On Tuesday, WikiLeaks released several documents that claim to show how the CIA can hack any device they want, from a smartphone to a smart TV, which added a “new dimension” to their “shadowy reputation,” according to Wired.
What the federal agency didn’t realize, or frankly didn’t care about, was the fact that they also made hacking an easier job for cyber criminals. And this leak, called Vault 7, certainly did not tip the scales in their direction. WikiLeaks is referring to it as the “largest ever publication of confidential documents on the agency.”
According to Wired, it’s the exorbitant amount of hacking tools that the CIA has at its fingertips to exploit zero-day vulns that really stands out. And if US intelligence is aware of these, then hackers across the globe most likely are as well. Cue Americans collectively shaking their heads.
This may mean that the CIA is simply allowing Americans to be vulnerable.
“If the CIA can use it, so can the Russians, or the Chinese or organized crime,” Kevin Bankston, the director of the New America Foundation’s Open Technology Institute, told Wired. “The lesson here, first off, is that stockpiling a bunch of vulnerabilities is bad for cybersecurity. And two, it means they’re likely going to get leaked by someone.”
Now this is the real kicker. WikiLeaks distributed a note in addition to the release Tuesday that said “the archive appears to have been circulated among former US government hackers and contractors in an unauthorized manner.”
Meaning hackers may have had their hands on these docs way before WikiLeaks. Again, heads shaking.
Vault 7 really hits on the CIA’s capabilities to hack smartphones. Over a dozen iOS exploits were listed along with two dozen that are a threat to Android devices. So this can and will affect your business.
The leaked documents reportedly have dates that land between 2013 and 2016. Google declined to comment on this, but Apple apparently thinks their phones are safe.
“Our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS,” according to an Apple spokesperson.
Another important fact to know: the number of exploits could mean that the agency went against the Vulnerabilities Equities Process, put in place by the Obama administration in 2010. It aimed to motivate intelligence agencies to fix flaws instead of exploiting them.
“Did CIA submit these exploits to the Vulnerabilities Equities Process?” Jason Healey, a director at the Atlantic Council who’s tracked the VEP, asked. “If not, you can say that either the process is out of control or they’re subverting the president’s priorities.”
This is a developing story. Stay with us for updates as they become available.