Jump to content

Vault 7: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Undid revision 769626918 by Guccisamsclub (talk) these sources are about Vault 7. you're removing content that you don't ever bother to read?
section with quotes by "Zeynep Tufekci" have nothing to do with vault 7, they are about wikileaks in general. This should go in the Wikileaks article, not vault 7 as its scope is much to broad
Line 63: Line 63:
=== Allegations and criticisms concerning Vault 7 release ===
=== Allegations and criticisms concerning Vault 7 release ===
WikiLeaks has been criticized for making misleading claims about the contents of its Vault 7 leaks.<ref name=":7">{{Cite news|url=https://www.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html|title=The Truth About the WikiLeaks C.I.A. Cache|last=Tufekci|first=Zeynep|date=2017-03-09|work=The New York Times|access-date=2017-03-10|issn=0362-4331}}</ref><ref name=":21">{{Cite news|url=http://thehill.com/policy/cybersecurity/323051-experts-say-wikileaks-exaggerating-contents-of-cia-documents|title=Experts say WikiLeaks exaggerating contents of CIA documents|last=Rupert|first=Evelyn|date=2017-03-08|work=TheHill|access-date=2017-03-10}}</ref><ref name=":33">{{Cite news|url=http://www.pcworld.com/article/3178072/security/cia-made-malware-now-antivirus-vendors-can-find-out.html|title=Did the CIA hack you? Wikileaks leak may allow antivirus vendors to tell|work=PCWorld|access-date=2017-03-10|language=en}}</ref><ref name=":34">{{Cite news|url=https://www.wired.com/2017/03/wikileaks-cia-hack-signal-encrypted-chat-apps/|title=The CIA Can’t Crack Signal and WhatsApp Encryption, No Matter What You’ve Heard|last=Barrett|first=Brian|work=WIRED|access-date=2017-03-10|language=en-US}}</ref> Media outlets have also been criticized for uncritically reporting WikiLeaks' own descriptions of the contents, some of which the outlets later retracted.<ref name=":7" /><ref name=":21" /> When WikiLeaks released its Vault 7 documents, it suggested that the CIA had the means to bypass the encryption on messaging apps such as WhatsApp and Signal and hack into iPhones. Some security experts have said that there is no evidence for that in the leaks, while others have claimed that the direct capture of user input (through keylogging and recording of the user interface) can capture the information before it is sent, and therefore before it has been encrypted by the app.<ref name="Wired" /><ref name=":33" /><ref name=":7" /><ref>{{Cite news|url=http://uk.businessinsider.com/wikileaks-cia-files-apple-iphone-hacks-zero-days-2017-3?r=US&IR=T|title=Everyone is talking about WikiLeaks' massive CIA data dump — here's what's going on|work=Business Insider|access-date=2017-03-10|language=en}}</ref><ref>{{Cite news|url=https://www.forbes.com/sites/mattdrange/2017/03/07/no-encrypted-messaging-apps-are-not-broken-but-document-dump-shows-ios-and-android-are-vulnerable/#662d88fb40a5|title=WikiLeaks Documents Show CIA Can Hack iOS And Android, But Not Encrypted Messaging Apps|last=Drange|first=Matt|work=Forbes|access-date=2017-03-10}}</ref><ref>{{Cite news|url=http://news.wabe.org/post/wikileaks-releases-what-it-calls-cia-trove-cyber-espionage-documents|title=WikiLeaks Releases What It Calls CIA Trove Of Cyber-Espionage Documents|last=Domonoske|first=Camila|access-date=2017-03-10|language=en}}</ref><ref name=":34" />
WikiLeaks has been criticized for making misleading claims about the contents of its Vault 7 leaks.<ref name=":7">{{Cite news|url=https://www.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html|title=The Truth About the WikiLeaks C.I.A. Cache|last=Tufekci|first=Zeynep|date=2017-03-09|work=The New York Times|access-date=2017-03-10|issn=0362-4331}}</ref><ref name=":21">{{Cite news|url=http://thehill.com/policy/cybersecurity/323051-experts-say-wikileaks-exaggerating-contents-of-cia-documents|title=Experts say WikiLeaks exaggerating contents of CIA documents|last=Rupert|first=Evelyn|date=2017-03-08|work=TheHill|access-date=2017-03-10}}</ref><ref name=":33">{{Cite news|url=http://www.pcworld.com/article/3178072/security/cia-made-malware-now-antivirus-vendors-can-find-out.html|title=Did the CIA hack you? Wikileaks leak may allow antivirus vendors to tell|work=PCWorld|access-date=2017-03-10|language=en}}</ref><ref name=":34">{{Cite news|url=https://www.wired.com/2017/03/wikileaks-cia-hack-signal-encrypted-chat-apps/|title=The CIA Can’t Crack Signal and WhatsApp Encryption, No Matter What You’ve Heard|last=Barrett|first=Brian|work=WIRED|access-date=2017-03-10|language=en-US}}</ref> Media outlets have also been criticized for uncritically reporting WikiLeaks' own descriptions of the contents, some of which the outlets later retracted.<ref name=":7" /><ref name=":21" /> When WikiLeaks released its Vault 7 documents, it suggested that the CIA had the means to bypass the encryption on messaging apps such as WhatsApp and Signal and hack into iPhones. Some security experts have said that there is no evidence for that in the leaks, while others have claimed that the direct capture of user input (through keylogging and recording of the user interface) can capture the information before it is sent, and therefore before it has been encrypted by the app.<ref name="Wired" /><ref name=":33" /><ref name=":7" /><ref>{{Cite news|url=http://uk.businessinsider.com/wikileaks-cia-files-apple-iphone-hacks-zero-days-2017-3?r=US&IR=T|title=Everyone is talking about WikiLeaks' massive CIA data dump — here's what's going on|work=Business Insider|access-date=2017-03-10|language=en}}</ref><ref>{{Cite news|url=https://www.forbes.com/sites/mattdrange/2017/03/07/no-encrypted-messaging-apps-are-not-broken-but-document-dump-shows-ios-and-android-are-vulnerable/#662d88fb40a5|title=WikiLeaks Documents Show CIA Can Hack iOS And Android, But Not Encrypted Messaging Apps|last=Drange|first=Matt|work=Forbes|access-date=2017-03-10}}</ref><ref>{{Cite news|url=http://news.wabe.org/post/wikileaks-releases-what-it-calls-cia-trove-cyber-espionage-documents|title=WikiLeaks Releases What It Calls CIA Trove Of Cyber-Espionage Documents|last=Domonoske|first=Camila|access-date=2017-03-10|language=en}}</ref><ref name=":34" />

According to University of North Carolina Professor Zeynep Tufekci, this is part of a pattern of behavior. According to Tufekci, there are three steps to WikiLeaks' "disinformation campaigns": "The first step is to dump many documents at once — rather than allowing journalists to scrutinize them and absorb their significance before publication. The second step is to sensationalize the material with misleading news releases and tweets. The third step is to sit back and watch as the news media unwittingly promotes the WikiLeaks agenda under the auspices of independent reporting."<ref name=":72">{{Cite news|url=https://www.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html|title=The Truth About the WikiLeaks C.I.A. Cache|last=Tufekci|first=Zeynep|date=2017-03-09|work=The New York Times|access-date=2017-03-10|issn=0362-4331}}</ref>


== See also ==
== See also ==

Revision as of 18:47, 10 March 2017

Vault 7 is a series of documents that WikiLeaks began to release on March 7, 2017, that detail activities of the United States Central Intelligence Agency to perform electronic surveillance and cyber warfare. The files, dated from 2013–2016, include details on the agency's software capabilities, such as the ability to compromise smart TVs,[1] web browsers (including Firefox, Google Chrome, and Microsoft Edge), and the operating systems of most smartphones (including Apple's iOS and Google's Android), as well as other operating systems such as Microsoft Windows, macOS, and Linux.

Release

The first batch of documents to be released consisted of 7,818 web pages with 943 attachments, purportedly from the Center for Cyber Intelligence,[2] which already contains more pages than Edward Snowden's NSA release.[3] WikiLeaks did not name the source but said that the files had "circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."[1] According to WikiLeaks, the source "wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons" since these tools raise questions that "urgently need to be debated in public, including whether the C.I.A.'s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency."[1]

WikiLeaks redacted names and other identifying information from the documents before their release,[1] while attempting to allow for connections between people to be drawn via unique identifiers generated by WikiLeaks.[4] It also said that it would postpone releasing the source code for the cyber weapons, which is reportedly several hundred million lines long, "until a consensus emerges on the technical and political nature of the C.I.A.'s program and how such 'weapons' should be analyzed, disarmed and published."[1] WikiLeaks founder Julian Assange claimed this was only part of a larger series, saying "Vault 7 is the most comprehensive release of US spying files ever made public".[3]

On March 8, 2017, the CIA released a statement saying, "The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community's ability to protect America against terrorists or other adversaries. Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm."[5]

Authenticity

When asked about their authenticity CIA spokesperson and former Director of National Intelligence Michael Hayden replied that the organization does "not comment on the authenticity or content of purported intelligence documents",[1] but, speaking on condition of anonymity, current and former intelligence officials said that the documents appear to be authentic.[6]

According to Edward Snowden, former NSA employee and whistleblower, the documents "look authentic."[7] Robert M. Chesney, a law professor at the University of Texas and Director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), likened the Vault 7 to NSA hacking tools disclosed in 2016 by a group calling itself The Shadow Brokers.[1]

Organization of US cyber warfare

WikiLeaks said that the documents came from "an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia."[8] The documents allowed WikiLeaks to partially determine the structure and organization of the CCI. The CCI reportedly has an entire unit devoted to compromising Apple products.[7]

The US government reportedly uses its Consulate General in Frankfurt, Germany as a base for cyber operations. This diplomatic representation was known to be the largest US consulate worldwide, in terms of both personnel and facilities, and has played a prominent role in the US government's intelligence architecture for years. The intelligence personnel including CIA agents, NSA spies, military secret service personnel, the US Department of Homeland Security employees and the Secret Service employees are working in the building complex with high walls and barbed wire in the north of the city. In a radius of about 40 kilometers around Frankfurt, the Americans had also established a dense network of outposts and shell companies in Frankfurt. WikiLeaks documents reveal the Frankfurt hackers, part of the Center for Cyber Intelligence Europe (CCIE), were given cover identities and diplomatic passports to obfuscate customs officers to gain entry to Germany.[7][9]

UMBRAGE

The documents reportedly revealed that the agency had amassed a large collection of cyberattack techniques and malware produced by other hackers. This library was reportedly maintained by the CIA's Remote Devices Branch's UMBRAGE group, with examples of using these techniques and source code contained in the "Umbrage Component Library" git repository. According to WikiLeaks, by recycling the techniques of others, UMBRAGE can not only increase its total number of attacks,[10] but can also be used to mislead forensic investigators by disguising CIA attacks as the work of other hackers and nations, including Russia.[1][7] According to a study by The Intercept however,[11] the main purpose of UMBRAGE appears to be the former: to save development time and increase output by recycling code[10] developed by others. Robert Graham, CEO of Errata Security told The Intercept, that code referenced in the UMBRAGE documents is "extremely public", and is likely used by a multitude of groups and state actors. Graham added that:

“What we can conclusively say from the evidence in the documents is that they’re creating snippets of code for use in other projects and they’re reusing methods in code that they find on the internet. (...) Elsewhere they talk about obscuring attacks so you can’t see where it’s coming from, but there’s no concrete plan to do a false flag operation. They’re not trying to say ‘We’re going to make this look like Russia’.”

Compromised technology and software

Smartphones

The electronic tools can reportedly compromise both Apple's iOS and Google's Android operating systems. By adding malware to the Android operating system, the agency can gain access to secure communications made on a device.[12]

Apple stated that "many of the issues leaked today were already patched in the latest iOS," and that the company "will continue work to rapidly address any identified vulnerabilities".[13]

Messaging services

According to WikiLeaks, once an Android smartphone is penetrated the agency can collect "audio and message traffic before encryption is applied".[1] Some of the agency's software is reportedly able to gain access to messages sent by instant messaging services.[1] This method of accessing messages differs from obtaining access by decrypting an already encrypted message, which has not yet been reported.[12] While the encryption of messengers that offer end-to-end encryption, such as Telegram, WhatsApp and Signal, wasn't reported to be cracked, their encryption can be bypassed by capturing input before their encryption is applied, by methods such as keylogging and recording the touch input from the user.[12]

Vehicle control systems

See also: Car hacking

One document reportedly showed that the CIA was researching ways to infect vehicle control systems. WikiLeaks stated, "The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations."[14][7] This statement brought renewed attention to conspiracy theories surrounding the death of Michael Hastings.[15][14]

Weeping Angel

One of the software suites, reportedly code-named "Weeping Angel", is claimed to be able to use Samsung smart televisions as covert listening devices. In June 2014, the CIA with British intelligence's MI5 held a joint workshop to improve the "Weeping Angel" hack, which appears to have specifically targeted Samsung's F8000 series TVs released in 2013. It would allow an infected smart television to be used "as a bug, recording conversations in the room and sending them over the internet to a covert C.I.A. server" even if it appears to be off.[1]

Windows

The documents refer to a "Windows FAX DLL injection" exploit in Windows XP, Windows Vista and Windows 7 operating systems.[2] A spokesperson from Microsoft said, "We are aware of the report and are looking into it."[16]

Also included within the leaks were copy-and-paste code which allowed for privilege escalation in a Windows 7 environment. This code allows an attacker to bypass the normal User Account Control (UAC) window which is displayed when a program is attempting to run with administrative privileges essentially allowing arbitrary code to be executed with administrative privileges without the end user's knowledge.[17]

UEFI

Copy-and-paste code was included in the leaks which allow for the exploitation of UEFI-based boot systems by altering the operating system's kernel which is loaded into memory before exiting the UEFI boot sequence. The copy-and-paste code allows for an attacker to insert a custom hook which can be used to arbitrarily alter the operating system's kernel in memory immediately before execution control is handed to the kernel.[18]

Commentary

Lee Mathews, a contributor to Forbes, wrote that most of the hacking techniques "revealed" in Vault 7 were already known to cybersecurity experts around the world.[19]

Edward Snowden commented on the importance of the release, stating that it reveals the United States Government to be "developing vulnerabilities in US products" and "then intentionally keeping the holes open", which he considers highly reckless.[20]

Nathan White, Senior Legislative Manager at Access Now, wrote:[21]

Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them. The United States is supposed to have a process that helps secure our digital devices and services — the 'Vulnerabilities Equities Process.' Many of these vulnerabilities could have been responsibly disclosed and patched. This leak proves the inherent digital risk of stockpiling vulnerabilities rather than fixing them.

Allegations and criticisms concerning Vault 7 release 

WikiLeaks has been criticized for making misleading claims about the contents of its Vault 7 leaks.[22][23][24][25] Media outlets have also been criticized for uncritically reporting WikiLeaks' own descriptions of the contents, some of which the outlets later retracted.[22][23] When WikiLeaks released its Vault 7 documents, it suggested that the CIA had the means to bypass the encryption on messaging apps such as WhatsApp and Signal and hack into iPhones. Some security experts have said that there is no evidence for that in the leaks, while others have claimed that the direct capture of user input (through keylogging and recording of the user interface) can capture the information before it is sent, and therefore before it has been encrypted by the app.[12][24][22][26][27][28][25]

See also

2

References

  1. ^ a b c d e f g h i j k Shane, Scott; Mazzetti, Mark; Rosenberg, Matthew (7 March 2017). "WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents". The New York Times. Retrieved 7 March 2017.
  2. ^ a b "WikiLeaks claims to release thousands of CIA documents". CBS News. Associated Press. Mar 7, 2017. Retrieved 2017-03-07. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  3. ^ a b "WikiLeaks publishes massive trove of CIA spying files in 'Vault 7' release". The Independent. 7 March 2017. Retrieved 7 March 2017.
  4. ^ "Vault7 - Home". WikiLeaks. "Redactions" section. Retrieved 10 March 2017.
  5. ^ Berke, Jeremy (8 March 2017). "CIA: Americans 'should be deeply troubled' by WikiLeaks' disclosure". Business Insider. Retrieved 10 March 2017.
  6. ^ Ross, Brian; Gordon Meek, James; Kreider, Randy; Kreutz, Liz (8 March 2017). "WikiLeaks docs allege CIA can hack smartphones, expose Frankfurt listening post". ABC News.
  7. ^ a b c d e Cody Derespina (7 March 2017). "WikiLeaks releases 'entire hacking capacity of the CIA'". Fox News. Retrieved 7 March 2017.
  8. ^ Satter, Raphael (7 March 2017). "WikiLeaks publishes CIA trove alleging wide scale hacking". Boston.com. Retrieved 7 March 2017.
  9. ^ Goetz, John; Obermaier, Frederik (7 March 2017). "Frankfurter US-Konsulat soll Spionagezentrale sein" [Frankfurt's US Consulate is to be an espionage center]. Süddeutsche Zeitung (in German).
  10. ^ a b Zetter, Kim. "WikiLeaks Files Show the CIA Repurposing Hacking Code To Save Time, Not To Frame Russia". The Intercept. Retrieved 9 March 2017.
  11. ^ Cimpanu, Catalin. "Vault 7: CIA Borrowed Code from Public Malware". Bleeping Computer. Retrieved 8 March 2017.
  12. ^ a b c d Barrett, Brian (7 March 2017). "The CIA Can't Crack Signal and WhatsApp Encryption, No Matter What You've Heard". Wired. Retrieved 8 March 2017.
  13. ^ McCormick, Rich (8 March 2017). "Apple says it's already patched 'many' iOS vulnerabilities identified in WikiLeaks' CIA dump". The Verge. Retrieved 8 March 2017.
  14. ^ a b "WikiLeaks 'Vault 7' dump reignites conspiracy theories surrounding death of Michael Hastings". The New Zealand Herald. 8 March 2017. Retrieved 8 March 2017.
  15. ^ Prince, S. J. (7 March 2017). "WikiLeaks Vault 7 Conspiracy: Michael Hastings Assassinated by CIA Remote Car Hack?". Heavy.com. Retrieved 8 March 2017.
  16. ^ "Apple, Samsung and Microsoft react to Wikileaks' CIA dump". BBC. 8 March 2017. Retrieved 9 March 2017.
  17. ^ "Elevated COM Object UAC Bypass (WIN 7)".
  18. ^ "ExitBootServices Hooking". WikiLeaks.
  19. ^ Mathews, Lee. "WikiLeaks Vault 7 CIA Dump Offers Nothing But Old News". Forbes. Retrieved 9 March 2017.
  20. ^ "Edward Snowden on Twitter". Twitter. Retrieved 8 March 2017.
  21. ^ "Alleged CIA documents show urgent need to limit government hacking – Access Now". Access Now. 7 March 2017. Retrieved 8 March 2017.
  22. ^ a b c Tufekci, Zeynep (2017-03-09). "The Truth About the WikiLeaks C.I.A. Cache". The New York Times. ISSN 0362-4331. Retrieved 2017-03-10.
  23. ^ a b Rupert, Evelyn (2017-03-08). "Experts say WikiLeaks exaggerating contents of CIA documents". TheHill. Retrieved 2017-03-10.
  24. ^ a b "Did the CIA hack you? Wikileaks leak may allow antivirus vendors to tell". PCWorld. Retrieved 2017-03-10.
  25. ^ a b Barrett, Brian. "The CIA Can't Crack Signal and WhatsApp Encryption, No Matter What You've Heard". WIRED. Retrieved 2017-03-10.
  26. ^ "Everyone is talking about WikiLeaks' massive CIA data dump — here's what's going on". Business Insider. Retrieved 2017-03-10.
  27. ^ Drange, Matt. "WikiLeaks Documents Show CIA Can Hack iOS And Android, But Not Encrypted Messaging Apps". Forbes. Retrieved 2017-03-10.
  28. ^ Domonoske, Camila. "WikiLeaks Releases What It Calls CIA Trove Of Cyber-Espionage Documents". Retrieved 2017-03-10.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Vault_7&oldid=769630850"