion that the NSA is the predominant fly on the wall, obtaining intimate data about them if they so choose. In fact, the CIA has surpassed the “political and budgetary preeminence” of the NSA, according to WikiLeaks.

Instead of sharing their new tricks with the NSA, the CIA kept their controversial operations to themselves as classified “military tools.” The two agencies who are meant to coordinate with one another, have apparently been locked in competition. The NSA may be due for a free upgrade – if the CIA is willing to share.

2) The CIA’s hacking program had no accountability or oversight

The CIA has been able to operate with high levels of secrecy and a shocking lack of oversight by working under what are essentially wartime rules, disguising their activities using military jargon and classifying their “cyber arsenal” for military purposes.

“For instance, attempted ‘malware injections’ (commercial jargon) or ‘implant drops’ (NSA jargon) are being called ‘fires’ as if a weapon was being fired,” WikiLeaks states.

Because of this designation the CIA dramatically increases proliferation risk, as malware such as is used by the CIA is not designed to detonate and disappear, but to live on.

1) The CIA is above the law

Many of the CIA’s hacking “war” tools appear to violate the Fourth Amendment, which should protect individuals from unreasonable searches and seizures.

For instance, the “Hammer Drill” program infects software distributed on CD/DVDs, can attack USB drives, and can hide data in images. All of these types of attacks can easily proliferate, traveling on after their intended target, not to mention how common it is for people to share computers, sell devices, etc. It is reasonable to assume that malware infestations are being spread to perfectly innocent people.

Additionally, WikiLeaks reports that:

“Despite iPhone’s minority share (14.5%) of the global smartphone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. ‘Year Zero’ shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.”

The CIA is then able to bypass the encryption of popular messaging and social media apps to hack the smartphones they run on and collect user data prior to the encryption being applied.

Honorable mention: hacking haven at the U.S. consulate in Frankfurt

The reach of the CIA’s hacking operation extends far beyond U.S. borders. The agency makes use of the U.S. consulate in Frankfurt, Germany as their home base to access the 25 European countries that won’t require additional border checks, allowing for closer access to Europe, the Middle East, and Africa.

But if the above list isn’t enough to have you frantically unplugging your TV’s and switching off your smartphone, just wait…there’s more to come.

Image Source: Wikimedia Commons