Short Bytes: WikiLeaks has released the complete catalog of CIA’s hacking tools and malware. This revelation by WikiLeaks, named Year Zero, is the first part of a new series Vault 7. It suggests that CIA has plenty of hacking tools to control different computer operating systems, smartphones, routers, smart TVs. etc.On Tuesday, we told you about WikiLeaks’ big release of CIA’s hacking tools. The whistleblower website claims that CIA Center for Cyber Intelligence lost control of the “majority of its hacking arsenal” which is more than several hundred million lines of code.
The documentation of the tools in the dump have been marked Top secret and Confidential. There’s a lot that you need to know to understand what has happened. So, let’s get started.
What is Vault 7 and Year Zero?
On Tuesday, March 7, WikiLeaks began its new series of leaks of CIA hacking tools. This series is codenamed Vault 7, which is the largest ever publication of leaked documents by WikiLeaks. Year Zero is the first full part of the Vault 7 series. It contains 8,761 documents. WikiLeaks says that Year Zero introduces the scope and direction of CIA’s global hacking program.
“Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook,” WikiLeaks claims.
iPhone and Android smartphones are hackable
The leaks have information about numerous attack vectors to control and hack popular smartphones. The infected devices can be controlled to sent the user’s geolocation to the CIA. The malware can also covertly activate phone’s camera and microphone.
CIA also has a specialized unit to produce malware to control and extract data from iPhones and iPad. It has tons of local and remote zero-days that are developed by other agencies like FBI, NSA, and GCHQ. A similar unit is also present for targeting Android device and infecting them with malware.
On the other hand, Apple has issued a statement saying that it has already fixed major risks listed in the leaks and its engineers are working to fix others.
WhatsApp, Signal, Telegram, etc. are also at risk
CIA has the ability to bypass the encryption of apps like WhatsApp, Signal, Telegram, Weibo, Confide and Cloackman. Not by directly hacking them, but by controlling the smartphone on which they run. CIA’s malware has the ability to record and collect the messages before encryption is applied.
What about computer operating systems like Windows, macOS, and Linux?
With the help of tons of local and remote weaponized zero days, CIA has the ability to hack Microsoft Windows users. There are air gap jumping viruses like Hammer Drill for infecting software that are distributed by CD/DVDs. There are tools like Brutal Kangaroo that hide in covert disk areas or images.
Apart from Windows, CIA has developed many multiplatform malware attacks that also affect macOS, Linux, Solaris and other platforms. Some examples of such malware are HIVE, Cutthroat, and Swindle.
Smart TVs and routers turned into spying machines
With the help of UK’s MI5/BTSS, CIA has developed attack against Samsung Smart TVs. A malware named Weeping Angel adds a Fake-Off mode. As a result, the TV owner believes that the TV is off when it’s on. It can help CIA listen conversations in the room and fetch the information via the internet.
Using its cross-platform malware suite HIVE, CIA also has the ability to control MikroTik, which is a software used in the internet routers. For targeting specific hardware from smart TVs and routers, CIA has a dedicated branch of development.
Modern cars and trucks aren’t safe
WikiLeaks writes that as of late 2014, the CIA was working to develop systems that were able to infect the vehicle control systems used by modern trucks and cars.
“The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations,” WikiLeak adds.
So, should I be worried about these hacks? Am I hackable?
WikiLeaks has reviewed the Year Zero disclosure and published just the documentations. WikiLeaks has avoided the publications of armed cyberweapons and kept a lot of information anonymous. But, in near future, we might witness the release of these tools.
In the upcoming days, we can expect more revelations from Vault 7. For further updates, keep reading Fossbytes.