Jump to content

Vault 7

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 99.185.4.21 (talk) at 06:10, 11 March 2017 (I have included information on Microsoft, google, and apple as stated by Assange during his March 9 press release. Included summary of oficial statement by Microsoft on subject of leak.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Vault 7 is a series of documents that WikiLeaks began to release on 7 March 2017, that detail activities of the United States Central Intelligence Agency to perform electronic surveillance and cyber warfare. The files, dated from 2013–2016, include details on the agency's software capabilities, such as the ability to compromise smart TVs,[1] web browsers (including Firefox, Google Chrome, and Microsoft Edge), and the operating systems of most smartphones (including Apple's iOS and Google's Android), as well as other operating systems such as Microsoft Windows, macOS, and Linux.

Release

The first batch of documents to be released consisted of 7,818 web pages with 943 attachments, purportedly from the Center for Cyber Intelligence,[2] which already contains more pages than Edward Snowden's NSA release.[3] WikiLeaks did not name the source, but said that the files had "circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."[1] According to WikiLeaks, the source "wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons" since these tools raise questions that "urgently need to be debated in public, including whether the C.I.A.'s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency."[1]

WikiLeaks redacted names and other identifying information from the documents before their release,[1] while attempting to allow for connections between people to be drawn via unique identifiers generated by WikiLeaks.[4] It also said that it would postpone releasing the source code for the cyber weapons, which is reportedly several hundred million lines long, "until a consensus emerges on the technical and political nature of the C.I.A.'s program and how such 'weapons' should be analyzed, disarmed and published."[1] WikiLeaks founder Julian Assange claimed this was only part of a larger series, saying "Vault 7 is the most comprehensive release of US spying files ever made public".[3]

On 8 March 2017 US intelligence and law enforcement officials said to the international news agency Reuters that they have been aware of the CIA security breach, which led to the Vault 7 since late 2016. The two officials said they were focusing on ″contractors″ as the likeliest source of the leak.[5] The CIA released a statement saying, "The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community's ability to protect America against terrorists or other adversaries. Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm."[6]

Authenticity

When asked about their authenticity CIA spokesperson and former Director of National Intelligence Michael Hayden replied that the organization does "not comment on the authenticity or content of purported intelligence documents",[1] but, speaking on condition of anonymity, current and former intelligence officials said that the documents appear to be authentic.[7]

According to Edward Snowden, former NSA employee and whistleblower, the documents "look authentic."[8] Robert M. Chesney, a law professor at the University of Texas and Director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), likened the Vault 7 to NSA hacking tools disclosed in 2016 by a group calling itself The Shadow Brokers.[1]

Organization of US cyber warfare

WikiLeaks said that the documents came from "an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence (CCI) in Langley, Virginia."[9] The documents allowed WikiLeaks to partially determine the structure and organization of the CCI. The CCI reportedly has an entire unit devoted to compromising Apple products.[8]

Frankfurt base

The first portion of the documents made public on 7 March 2017, Vault 7 "Year Zero", revealed that a top secret CIA unit used the German city of Frankfurt as the starting point for hacking attacks on Europe, China and the Middle East. According to the documents, the US government uses its Consulate General Office in Frankfurt, Germany, as a hacker base for cyber operations. This diplomatic representation was known to be the largest US consulate worldwide, in terms of both personnel and facilities, and has played a prominent role in the US government's intelligence architecture for years. The intelligence personnel including CIA agents, NSA spies, military secret service personnel, the United States Department of Homeland Security employees and the Secret Service employees are working in the building complex with high walls and barbed wire in the north of the city. In a radius of about 40 kilometers around Frankfurt, the Americans had also established a dense network of outposts and shell companies in Frankfurt. WikiLeaks documents reveal the Frankfurt hackers, part of the Center for Cyber Intelligence Europe (CCIE), were given cover identities and diplomatic passports to obfuscate customs officers to gain entry to Germany.[8][10]

Germany's foreign minister Sigmar Gabriel from the Social Democratic Party responded to the documents of Vault 7 "Year Zero" that the CIA used Frankfurt as a base for its digital espionage operations, saying that Germany did not have any information about the cyber attacks.[11]

UMBRAGE

The documents reportedly revealed that the agency had amassed a large collection of cyberattack techniques and malware produced by other hackers. This library was reportedly maintained by the CIA's Remote Devices Branch's UMBRAGE group, with examples of using these techniques and source code contained in the "Umbrage Component Library" git repository. According to WikiLeaks, by recycling the techniques of third-parties though UMBRAGE, the CIA can not only increase its total number of attacks,[12] but can also mislead forensic investigators by disguising these attacks as the work of other groups and nations, including Russia.[1][8]

According to a study by Kim Zetter in The Intercept, the main purpose of UMBRAGE appears to be the former: to save development time and increase output by recycling others' code.[12] Robert Graham, CEO of Errata Security told The Intercept that the source code referenced in the UMBRAGE documents is "extremely public", and is likely used by a multitude of groups and state actors. Graham added: "What we can conclusively say from the evidence in the documents is that they're creating snippets of code for use in other projects and they're reusing methods in code that they find on the internet. [...] Elsewhere they talk about obscuring attacks so you can't see where it's coming from, but there's no concrete plan to do a false flag operation. They're not trying to say 'We're going to make this look like Russia'."[13]

Compromised technology and software

Smartphones

The electronic tools can reportedly compromise both Apple's iOS and Google's Android operating systems. By adding malware to the Android operating system, the agency can gain access to secure communications made on a device.[14]

Apple stated that "many of the issues leaked today were already patched in the latest iOS," and that the company "will continue work to rapidly address any identified vulnerabilities".[15]

Messaging services

According to WikiLeaks, once an Android smartphone is penetrated the agency can collect "audio and message traffic before encryption is applied".[1] Some of the agency's software is reportedly able to gain access to messages sent by instant messaging services.[1] This method of accessing messages differs from obtaining access by decrypting an already encrypted message, which has not yet been reported.[14] While the encryption of messengers that offer end-to-end encryption, such as Telegram, WhatsApp and Signal, wasn't reported to be cracked, their encryption can be bypassed by capturing input before their encryption is applied, by methods such as keylogging and recording the touch input from the user.[14]

Vehicle control systems

See also: Car hacking

One document reportedly showed that the CIA was researching ways to infect vehicle control systems. WikiLeaks stated, "The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations."[16][8] This statement brought renewed attention to conspiracy theories surrounding the death of Michael Hastings.[17][16]

Weeping Angel

One of the software suites, reportedly code-named "Weeping Angel", is claimed to be able to use Samsung smart televisions as covert listening devices. In June 2014, the CIA with British intelligence's MI5 held a joint workshop to improve the "Weeping Angel" hack, which appears to have specifically targeted Samsung's F8000 series TVs released in 2013. It would allow an infected smart television to be used "as a bug, recording conversations in the room and sending them over the internet to a covert C.I.A. server" even if it appears to be off.[1]

Windows

The documents refer to a "Windows FAX DLL injection" exploit in Windows XP, Windows Vista and Windows 7 operating systems.[2] This would allow a user with malicious intents to hide its own malware under the DLL of another application. However, a computer must have already been compromised through another method for the injection to take place.[18]

Also included within the leaks were copy-and-paste code which allowed for privilege escalation in a Windows 7 environment. This code allows an attacker to bypass the normal User Account Control (UAC) window which is displayed when a program is attempting to run with administrative privileges essentially allowing arbitrary code to be executed with administrative privileges without the end user's knowledge.[19]

UEFI

Copy-and-paste code was included in the leaks which allow for the exploitation of UEFI-based boot systems by altering the operating system's kernel which is loaded into memory before exiting the UEFI boot sequence. The copy-and-paste code allows for an attacker to insert a custom hook which can be used to arbitrarily alter the operating system's kernel in memory immediately before execution control is handed to the kernel.[20]

Commentary

According to Assange in a March 9 press release only 1% of the total leak has been released. He states that much of the remainder of the leak included unpatched vulnerabilities but that he was working with Microsoft, Apple and Google to get these vulnerabilities patched as he would not release information which would put the public at risk, and as fixes were released by manufacturers he would release details of vulnerabilities. As such, none of the vulnerabilities currently released are zero-day exploits. In this press release Assange also read an official statement by Microsoft which stated Microsoft's desire for the "next Geneva Convention" which would protect people from government cyber weapons the same way the previous Geneva Conventions have protected noncombatants from warfare.[21]

Lee Mathews, a contributor to Forbes, wrote that most of the hacking techniques described in Vault 7 were already known to cybersecurity experts around the world.[22]

Edward Snowden commented on the importance of the release, stating that it reveals the United States Government to be "developing vulnerabilities in US products" and "then intentionally keeping the holes open", which he considers highly reckless.[23]

Nathan White, Senior Legislative Manager at Access Now, wrote:[24]

Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them. The United States is supposed to have a process that helps secure our digital devices and services — the 'Vulnerabilities Equities Process.' Many of these vulnerabilities could have been responsibly disclosed and patched. This leak proves the inherent digital risk of stockpiling vulnerabilities rather than fixing them.

See also

2

References

  1. ^ a b c d e f g h i j k Shane, Scott; Mazzetti, Mark; Rosenberg, Matthew (7 March 2017). "WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents". The New York Times. Retrieved 7 March 2017.
  2. ^ a b "WikiLeaks claims to release thousands of CIA documents". CBS News. Associated Press. 7 March 2017. Retrieved 7 March 2017. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  3. ^ a b "WikiLeaks publishes massive trove of CIA spying files in 'Vault 7' release". The Independent. 7 March 2017. Retrieved 7 March 2017.
  4. ^ "Vault7 - Home". WikiLeaks. "Redactions" section. Retrieved 10 March 2017.
  5. ^ Reuters: U.S intel, law enforcement officials aware of CIA breach since late last year, 8 March 2017
  6. ^ Berke, Jeremy (8 March 2017). "CIA: Americans 'should be deeply troubled' by WikiLeaks' disclosure". Business Insider. Retrieved 10 March 2017.
  7. ^ Ross, Brian; Gordon Meek, James; Kreider, Randy; Kreutz, Liz (8 March 2017). "WikiLeaks docs allege CIA can hack smartphones, expose Frankfurt listening post". ABC News.
  8. ^ a b c d e Cody Derespina (7 March 2017). "WikiLeaks releases 'entire hacking capacity of the CIA'". Fox News. Retrieved 7 March 2017.
  9. ^ Satter, Raphael (7 March 2017). "WikiLeaks publishes CIA trove alleging wide scale hacking". Boston.com. Retrieved 7 March 2017.
  10. ^ Goetz, John; Obermaier, Frederik (7 March 2017). "Frankfurter US-Konsulat soll Spionagezentrale sein" [Frankfurt's US Consulate appears to be an espionage center]. Süddeutsche Zeitung (in German).
  11. ^ German Foreign Minister Gabriel fears new arms race with Russia, Deutsche Welle, 9 March 2017
  12. ^ a b Zetter, Kim. "WikiLeaks Files Show the CIA Repurposing Hacking Code To Save Time, Not To Frame Russia". The Intercept. Retrieved 9 March 2017.
  13. ^ Cimpanu, Catalin. "Vault 7: CIA Borrowed Code from Public Malware". Bleeping Computer. Retrieved 8 March 2017.
  14. ^ a b c Barrett, Brian (7 March 2017). "The CIA Can't Crack Signal and WhatsApp Encryption, No Matter What You've Heard". Wired. Retrieved 8 March 2017.
  15. ^ McCormick, Rich (8 March 2017). "Apple says it's already patched 'many' iOS vulnerabilities identified in WikiLeaks' CIA dump". The Verge. Retrieved 8 March 2017.
  16. ^ a b "WikiLeaks 'Vault 7' dump reignites conspiracy theories surrounding death of Michael Hastings". The New Zealand Herald. 8 March 2017. Retrieved 8 March 2017.
  17. ^ Prince, S. J. (7 March 2017). "WikiLeaks Vault 7 Conspiracy: Michael Hastings Assassinated by CIA Remote Car Hack?". Heavy.com. Retrieved 8 March 2017.
  18. ^ "Notepad++ Fix CIA Hacking Issue". notepad-plus-plus.org. Retrieved 10 March 2017.
  19. ^ "Elevated COM Object UAC Bypass (WIN 7)".
  20. ^ "ExitBootServices Hooking". WikiLeaks.
  21. ^ https://www.youtube.com/watch?v=8rh3ODjkjps
  22. ^ Mathews, Lee. "WikiLeaks Vault 7 CIA Dump Offers Nothing But Old News". Forbes. Retrieved 9 March 2017.
  23. ^ "Edward Snowden on Twitter". Twitter. Retrieved 8 March 2017.
  24. ^ "Alleged CIA documents show urgent need to limit government hacking – Access Now". Access Now. 7 March 2017. Retrieved 8 March 2017.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Vault_7&oldid=769714803"