Jump to content

Vault 7

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 49.151.34.248 (talk) at 21:12, 10 March 2017. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

File:Vault7, Year Zero Black Hole.jpg
Vault 7, Year Zero Black Hole

Vault 7 is a series of documents that WikiLeaks began to release on March 7, 2017, that detail activities of the United States Central Intelligence Agency to perform electronic surveillance and cyber warfare. The files, dated from 2013–2016, include details on the agency's software capabilities, such as the ability to compromise smart TVs,[1] web browsers (including Firefox, Google Chrome, and Microsoft Edge), and the operating systems of most smartphones (including Apple's iOS and Google's Android), as well as other operating systems such as Microsoft Windows, macOS, and Linux.

Release

The first batch of documents to be released consisted of 7,818 web pages with 943 attachments, purportedly from the Center for Cyber Intelligence,[2] which already contains more pages than Edward Snowden's NSA release.[3] WikiLeaks did not name the source but said that the files had "circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."[1] According to WikiLeaks, the source "wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons" since these tools raise questions that "urgently need to be debated in public, including whether the C.I.A.'s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency."[1]

WikiLeaks redacted names and other identifying information from the documents before their release,[1] while attempting to allow for connections between people to be drawn via unique identifiers generated by WikiLeaks.[4] It also said that it would postpone releasing the source code for the cyber weapons, which is reportedly several hundred million lines long, "until a consensus emerges on the technical and political nature of the C.I.A.'s program and how such 'weapons' should be analyzed, disarmed and published."[1] WikiLeaks founder Julian Assange claimed this was only part of a larger series, saying "Vault 7 is the most comprehensive release of US spying files ever made public".[3]

On 8 March 2017 US intelligence and law enforcement officials said to the international news agency Reuters that they have been aware of the CIA security breach, which led to the Vault 7 since late 2016. The two officials said they were focusing on ″contractors″ as the likeliest source of the leak.[5] The CIA released a statement saying, "The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community's ability to protect America against terrorists or other adversaries. Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm."[6]

Authenticity

When asked about their authenticity CIA spokesperson and former Director of National Intelligence Michael Hayden replied that the organization does "not comment on the authenticity or content of purported intelligence documents",[1] but, speaking on condition of anonymity, current and former intelligence officials said that the documents appear to be authentic.[7]

According to Edward Snowden, former NSA employee and whistleblower, the documents "look authentic."[8] Robert M. Chesney, a law professor at the University of Texas and Director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), likened the Vault 7 to NSA hacking tools disclosed in 2016 by a group calling itself The Shadow Brokers.[1]

Organization of US cyber warfare

WikiLeaks said that the documents came from "an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia."[9] The documents allowed WikiLeaks to partially determine the structure and organization of the CCI. The CCI reportedly has an entire unit devoted to compromising Apple products.[8]

The US government reportedly uses its Consulate General in Frankfurt, Germany as a base for cyber operations. This diplomatic representation was known to be the largest US consulate worldwide, in terms of both personnel and facilities, and has played a prominent role in the US government's intelligence architecture for years. The intelligence personnel including CIA agents, NSA spies, military secret service personnel, the US Department of Homeland Security employees and the Secret Service employees are working in the building complex with high walls and barbed wire in the north of the city. In a radius of about 40 kilometers around Frankfurt, the Americans had also established a dense network of outposts and shell companies in Frankfurt. WikiLeaks documents reveal the Frankfurt hackers, part of the Center for Cyber Intelligence Europe (CCIE), were given cover identities and diplomatic passports to obfuscate customs officers to gain entry to Germany.[8][10]

UMBRAGE

The documents reportedly revealed that the agency had amassed a large collection of cyberattack techniques and malware produced by other hackers. This library was reportedly maintained by the CIA's Remote Devices Branch's UMBRAGE group, with examples of using these techniques and source code contained in the "Umbrage Component Library" git repository. According to WikiLeaks, by recycling the techniques of others, UMBRAGE can not only increase its total number of attacks,[11] but can also be used to mislead forensic investigators by disguising CIA attacks as the work of other hackers and nations, including Russia.[1][8] According to a study by The Intercept however,[12] the main purpose of UMBRAGE appears to be the former: to save development time and increase output by recycling code[11] developed by others. Robert Graham, CEO of Errata Security told The Intercept, that code referenced in the UMBRAGE documents is "extremely public", and is likely used by a multitude of groups and state actors. Graham added that:

“What we can conclusively say from the evidence in the documents is that they’re creating snippets of code for use in other projects and they’re reusing methods in code that they find on the internet. (...) Elsewhere they talk about obscuring attacks so you can’t see where it’s coming from, but there’s no concrete plan to do a false flag operation. They’re not trying to say ‘We’re going to make this look like Russia’.”

Compromised technology and software

Smartphones

The electronic tools can reportedly compromise both Apple's iOS and Google's Android operating systems. By adding malware to the Android operating system, the agency can gain access to secure communications made on a device.[13]

Apple stated that "many of the issues leaked today were already patched in the latest iOS," and that the company "will continue work to rapidly address any identified vulnerabilities".[14]

Messaging services

According to WikiLeaks, once an Android smartphone is penetrated the agency can collect "audio and message traffic before encryption is applied".[1] Some of the agency's software is reportedly able to gain access to messages sent by instant messaging services.[1] This method of accessing messages differs from obtaining access by decrypting an already encrypted message, which has not yet been reported.[13] While the encryption of messengers that offer end-to-end encryption, such as Telegram, WhatsApp and Signal, wasn't reported to be cracked, their encryption can be bypassed by capturing input before their encryption is applied, by methods such as keylogging and recording the touch input from the user.[13]

Vehicle control systems

One document reportedly showed that the CIA was researching ways to infect vehicle control systems. WikiLeaks stated, "The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations."[15][8] This statement brought renewed attention to conspiracy theories surrounding the death of Michael Hastings.[16][15]

Weeping Angel

One of the software suites, reportedly code-named "Weeping Angel", is claimed to be able to use Samsung smart televisions as covert listening devices. In June 2014, the CIA with British intelligence's MI5 held a joint workshop to improve the "Weeping Angel" hack, which appears to have specifically targeted Samsung's F8000 series TVs released in 2013. It would allow an infected smart television to be used "as a bug, recording conversations in the room and sending them over the internet to a covert C.I.A. server" even if it appears to be off.[1]

Windows

The documents refer to a "Windows FAX DLL injection" exploit in Windows XP, Windows Vista and Windows 7 operating systems.[2] This would allow a user with malicious intents to hide its own malware under the DLL of another application. However, a computer must have already been compromised through another method for the injection to take place.[17]

Also included within the leaks were copy-and-paste code which allowed for privilege escalation in a Windows 7 environment. This code allows an attacker to bypass the normal User Account Control (UAC) window which is displayed when a program is attempting to run with administrative privileges essentially allowing arbitrary code to be executed with administrative privileges without the end user's knowledge.[18]

UEFI

Copy-and-paste code was included in the leaks which allow for the exploitation of UEFI-based boot systems by altering the operating system's kernel which is loaded into memory before exiting the UEFI boot sequence. The copy-and-paste code allows for an attacker to insert a custom hook which can be used to arbitrarily alter the operating system's kernel in memory immediately before execution control is handed to the kernel.[19]

Commentary

Lee Mathews, a contributor to Forbes, wrote that most of the hacking techniques "revealed" in Vault 7 were already known to cybersecurity experts around the world.[20]

Edward Snowden commented on the importance of the release, stating that it reveals the United States Government to be "developing vulnerabilities in US products" and "then intentionally keeping the holes open", which he considers highly reckless.[21]

Nathan White, Senior Legislative Manager at Access Now, wrote:[22]

Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them. The United States is supposed to have a process that helps secure our digital devices and services — the 'Vulnerabilities Equities Process.' Many of these vulnerabilities could have been responsibly disclosed and patched. This leak proves the inherent digital risk of stockpiling vulnerabilities rather than fixing them.

See also

2

References

  1. ^ a b c d e f g h i j k Shane, Scott; Mazzetti, Mark; Rosenberg, Matthew (7 March 2017). "WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents". The New York Times. Retrieved 7 March 2017.
  2. ^ a b "WikiLeaks claims to release thousands of CIA documents". CBS News. Associated Press. Mar 7, 2017. Retrieved 2017-03-07. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  3. ^ a b "WikiLeaks publishes massive trove of CIA spying files in 'Vault 7' release". The Independent. 7 March 2017. Retrieved 7 March 2017.
  4. ^ "Vault7 - Home". WikiLeaks. "Redactions" section. Retrieved 10 March 2017.
  5. ^ Reuters: U.S intel, law enforcement officials aware of CIA breach since late last year, 8 March 2017
  6. ^ Berke, Jeremy (8 March 2017). "CIA: Americans 'should be deeply troubled' by WikiLeaks' disclosure". Business Insider. Retrieved 10 March 2017.
  7. ^ Ross, Brian; Gordon Meek, James; Kreider, Randy; Kreutz, Liz (8 March 2017). "WikiLeaks docs allege CIA can hack smartphones, expose Frankfurt listening post". ABC News.
  8. ^ a b c d e Cody Derespina (7 March 2017). "WikiLeaks releases 'entire hacking capacity of the CIA'". Fox News. Retrieved 7 March 2017.
  9. ^ Satter, Raphael (7 March 2017). "WikiLeaks publishes CIA trove alleging wide scale hacking". Boston.com. Retrieved 7 March 2017.
  10. ^ Goetz, John; Obermaier, Frederik (7 March 2017). "Frankfurter US-Konsulat soll Spionagezentrale sein" [Frankfurt's US Consulate is to be an espionage center]. Süddeutsche Zeitung (in German).
  11. ^ a b Zetter, Kim. "WikiLeaks Files Show the CIA Repurposing Hacking Code To Save Time, Not To Frame Russia". The Intercept. Retrieved 9 March 2017.
  12. ^ Cimpanu, Catalin. "Vault 7: CIA Borrowed Code from Public Malware". Bleeping Computer. Retrieved 8 March 2017.
  13. ^ a b c Barrett, Brian (7 March 2017). "The CIA Can't Crack Signal and WhatsApp Encryption, No Matter What You've Heard". Wired. Retrieved 8 March 2017.
  14. ^ McCormick, Rich (8 March 2017). "Apple says it's already patched 'many' iOS vulnerabilities identified in WikiLeaks' CIA dump". The Verge. Retrieved 8 March 2017.
  15. ^ a b "WikiLeaks 'Vault 7' dump reignites conspiracy theories surrounding death of Michael Hastings". The New Zealand Herald. 8 March 2017. Retrieved 8 March 2017.
  16. ^ Prince, S. J. (7 March 2017). "WikiLeaks Vault 7 Conspiracy: Michael Hastings Assassinated by CIA Remote Car Hack?". Heavy.com. Retrieved 8 March 2017.
  17. ^ "Notepad++ Fix CIA Hacking Issue". notepad-plus-plus.org. Retrieved 2017-03-10.
  18. ^ "Elevated COM Object UAC Bypass (WIN 7)".
  19. ^ "ExitBootServices Hooking". WikiLeaks.
  20. ^ Mathews, Lee. "WikiLeaks Vault 7 CIA Dump Offers Nothing But Old News". Forbes. Retrieved 9 March 2017.
  21. ^ "Edward Snowden on Twitter". Twitter. Retrieved 8 March 2017.
  22. ^ "Alleged CIA documents show urgent need to limit government hacking – Access Now". Access Now. 7 March 2017. Retrieved 8 March 2017.