During 2013, without authorization, Edward Snowden leaked classified information showing that the National Security Agency (NSA) of the United States was conducting many global surveillance programs, including those that targeted everyone in America. Snowden was charged with espionage, even though what he revealed showed the NSA was engaged in massive, illegal surveillance activities involving U.S. citizens. Snowden currently lives in exile in Russia.

The WikiLeaks release of “Vault 7” information on Tuesday, March 7, 2017, makes what Snowden did previously, pale in comparison. WikiLeaks reports that this release of Vault 7 information includes 8,761 documents and files that originated from the CIA’s Center for Cyber Intelligence located in Langley, Virginia. There are 7,818 pages of material that describe the CIA’s master plan for global hacking with a strategy called “Year Zero.” The information contained the Vault 7 release covers the period from 2013 to 2016. WikiLeaks intends to publish more information related to these CIA hacking activities as soon as it is ready for release.

Here are 15 ways that these CIA activities could affect you:

15. “Vault 7” Information

The Vault 7 information shows that the Central Intelligence Agency (CIA) of the United States is engaged in extensive “hacking” of computers, computer networks, electronic equipment, mobile phones, and even automobiles that are enabled with smart technology.

Moreover, the CIA has an active campaign of cyber warfare and develops malware, viruses, and other nefarious software applications to support its efforts in cyber warfare. This should come as no surprise to anyone; however, the extent of what the CIA is doing and how they are doing it is shocking.

There is no public oversight regarding these operations. The CIA created this massive hacking effort in order to no longer need to work with the National Security Agency of the United States, which the CIA considers its competition in the American intelligence community. It is likely that even the NSA does not know the full extent of what the CIA is doing regarding hacking activities and cyber warfare.

14. CIA Hacking is on a Global Scale

Every person is a potential target for these CIA hacking activities. They may be negatively impacted directly if they are assumed to be part of a targeted “dissident” group or a “person of interest.” They may be negatively impacted indirectly by the unintentional dissemination of the CIA hacking tools as revealed by the WikiLeaks Vault 7 information release.

When the CIA’s hacking tools fall into the wrong hands, then the tools may be used by rival foreign powers or cyber criminals to attack Americans, American companies, or American interests. The CIA hacking tools were created by over 5,000 programmers and, in total, amount to more programming code than what is needed to operate Facebook.

13. The CIA Lost Control of its Hacking Tools

The CIA made an enormous effort to create an extensive arsenal of hacking tools, which included:

Malware – This is malicious software that disrupts regular computer operations, changes web browser functions, and tries to gather private information. It also may create the opportunity for other malware to propagate on a network.

Malware Remote Control Systems – This allows a hacker to control a system remotely using an unauthorized access.

Trojans – This is a malicious program that is used for hacking because it misleads the user regarding the software’s true intent.

Viruses – A virus is a special kind of malware that when activated tries to distribute itself to infect other computers.

“Zero-Day” Exploits – A zero-day exploit is a weakness in computer software that allows hackers to manipulate the software in ways that the software vendor is not aware of being possible. Until this type of problem is fixed with a “patch,” it may go undetected for an extended period.

The loss of the archive of CIA hacking tools amounts to millions of lines of computer programming code and the associated documentation. The archive has now circulated without authorization among former U.S. government hackers and subcontractors. It is available to those with the resources needed to acquire it through personal connections and/or payment.

12. Year Zero Plans for Using Weaponized “Zero-Day” Exploits

Year Zero plans cover the scope and strategy of the covert global hacking program conducted by the CIA. There are dozens of zero-day exploits that have been weaponized to be used to attack and manipulate many popular American and European products such as the iPhone made by Apple, the Android phone made by Google, Microsoft Windows operating systems, and televisions made by Samsung.

Some of the things weaponized exploits can do is to turn these products into covert listening devices that the user is not aware are operating in that way. A Samsung smart television can appear to be in a fake off mode, while actually remaining on, with the television microphone used as a “bug” (listening device).

11. Assassinations that Look Like Traffic Accidents

The Vault 7 information reveals that the CIA has been working on exploits to infect the operating systems of vehicles that utilize “smart” technology. The movement towards more computer-aided driving and autonomous driving systems provides an opportunity to maliciously control these systems and cause a system failure, such as sudden, uncontrollable acceleration combined with a brake failure, which leads to an accident.

The CIA has a special department called the Embedded Devices Branch (EDB), which works to make devices that create remote control of vehicles and develops “backdoors” to hack into the control systems of these automobiles and trucks enabled with smart technology.

The frequency of road accidents gives the CIA the perfect “cover” if it wants to conduct an assassination using such devices to secretly control a vehicle, thereby making assassinations of this kind undetectable when they appear to simply be an accident.

10. CIA Control of Mobile Phones

The Mobile Device Branch (MDB) of the CIA created numerous hacks used to control smartphones. These hacks developed by the MDB are able to control either iPhones or other Apple products such as the iPad. Other hacks developed by the MDB are able to control smartphones using the Android system that was developed by Google. Over one billion smartphones with the Android operating system were sold during 2016. The CIA has 24 weaponized zero-day exploits that are used to attack Android smartphones.

The CIA weaponized exploits for smartphones allow the CIA to do the following:

1) Have the phone report the location of the user by giving its GPS coordinates, which can be used for capture purposes, a physical attack, or a drone missile strike.

2) Bypass the encryption of the services such as Confide, Cloackman, Signal, Telegram, WhatsApp, and Wiebo because the CIA can capture voice and text messages directly from the smartphone before the encryption is applied to the transmission of the data.

3) Activate the smartphone’s camera and microphone, even when the phone appears to be off.

9. CIA Control of Operating Systems, Networks, Routers, and Devices

No operating system is beyond the CIA’s malware infection. The CIA developed multi-platform malware to infect Windows, Apple’s OSx, Linux, and Solaris operating systems. The Network Devices Branch (NDB) of the CIA is in charge of creating malware that attacks web servers and the Internet infrastructure.

The CIA has malware that is called the “air-jumping” type because it travels from computer to computer on software recorded on CDs and DVDs. The CIA also created malware that infects USB devices and is passed from one computer to another via that route. The CIA malware can even hide in the data of images and other covert areas to be almost undetectable.

The distribution of CIA malware is accomplished using automated infestation methods along with control programs. Two of the known automated attack systems are called Assassin and Medusa.

8. CIA Hoarding of Vulnerabilities

Under President Obama’s administration, due to intense pressure by American technology companies such as Apple, Google, Microsoft, and others, the U.S. government instituted a Vulnerabilities Equities Process, whereby the U.S. government agreed after the year 2010, to disclose any vulnerabilities that government agencies discovered in the products made by U.S. companies.

The leak of Vault 7 information shows that the CIA, in direct breach of the commitment made by the Obama administration, failed to release any of the information about vulnerabilities discovered by the CIA hackers’ team.

Instead, the CIA intended to use the vulnerabilities it discovered for CIA exploitation. The trouble with this strategy is that it left American companies exposed. If the CIA could discover these vulnerabilities, so might a rival foreign power or cyber criminals. This put American companies unnecessarily at risk and was a direct contradiction of President Obama’s executive order.

If the CIA can hack smartphones, this same vulnerability could be exploited by others and puts not only the entire public at risk but also key members of the U.S. Cabinet, Congress, Chief Executives of major corporations, security personnel, system administrators, engineers working with critical American infrastructure, and so forth. Virtually everyone uses these smartphones, especially people holding important positions. That the CIA allowed these known vulnerabilities to persist without warning American companies is incomprehensible.

7. Proliferation of Cyber Weapons

It is not possible to control the spread of cyber weapons. Once a cyber weapon has been developed it is almost impossible to contain it. The very same hackers who develop the program have an unbelievable incentive to distribute it to others. Many are willing to pay hundreds of thousands to millions of dollars to gain access to these cyber weapons.

There is almost no cost to make a copy of the cyber weapon and transmit the data to anyone in the world. There has been an incredible amount of leakage of these cyber weapons because a person who can make them also has the skills to get copies of them to give to others. The biggest risk to the CIA comes from its own hacker workers and many are contract workers just like Edward Snowden was. The now public release of Vault 7 information is proof of this risk.

The CIA has for the past years essentially built up an arsenal of hacking tools, kept the American people and American companies vulnerable, and at the same time allowed the cyber weapons to escape because nothing can really be done to stop this from happening.

6. CIA Hacking Tools are not Classified or Copyrighted

Because it is illegal to put classified information on a public server or to transmit it over the Internet, the CIA hacking tools cannot be classified information. If the hacking tools were classified, the CIA operatives would be breaking U.S. laws every time they tried to use them.

Additionally, due to the U.S. constitution, the CIA can not obtain a copyright on its hacking tools. This means if the hacking tools escape, the CIA has little legal recourse. If a hacker gets access to the CIA hacking tools they are free to pirate them without breaking the law as long as they were not the original person who stole them from the CIA.

Essentially this means the CIA has been a gigantic hacking tools creator and now that all the CIA hacking tools have escaped, they are spreading around the world like wildfire. If the release of Vault 7 information had not occurred through WikiLeaks, the vulnerabilities of the American systems, products, and companies would not have been addressed at all. This is precisely one of the motivations behind why this information is being made public now.

The CIA wanted the loss of its hacking tools arsenal to be kept quiet, regardless of the risk it created for Americans and American companies.

5. U.S. Consulates are a CIA Operation

What every intelligence agency in the world already knows, but the public is less familiar with, is that U.S. consulates serve, at least in part, as CIA covert operational bases. The U.S. consulate in Frankfurt, Germany is the European base for CIA hackers. It is used to hack targets in Europe, Africa, and the Middle East. Once the American CIA hackers enter Germany they are free to travel through 25 European countries that no longer have any border controls.

One reason this is important is that many of the CIA attacks require physical proximity to the systems. For example, a network system that is not connected to the Internet can be penetrated by gaining access from a nearby physical connection. All a CIA agent has to do is somehow gain access to the physical area with a computer on the private network and with the simple insert of a USB device they will be able to install CIA malware on the system.

4. What the CIA Does to Avoid Detection

The CIA team developed very successful hacks that bypass the most popular anti-virus protections and malware removal software. In fact, one of the more effective hacks is to have a fake anti-virus program, which mimics the real one already installed on a computer, appear to be running. This creates a cover for copying and transmitting all the information the CIA wants to collect from a specific computer.

To a user, it appears that a regularly scheduled virus scan of the system is underway causing the activity of accessing the hard drive that seems normal. Meanwhile, the CIA’s fake anti-virus program is ransacking the computer hard drive to pull copies of all the desired files and send them to the CIA control servers.

The CIA is careful not to leave any digital “fingerprints” that connect the CIA malware back to the agency so that it can always claim plausible deniability and put the blame for the malware, if it is discovered, on someone else. To better accomplish this, the CIA uses the digital “fingerprints” of rival nations, such as Russian agencies, as a way to falsely point to the creation of the malware by another foreign government.

3. Customized CIA Attacks

The CIA has a set of protocols that it calls “Fine Dining.” Fine Dining is used by a CIA agent to request the Operational Support Branch (OSB) to create the technological tools for a specific hacking attack. The CIA agent fills out a questionnaire that helps the OSB customize the CIA malware as the needs require.

The information requested on the questionnaire includes:

1) The target of the attack.

2) The type of computer.

3) The computer’s operating system.

4) The Internet connectivity used.

5) The type of anti-virus program(s) installed.

6) What type of files will be exfiltrated (copied and captured by the CIA)?

7) How much time of unobserved access to the computer is possible?

8) If repetitive physical access to the target computer is possible.

Based on the answers to these questions, the OSB, using a program called Improvise, creates the configuration of a set of CIA malware tools needed for the operation.

2. The CIA’s Fake Public Websites with Command and Control

The CIA has a multi-platform suite of malware called Hive. Hive uses “cover” domains that are hosted on public web servers to hide the transmission of information from CIA malware back to CIA headquarters. Each cover domain resolves back to the IP address of a commercial Virtual Private Server (VPS). The CIA malware (called an “implant”) can do many operations. Each operation by the implant uses a different cover domain in order to mimic regular Internet usage.

If the incoming data to the VPS has the correct secured socket layer (SSL) encryption code, then the data passes to a virtual private network (VPN) that links to another server that checks for proper authentication and if this is correct, forwards the data to a Honeycomb server maintained directly by the CIA. If the data does not have the correct SSL encryption key, which can only come from an implant, the request goes to another server that presents a website that does not appear suspicious.

Besides receiving data from the implant, the Honeycomb server can also send commands and control what the implant does on the infected computer.

1. What Wikileaks Redacted

Wikileaks made 70,875 redactions to hide information in this first release of Vault 7 data. Some of this information may be released later. The redactions include IP addresses, names, and email addresses.

In the Vault 7 data, there were tens of thousands of IP addresses with more than 22 thousand IP addresses from computers located in the United States. These IP addresses represent the CIA-targeted computers, CIA computers serving as listening posts, intermediary computers, and computers used for testing the system.

Wikileaks did not release any information contained in any attachments for fear of inadvertently invoking the CIA weaponized malware.

Summary

It is almost unbelievable the extent of the CIA hacking operations. However, with the release of Vault 7 information, the CIA’s global Year Zero strategic plans have been compromised. The real challenge is that the CIA has created an extensive proliferation of hacking tools that can do much harm, which the CIA was not able to contain. Rather than improve America’s security, it seems the actions of the CIA have caused exactly the opposite result to occur. America is now less secure and even more vulnerable to cyber attacks. This is the main conclusion derived from the review of the Vault 7 material.

Source: Wikileaks