Vault 7 is a series of documents that
WikiLeaks
WikiLeaks () is an international Nonprofit organization, non-profit organisation that published news leaks and classified media provided by anonymous Source (journalism), sources. Julian Assange, an Australian Internet activism, Internet acti ...
began to publish on 7 March 2017, detailing the activities and capabilities of the United States
Central Intelligence Agency
The Central Intelligence Agency (CIA ), known informally as the Agency and historically as the Company, is a civilian foreign intelligence service of the federal government of the United States, officially tasked with gathering, processing, ...
to perform electronic surveillance and
cyber warfare
Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic war ...
. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise
cars
A car or automobile is a motor vehicle with wheels. Most definitions of ''cars'' say that they run primarily on roads, seat one to eight people, have four wheels, and mainly transport people instead of goods.
The year 1886 is regarded as t ...
,
smart TV
A smart TV, also known as a connected TV (CTV), is a traditional television set with integrated Internet and interactive Web 2.0 features, which allows users to stream music and videos, browse the internet, and view photos. Smart TVs are a techno ...
s,
web browser
A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
s (including
Google Chrome
Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS ...
,
Microsoft Edge
Microsoft Edge is a proprietary, cross-platform web browser created by Microsoft. It was first released in 2015 as part of Windows 10 and Xbox One and later ported to other platforms as a fork of Google's Chromium open-source project: Android ...
,
Mozilla Firefox
Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and a ...
, and
Opera
Opera is a form of theatre in which music is a fundamental component and dramatic roles are taken by singers. Such a "work" (the literal translation of the Italian word "opera") is typically a collaboration between a composer and a librett ...
), and the operating systems of most
smartphone
A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
s (including
Apple
An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...
's
iOS
iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also includes ...
and
Google
Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. ...
's
Android), as well as other
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
s such as
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
,
macOS
macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
, and
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
.
A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release.
The tools were developed by the
Operations Support Branch
The Operations Support Branch (O.S.B.) is a unit of the cyber-intelligence division of the Central Intelligence Agency (C.I.A.). It is located on the ninth floor of a secret facility in the suburbs of northern Virginia, west of Washington, D.C. Pat ...
of the C.I.A.
The release of Vault 7 led the CIA to redefine WikiLeaks as a “non-state hostile intelligence service.” In July 2022 former CIA software engineer
Joshua Schulte
Joshua Adam Schulte (born September 25, 1988) is a former Central Intelligence Agency (CIA) employee who was convicted of leaking classified documents to WikiLeaks, the Vault 7 documents, which ''The New York Times'' called "the largest loss of c ...
was convicted of leaking the documents to WikiLeaks.
History
During January and February 2017, the
United States Justice Department
The United States Department of Justice (DOJ), also known as the Justice Department, is a United States federal executive departments, federal executive department of the United States government tasked with the enforcement of federal law and a ...
was negotiating through
Julian Assange
Julian Paul Assange ( ; Hawkins; born 3 July 1971) is an Australian editor, publisher, and activist who founded WikiLeaks in 2006. WikiLeaks came to international attention in 2010 when it published a series of leaks provided by U.S. Army inte ...
's attorney Adam Waldman for immunity and safe passage for Assange to leave the
Ecuadorian Embassy in London
The Embassy of Ecuador in London is the diplomatic mission of Ecuador in the United Kingdom. It is headed by the ambassador of Ecuador to the United Kingdom. It is located in the Knightsbridge area of London, in the Royal Borough of Kensington a ...
and to travel to the United States both to discuss risk minimization of future WikiLeaks releases including redactions and to testify that Russia was not the source for the
WikiLeaks releases in 2016. In mid February 2017, Waldman, who was pro bono, asked Senator
Mark Warner
Mark Robert Warner (born December 15, 1954) is an American businessman and politician serving as the senior United States senator from Virginia, a seat he has held since 2009. A member of the Democratic Party, Warner served as the 69th governo ...
who was co-chairman of the
United States Senate Intelligence Committee
The United States Senate Select Committee on Intelligence (sometimes referred to as the Intelligence Committee or SSCI) is dedicated to overseeing the United States Intelligence Community—the agencies and bureaus of the federal government of ...
if he had any questions to ask Assange. Warner contacted
FBI Director
The Director of the Federal Bureau of Investigation is the head of the Federal Bureau of Investigation, a United States' federal law enforcement agency, and is responsible for its day-to-day operations. The FBI Director is appointed for a single ...
James Comey
James Brien Comey Jr. (; born December 14, 1960) is an American lawyer who was the seventh director of the Federal Bureau of Investigation (FBI) from 2013 until his dismissal in May 2017. Comey was a registered Republican for most of his adul ...
and told Waldman "stand down and end the negotiations with Assange," with which Waldman complied. However, David Laufman who was Waldman's counterpart with the Justice Department replied, "That's B.S. You're not standing down and neither am I." According to
Ray McGovern
Raymond McGovern (born August 25, 1939) is a former Central Intelligence Agency (CIA) officer turned political Activism, activist. McGovern was a CIA analyst from 1963 to 1990, and in the 1980s chaired National Intelligence Estimates and prepared ...
on 28 March 2017, Waldman and Laufman were very near an agreement between the Justice Department and Assange for "risk mitigation approaches relating to CIA documents in WikiLeaks' possession or control, such as the redaction of Agency personnel in hostile jurisdictions," in return for "an acceptable immunity and safe passage agreement" but a formal agreement was never reached and the very damaging disclosure about "Marble Framework" was released by WikiLeaks on 31 March 2017.
In February 2017, WikiLeaks began teasing the release of "Vault 7" with a series of cryptic messages on Twitter, according to media reports. Later on in February, WikiLeaks released classified documents describing how the CIA monitored the
2012 French presidential election
Presidential elections in France, Presidential elections were held in France on 22 April 2012 (or 21 April in some overseas departments and territories), with a second round Two-round system, run-off held on 6 May (or 5 May for those same territ ...
.
The press release for the leak stated that it was published "as context for its forthcoming CIA Vault 7 series."
In March 2017, US intelligence and law enforcement officials said to the international wire agency
Reuters
Reuters ( ) is a news agency owned by Thomson Reuters Corporation. It employs around 2,500 journalists and 600 photojournalists in about 200 locations worldwide. Reuters is one of the largest news agencies in the world.
The agency was estab ...
that they had been aware of the CIA security breach, which led to Vault 7, since late-2016. Two officials said they were focusing on "contractors" as the possible source of the leaks.
In 2017, federal law enforcement identified CIA software engineer
Joshua Adam Schulte as a suspected source of Vault 7.
In July 2022, Schulte was convicted of leaking the documents to WikiLeaks.
On 13 April 2017,
CIA director
The director of the Central Intelligence Agency (D/CIA) is a statutory office () that functions as the head of the Central Intelligence Agency, which in turn is a part of the United States Intelligence Community.
Beginning February 2017, the D ...
Mike Pompeo
Michael Richard Pompeo (; born December 30, 1963) is an American politician, diplomat, and businessman who served under President Donald Trump as director of the Central Intelligence Agency (CIA) from 2017 to 2018 and as the 70th United State ...
declared WikiLeaks to be a "hostile intelligence service." In September 2021,
Yahoo! News
Yahoo! News is a news website that originated as an internet-based news aggregator by Yahoo!. The site was created by a Yahoo! software engineer named Brad Clawsie in August 1996. Articles originally came from news services such as the Associate ...
reported that in 2017 in the wake of the Vault 7 leaks, the CIA considered kidnapping or assassinating Assange, spying on associates of WikiLeaks, sowing discord among its members, and stealing their electronic devices. After many months of deliberation, all proposed plans had been scrapped due to a combination of legal and moral objections. Per the 2021 Yahoo News article, a former Trump national security official stated, "We should never act out of a desire for revenge".
Publications
Part 1 – "Year Zero"
The first batch of documents named "Year Zero" was published by WikiLeaks on 7 March 2017, consisting of 7,818 web pages with 943 attachments, purportedly from the Center for Cyber Intelligence,
which contained more pages than former
NSA
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
contractor and leaker,
Edward Snowden
Edward Joseph Snowden (born June 21, 1983) is an American and naturalized Russian former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013, when he was an employee and su ...
's
NSA release at the time.
WikiLeaks had released Year Zero online in a locked archive earlier that week, and revealing the passphrase on the 7th. The passphrase referred to a President Kennedy quote that he wanted “to splinter the CIA in a thousand pieces and scatter it to the winds”.
WikiLeaks did not name the source, but said that the files had "circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."
According to WikiLeaks, the source "wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of
cyberweapon
Cyberweapon is commonly defined as a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce corrupted code into existing ...
s" since these tools raise questions that "urgently need to be debated in public, including whether the C.I.A.'s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency."
WikiLeaks attempted to redact names and other identifying information from the documents before their release,
but faced criticism for leaving some key details unredacted. WikiLeaks also attempted to allow for connections between people to be drawn via
unique identifier
A unique identifier (UID) is an identifier that is guaranteed to be unique among all identifiers used for those objects and for a specific purpose. The concept was formalized early in the development of computer science and information systems. ...
s generated by WikiLeaks.
It also said that it would postpone releasing the source code for the cyber weapons, which is reportedly several hundred million lines long, "until a consensus emerges on the technical and political nature of the C.I.A.'s program and how such 'weapons' should be analyzed, disarmed and published."
WikiLeaks founder
Julian Assange
Julian Paul Assange ( ; Hawkins; born 3 July 1971) is an Australian editor, publisher, and activist who founded WikiLeaks in 2006. WikiLeaks came to international attention in 2010 when it published a series of leaks provided by U.S. Army inte ...
claimed this was only part of a larger series.
The CIA released a statement saying, "The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community's ability to protect America against terrorists or other adversaries. Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm."
In a statement issued on 19 March 2017, Assange said the technology companies who had been contacted had not agreed to, disagreed with, or questioned what he termed as WikiLeaks' standard industry disclosure plan. The standard disclosure time for a vulnerability is 90 days after the company responsible for patching the software is given full details of the flaw. According to WikiLeaks, only
Mozilla
Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, wi ...
had been provided with information on the vulnerabilities, while "Google and some other companies" only confirmed receiving the initial notification. WikiLeaks stated: "Most of these lagging companies have conflicts of interest due to their classified work with US government agencies. In practice such associations limit industry staff with US security clearances from fixing holes based on leaked information from the CIA. Should such companies choose to not secure their users against CIA or NSA attacks users may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts".
[Sam Varghese]
Vault 7: Plans to expose firms that do not patch flaws
''iTWire'', 20 March 2017
Part 2 – "Dark Matter"
On 23 March 2017 WikiLeaks published the second release of Vault 7 material, entitled "Dark Matter". The publication included documentation for several CIA efforts to hack Apple's iPhones and Macs. These included the "Sonic Screwdriver" malware that could use the thunderbolt interface to bypass Apple's password firmware protection.
Part 3 – "Marble"
On 31 March 2017, WikiLeaks published the third part of its Vault 7 documents, entitled "Marble". It contained 676 source code files for the CIA's Marble Framework. It is used to obfuscate, or scramble,
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
code in an attempt to make it so that anti-virus firms or investigators cannot understand the code or attribute its source. According to WikiLeaks, the code also included a de-obfuscator to reverse the obfuscation effects.
Part 4 – "Grasshopper"
On 7 April 2017, WikiLeaks published the fourth set of its Vault 7 documents, dubbed "Grasshopper". The publication contains 27 documents from the CIA's Grasshopper framework, which is used by the CIA to build customized and persistent malware payloads for the Microsoft Windows operating systems. Grasshopper focused on Personal Security Product (PSP) avoidance. PSPs are
antivirus software
Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...
such as
MS Security Essentials,
Symantec Endpoint or
Kaspersky IS.
Part 5 – "HIVE"
On 14 April 2017, WikiLeaks published the fifth part of its Vault 7 documents, titled "HIVE". Based on the CIA top-secret virus program created by its "Embedded Development Branch" (EDB). The six documents published by WikiLeaks are related to the HIVE multi-platform CIA malware suite. A CIA back-end infrastructure with a public-facing
HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
interface used by CIA to transfer information from target desktop computers and smartphones to the CIA, and open those devices to receive further commands from CIA operators to execute specific tasks, all the while hiding its presence behind unsuspicious-looking public
domains through a masking interface known as "Switchblade" (also known as Listening Post (LP) and Command and Control (C2)).
Part 6 – "Weeping Angel"
On 21 April 2017, WikiLeaks published the sixth part of its Vault 7 material, code-named "Weeping Angel", a
hacking tool co-developed by the
CIA
The Central Intelligence Agency (CIA ), known informally as the Agency and historically as the Company, is a civilian intelligence agency, foreign intelligence service of the federal government of the United States, officially tasked with gat ...
and
MI5
The Security Service, also known as MI5 ( Military Intelligence, Section 5), is the United Kingdom's domestic counter-intelligence and security agency and is part of its intelligence machinery alongside the Secret Intelligence Service (MI6), G ...
used to
exploit
Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably.
Exploit can mean:
*Exploitation of natural resources
*Exploit (computer security)
* Video game exploit
*Exploitat ...
a series of
smart TV
A smart TV, also known as a connected TV (CTV), is a traditional television set with integrated Internet and interactive Web 2.0 features, which allows users to stream music and videos, browse the internet, and view photos. Smart TVs are a techno ...
s for the purpose of covert
intelligence gathering
This is a list of intelligence gathering disciplines.
HUMINT
Human intelligence (HUMINT) are gathered from a person in the location in question. Sources can include the following:
* Advisors or foreign internal defense (FID) personnel wor ...
. Once installed in suitable televisions with a USB stick, the hacking tool enables those televisions' built-in microphones and possibly video cameras to record their surroundings, while the televisions falsely appear to be turned off. The recorded data is then either stored locally into the television's memory or sent over the internet to the CIA. Allegedly both the CIA and MI5 agencies collaborated to develop that malware and coordinated their work in Joint Development Workshops. As of this part 6 publication, "Weeping Angel" is the second major CIA hacking tool which notably references the British television show, ''
Doctor Who
''Doctor Who'' is a British science fiction television series broadcast by the BBC since 1963. The series depicts the adventures of a Time Lord called the Doctor, an extraterrestrial being who appears to be human. The Doctor explores the u ...
'', alongside "Sonic Screwdriver" in "Dark Matter".
Part 7 – "Scribbles"
On 28 April 2017, WikiLeaks published the seventh part of its Vault 7 materials, dubbed "Scribbles". The leak includes documentation and source code of a tool intended to track documents leaked to
whistleblower
A whistleblower (also written as whistle-blower or whistle blower) is a person, often an employee, who reveals information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe or fraudulent. Whi ...
s and journalists by embedding
web beacon
A web beaconAlso called web bug, tracking bug, tag, web tag, page tag, tracking pixel, pixel tag, 1×1 GIF, or clear GIF. is a technique used on web pages and email to unobtrusively (usually invisibly) allow checking that a user has accessed s ...
tags into classified documents to trace who leaked them. The tool affects Microsoft Office documents, specifically "Microsoft Office 2013 (on Windows 8.1 x64), documents from Office versions 97-2016 (Office 95 documents will not work) and documents that are not locked, encrypted, or password-protected". When a CIA watermarked document is opened, an invisible image within the document that is hosted on the agency's server is loaded, generating a
HTTP request
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
. The request is then logged on the server, giving the intelligence agency information about who is opening it and where it is being opened. However, if a watermarked document is opened in an alternative word processor the image may be visible to the viewer. The documentation also states that if the document is viewed offline or in protected view, the watermarked image will not be able to contact its home server. This is overridden only when a user enables editing.
Part 8 – "Archimedes"
On 5 May 2017, WikiLeaks published the eighth part of its Vault 7 documents, titled "Archimedes". According to U.S.
SANS Institute
The SANS Institute (officially the Escal Institute of Advanced Technologies) is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for tr ...
instructor Jake Williams, who analyzed the published documents, Archimedes is a virus previously codenamed "Fulcrum". According to cyber security expert and
ENISA member Pierluigi Paganini, the CIA operators use Archimedes to redirect
local area network
A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. By contrast, a wide area network (WAN) not only covers a larger ...
(LAN) web browser sessions from a targeted computer through a computer controlled by the CIA before the sessions are routed to the users. This type of attack is known as
man-in-the-middle
In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
(MitM). With their publication WikiLeaks included a number of hashes that they claim can be used to potentially identify the Archimedes virus and guard against it in the future. Paganini stated that potential targeted computers can search for those hashes on their systems to check if their systems had been attacked by the CIA.
Part 9 – "AfterMidnight" and "Assassin"
On 12 May 2017, WikiLeaks published part nine of its Vault 7 materials, "AfterMidnight" and "Assassin". AfterMidnight is a
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
installed on a target personal computer and disguises as a
DLL file, which is executed while the user's computer reboots. It then triggers a connection to the CIA's Command and Control (C2) computer, from which it downloads various modules to run. As for Assassin, it is very similar to its AfterMidnight counterpart, but deceptively runs inside a
Windows service
In Windows NT operating systems, a Windows service is a computer program that operates in the background. It is similar in concept to a Unix daemon. A Windows service must conform to the interface rules and protocols of the Service Control Manager ...
process. CIA operators reportedly use Assassin as a C2 to execute a series of tasks, collect, and then periodically send user data to the CIA Listening Post(s) (LP). Similar to
backdoor Trojan behavior. Both AfterMidnight and Assassin run on
Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
operating system, are persistent, and periodically beacon to their configured LP to either request tasks or send private information to the CIA, as well as automatically uninstall themselves on a set date and time.
Part 10 – "Athena"
On 19 May 2017, WikiLeaks published the tenth part of its Vault 7 documents, titled "Athena". The published user guide, demo, and related documents were created between September 2015 and February 2016. They are all about a malware allegedly developed for the CIA in August 2015, roughly one month after Microsoft released
Windows 10
Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on J ...
with their firm statements about how difficult it was to compromise. Both the primary "Athena" malware and its secondary malware named "Hera" are similar in theory to
Grasshopper
Grasshoppers are a group of insects belonging to the suborder Caelifera. They are among what is possibly the most ancient living group of chewing herbivorous insects, dating back to the early Triassic around 250 million years ago.
Grasshopp ...
and
AfterMidnight malware but with some significant differences. One of those differences is that Athena and Hera were developed by the CIA with a
New Hampshire
New Hampshire is a U.S. state, state in the New England region of the northeastern United States. It is bordered by Massachusetts to the south, Vermont to the west, Maine and the Gulf of Maine to the east, and the Canadian province of Quebec t ...
private corporation called Siege Technologies. During a
Bloomberg Bloomberg may refer to:
People
* Daniel J. Bloomberg (1905–1984), audio engineer
* Georgina Bloomberg (born 1983), professional equestrian
* Michael Bloomberg (born 1942), American businessman and founder of Bloomberg L.P.; politician and ma ...
2014 interview the founder of Siege Technologies confirmed and justified their development of such malware. Athena malware completely hijacks Windows'
Remote Access services, while Hera hijacks Windows
Dnscache service. Both Athena and Hera also affect all current versions of Windows including, but not limited to,
Windows Server 2012
Windows Server 2012, codenamed "Windows Server 8", is the sixth version of the Windows Server operating system by Microsoft, as part of the Windows NT family of operating systems. It is the server version of Windows based on Windows 8 and succe ...
and Windows 10. Another difference is in the types of encryption used between the infected computers and the CIA Listening Posts (LP). As for the similarities, they exploit persistent
DLL files to create a
backdoor
A back door is a door in the rear of a building. Back door may also refer to:
Arts and media
* Back Door (jazz trio), a British group
* Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel.
* Works so title ...
to communicate with CIA's LP, steal
private data
Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...
, then send it to CIA servers, or delete private data on the target computer, as well as Command and Control (C2) for CIA operatives to send additional malicious software to further run specific tasks on the attacked computer. All of the above designed to deceive
computer security software
Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically ...
. Beside the published detailed documents, WikiLeaks did not provided any evidence suggesting the CIA used Athena or not.
Part 11 – "Pandemic"
On 1 June 2017, WikiLeaks published part 11 of its Vault 7 materials, "Pandemic". This tool serves as a persistent implant affecting Windows machines with shared folders. It functions as a file system filter driver on an infected computer, and listens for
Server Message Block
Server Message Block (SMB) is a communication protocol originally developed in 1983 by Barry A. Feigenbaum at IBM and intended to provide shared access to files and printers across nodes on a network of systems running IBM's OS/2. It also provides ...
traffic while detecting download attempts from other computers on a local network. "Pandemic" will answer a download request on behalf of the infected computer. However, it will replace the legitimate file with malware. In order to obfuscate its activities, "Pandemic" only modifies or replaces the legitimate file in transit, leaving the original on the server unchanged. The implant allows 20 files to be modified at a time, with a maximum individual file size of 800MB. While not stated in the leaked documentation, it is possible that newly infected computers could themselves become "Pandemic" file servers, allowing the implant to reach new targets on a local network.
Part 12 – "Cherry Blossom"
On 15 June 2017, WikiLeaks published part 12 of its Vault 7 materials, entitled "Cherry Blossom". Cherry Blossom used a command and control server called Cherry Tree and custom router firmware called FlyTrap to monitor internet activity of targets, scan for “email addresses, chat usernames, MAC addresses and VoIP numbers" and redirect traffic.
Part 13 – "Brutal Kangaroo"
On 22 June 2017, WikiLeaks published part 13 of its Vault 7 materials, the manuals for "Brutal Kangaroo". Brutal Kangaroo was a project focused on CIA
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
designed to compromise
air-gapped computer networks with infected USB drives. Brutal Kangaroo included the tools Drifting Deadline, the main tool, Shattered Assurance, a server that automates thumb drive infection, Shadow, a tool to coordinate compromised machines, and Broken Promise, a tool for exfiltrating data from the air-gapped networks.
Part 14 – "Elsa"
On 28 June 2017, WikiLeaks published part 14 of its Vault 7 materials, the manual for the project entitled "Elsa". Elsa was a tool used for tracking Windows devices on nearby WiFi networks.
Part 15 – "OutlawCountry"
On 29 June 2017, WikiLeaks published part 15 of its Vault 7 materials, the manual for the project entitled "OutlawCountry". OutlawCountry was a
kernel module
In computing, a loadable kernel module (LKM) is an object file that contains code to extend the running kernel, or so-called ''base kernel'', of an operating system. LKMs are typically used to add support for new hardware (as device drivers) and/o ...
for Linux 2.6 that let CIA agents spy on Linux servers and redirect outgoing traffic from a Linux computer to a chosen site.
Part 16 – "BothanSpy"
On 6 July 2017, WikiLeaks published part 16 of its Vault 7 materials, the manual for the project entitled "BothanSpy". BothanSpy was a CIA hacking tool made to steal SSH credentials from Windows computers.
Part 17 – "Highrise"
On 13 July 2017, WikiLeaks published part 17 of its Vault 7 materials, the manual for the project entitled "Highrise". The Highrise hacking tool, also known as Tidecheck, was used to intercept and redirect SMS messages to Android phones using versions 4.0 through 4.3. Highrise could also be used as an encrypted communications channel between CIA agents and supervisors.
Part 18 – "UCL / Raytheon"
On 19 July 2017, WikiLeaks published part 18 of the Vault 7 materials, UCL / Raytheon.
Part 19 – "Imperial"
On 27 July 2017, WikiLeaks published part 19 of its Vault 7 materials, manuals for the project entitled "Imperial". Imperial included three tools named Achilles, Aeris and SeaPea. Achilles was a tool for turning MacOS DMG install files into trojan malware. Aeris was a malware implant for
POSIX
The Portable Operating System Interface (POSIX) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. POSIX defines both the system- and user-level application programming interf ...
systems, and SeaPea was an OS X
rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
.
Part 20 – "Dumbo"
On 3 August 2017, WikiLeaks published part 20 of its Vault 7 materials, manuals for the project entitled "Dumbo". Dumbo was a tool that the Agency used to disable webcams, microphones, and other surveillance tools over WiFi and bluetooth to allow field agents to perform their missions.
Part 21 – "CouchPotato"
On 10 August 2017, WikiLeaks published part 21 of its Vault 7 materials, the manual for the project CouchPotato. CouchPotato was a tool for intercepting and saving remote video streams, which let the CIA tap into other people's surveillance systems.
Part 22 – "ExpressLane"
On 24 August 2017, WikiLeaks published part 22 of its Vault 7 materials from the CIA's "ExpressLane" project. These documents highlighted one of the cyber operations the CIA conducts against other services it liaises with, including the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).
ExpressLane, a covert information collection tool, was used by the CIA to exfiltrate the biometric data collection systems of services it liaises with. ExpressLane was installed and run under the cover of upgrading the biometric software of liaison services by the CIA's Office of Technical Services (OTS) agents without their knowledge.
Part 23 – "Angelfire"
On 31 August 2017, WikiLeaks published part 23 of the Vault 7 documents, the manual for the project Angelfire. Angelfire was a malware framework made to infect computers running Windows XP and Windows 7, made of five parts. Solartime was the malware that modified the boot sector to load Wolfcreek, which was a self-loading driver that loaded other drivers. Keystone was responsible for loading other malware. BadMFS was a covert file system that hid the malware, and Windows Transitory File System was a newer alternative to BadMFS. The manual included a long list of problems with the tools.
Part 24 – "Protego"
Protego, part 24 of the Vault 7 documents, was published on 7 September 2017.
Vault 8
On 9 November, 2017, WikiLeaks began publishing Vault 8, which it described as "source code and analysis for CIA software projects including those described in the Vault7 series." The stated intention of the Vault 8 publication was to "enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components."
The only Vault 8 release has been the source code and development logs for Hive, a covert communications platform for CIA malware.
WikiLeaks published the
Hive documentation as part of Vault 7 on 14 April 2017.
Organization of cyber warfare
WikiLeaks said that the documents came from "an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence (CCI) in
Langley, Virginia
Langley is an unincorporated community in the census-designated place of McLean in Fairfax County, Virginia, United States. Langley is often used as a metonym for the Central Intelligence Agency (CIA), as it is home to its headquarters, the Geor ...
."
The documents allowed WikiLeaks to partially determine the structure and organization of the CCI. The CCI reportedly has an entire unit devoted to compromising Apple products.
The cybersecurity firm
Symantec analyzed Vault 7 documents and found some of the described software closely matched
cyberattack
A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...
s by "Longhorn," which it had monitored since 2014. Symantec had previously suspected that "Longhorn" was government-sponsored and had tracked its usage against 40 targets in 16 countries.
Frankfurt base
The first portion of the documents made public on 7 March 2017, Vault 7 "Year Zero", revealed that a top secret CIA unit used the German city of
Frankfurt
Frankfurt, officially Frankfurt am Main (; Hessian: , "Frank ford on the Main"), is the most populous city in the German state of Hesse. Its 791,000 inhabitants as of 2022 make it the fifth-most populous city in Germany. Located on its na ...
as the starting point for hacking attacks on
Europe
Europe is a large peninsula conventionally considered a continent in its own right because of its great physical size and the weight of its history and traditions. Europe is also considered a Continent#Subcontinents, subcontinent of Eurasia ...
,
China
China, officially the People's Republic of China (PRC), is a country in East Asia. It is the world's most populous country, with a population exceeding 1.4 billion, slightly ahead of India. China spans the equivalent of five time zones and ...
and the
Middle East
The Middle East ( ar, الشرق الأوسط, ISO 233: ) is a geopolitical region commonly encompassing Arabian Peninsula, Arabia (including the Arabian Peninsula and Bahrain), Anatolia, Asia Minor (Asian part of Turkey except Hatay Pro ...
. According to the documents, the U.S. government uses its
Consulate General Office in Frankfurt as a hacker base for
cyber operations. WikiLeaks documents reveal the Frankfurt hackers, part of the Center for Cyber Intelligence Europe (CCIE), were given cover identities and diplomatic passports to obfuscate customs officers to gain entry to Germany.
The chief
Public Prosecutor General of the Federal Court of Justice in
Karlsruhe
Karlsruhe ( , , ; South Franconian: ''Kallsruh'') is the third-largest city of the German state (''Land'') of Baden-Württemberg after its capital of Stuttgart and Mannheim, and the 22nd-largest city in the nation, with 308,436 inhabitants. ...
Peter Frank announced on 8 March 2017 that the government was conducting a preliminary investigation to see if it will launch a major probe into the activities being conducted out of the consulate and also more broadly whether people in Germany were being attacked by the CIA. Germany's foreign minister
Sigmar Gabriel
Sigmar Hartmut Gabriel (born 12 September 1959) is a German politician who was the Federal Minister for Foreign Affairs from 2017 to 2018 and the vice-chancellor of Germany from 2013 to 2018. He was Leader of the Social Democratic Party of Germa ...
from the
Social Democratic Party
The name Social Democratic Party or Social Democrats has been used by many political parties in various countries around the world. Such parties are most commonly aligned to social democracy as their political ideology.
Active parties
For ...
responded to the documents of Vault 7 "Year Zero" that the CIA used Frankfurt as a base for its digital espionage operations, saying that Germany did not have any information about the cyber attacks.
UMBRAGE
The documents reportedly revealed that the agency had amassed a large collection of cyberattack techniques and malware produced by other hackers. This library was reportedly maintained by the CIA's Remote Devices Branch's UMBRAGE group, with examples of using these techniques and source code contained in the "Umbrage Component Library"
git
Git () is a distributed version control system: tracking changes in any set of files, usually used for coordinating work among programmers collaboratively developing source code during software development. Its goals include speed, data in ...
repository. According to WikiLeaks, by recycling the techniques of third-parties through UMBRAGE, the CIA can not only increase its total number of attacks,
but can also mislead forensic investigators by disguising these attacks as the work of other groups and nations.
Among the techniques borrowed by UMBRAGE was the file wiping implementation used by
Shamoon
Shamoon ( fa, شمعون), also known as W32.DistTrack, is a modular computer virus that was discovered in 2012, targeting then-recent 32-bit NT kernel versions of Microsoft Windows. The virus was notable due to the destructive nature of the atta ...
. According to ''
PC World
''PC World'' (stylized as PCWorld) is a global computer magazine published monthly by IDG. Since 2013, it has been an online only publication.
It offers advice on various aspects of PCs and related items, the Internet, and other personal tech ...
'', some of the techniques and code snippets have been used by CIA in its internal projects, whose end result cannot be inferred from the leaks. ''PC World'' commented that the practice of planting "
false flags
A false flag operation is an act committed with the intent of disguising the actual source of responsibility and pinning blame on another party. The term "false flag" originated in the 16th century as an expression meaning an intentional misr ...
" to deter attribution was not a new development in cyberattacks: Russian, North Korean and Israeli hacker groups are among those suspected of using false flags.
According to a study by
Kim Zetter
Kim Zetter is an American investigative journalist and author who has covered cybersecurity and national security since 1999. She has broken numerous stories over the years about NSA surveillance, WikiLeaks, and the hacker underground, including ...
in ''
The Intercept
''The Intercept'' is an American left-wing news website founded by Glenn Greenwald, Jeremy Scahill, Laura Poitras and funded by billionaire eBay co-founder Pierre Omidyar. Its current editor is Betsy Reed. The publication initially reported ...
'', UMBRAGE was probably much more focused on speeding up development by repurposing existing tools, rather than on planting false flags.
Robert Graham, CEO of
Errata Security told ''The Intercept'' that the source code referenced in the UMBRAGE documents is "extremely public", and is likely used by a multitude of groups and state actors. Graham added: "What we can conclusively say from the evidence in the documents is that they're creating snippets of code for use in other projects and they're reusing methods in code that they find on the internet. ... Elsewhere they talk about obscuring attacks so you can't see where it's coming from, but there's no concrete plan to do a
false flag
A false flag operation is an act committed with the intent of disguising the actual source of responsibility and pinning blame on another party. The term "false flag" originated in the 16th century as an expression meaning an intentional misr ...
operation. They're not trying to say 'We're going to make this look like Russia'."
False flag theories
On the day the Vault 7 documents were first released, WikiLeaks described UMBRAGE as "a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation," and tweeted, "CIA steals other groups virus and malware facilitating
false flag
A false flag operation is an act committed with the intent of disguising the actual source of responsibility and pinning blame on another party. The term "false flag" originated in the 16th century as an expression meaning an intentional misr ...
attacks."
A
conspiracy theory
A conspiracy theory is an explanation for an event or situation that invokes a conspiracy by sinister and powerful groups, often political in motivation, when other explanations are more probable.Additional sources:
*
*
*
* The term has a nega ...
soon emerged alleging that the CIA framed the
Russian government
The Government of Russia exercises executive power in the Russian Federation. The members of the government are the prime minister, the deputy prime ministers, and the federal ministers. It has its legal basis in the Constitution of the Russia ...
for
interfering in the 2016 U.S. elections. Conservative commentators such as
Sean Hannity
Sean Patrick Hannity (born December 30, 1961) is an American talk show host, conservative political commentator, and author. He is the host of ''The Sean Hannity Show'', a nationally syndicated talk radio show, and has also hosted a commentar ...
and
Ann Coulter
Ann Hart Coulter (; born December 8, 1961) is an American conservative media pundit, author, syndicated columnist, and lawyer. She became known as a media pundit in the late 1990s, appearing in print and on cable news as an outspoken critic of ...
speculated about this possibility on Twitter, and
Rush Limbaugh
Rush Hudson Limbaugh III ( ; January 12, 1951 – February 17, 2021) was an American conservative political commentator who was the host of '' The Rush Limbaugh Show'', which first aired in 1984 and was nationally syndicated on AM and FM r ...
discussed it on his radio show.
Russian foreign minister
Sergey Lavrov
Sergey Viktorovich Lavrov (russian: Сергей Викторович Лавров, ; born 21 March 1950) is a Russian diplomat and politician who has served as the Minister of Foreign Affairs (Russia), Foreign Minister of Russia since 2004.
...
said that Vault 7 showed that "the CIA could get access to such 'fingerprints' and then use them."
Cybersecurity writers, such as Ben Buchanan and
Kevin Poulsen
Kevin Lee Poulsen (born November 30, 1965) is an American former black-hat hacker and a contributing editor at ''The Daily Beast''.
Biography
He was born in Pasadena, California, on November 30, 1965.
Black-hat hacking
On June 1, 1990, Pouls ...
, were skeptical of those theories.
Poulsen wrote, "The leaked catalog isn't organized by country of origin, and the specific malware used by the Russian DNC hackers is nowhere on the list."
Marble framework
The documents describe the Marble framework, a string obfuscator used to hide text fragments in malware from visual inspection. As part of the program, foreign languages were used to cover up the source of CIA hacks. According to WikiLeaks, it reached 1.0 in 2015 and was used by the CIA throughout 2016.
In its release, WikiLeaks described the primary purpose of "Marble" as to insert foreign language text into the malware to mask viruses, trojans and hacking attacks, making it more difficult for them to be tracked to the CIA and to cause forensic investigators to falsely attribute code to the wrong nation. The source code revealed that Marble had examples in Chinese, Russian, Korean, Arabic and
Persian
Persian may refer to:
* People and things from Iran, historically called ''Persia'' in the English language
** Persians, the majority ethnic group in Iran, not to be conflated with the Iranic peoples
** Persian language, an Iranian language of the ...
. These were the languages of the US's main cyber-adversaries – China, Russia, North Korea, and Iran.
[John Leyden]
WikiLeaks exposes CIA anti-forensics tool that makes Uncle Sam seem fluent in enemy tongues
The Register, 31 March 2017
Analysts called WikiLeaks' description of Marble's main purpose inaccurate, telling ''
The Hill'' its main purpose was probably to avoid detection by antivirus programs.
Marble also contained a deobfuscator tool with which the CIA could reverse text obfuscation.
Security researcher Nicholas Weaver from
International Computer Science Institute
The International Computer Science Institute (ICSI) is an independent, non-profit research organization located in Berkeley, California, United States. Since its founding in 1988, ICSI has maintained an affiliation agreement with the University ...
in Berkeley told the Washington Post: "This appears to be one of the most technically damaging leaks ever done by WikiLeaks, as it seems designed to directly disrupt ongoing CIA operations."
Compromised technology and software
CDs/DVDs
HammerDrill is a CD/DVD collection tool that collects directory walks and files to a configured directory and filename pattern as well as logging CD/DVD insertion and removal events. v2.0 adds a gap jumping capability that injects a trojan into 32-bit executables as they are being burned to disc by Nero. Additionally, v2.0 adds a status, termination and an on-demand collection feature controlled by HammerDrillStatus.dll, HammerDrillKiller.dll and HammerDrillCollector.dll. The logging now also fingerprints discs by hashing the first two blocks of the ISO image, which enables unique identification of multi-sessions discs even as data is added and removed. The log also logs anytime a HammerDrill trojaned binary is seen on a disc.
Apple products
After WikiLeaks released the first installment of Vault 7, "Year Zero", Apple stated that "many of the issues leaked today were already patched in the latest iOS," and that the company will "continue work to rapidly address any identified vulnerabilities."
On 23 March 2017, WikiLeaks released "Dark Matter", the second batch of documents in its Vault 7 series, detailing the hacking techniques and tools all focusing on Apple products developed by the Embedded Development Branch (EDB) of the CIA. The leak also revealed the CIA had been targeting the iPhone since 2008, a year after the device was released. These EDB projects attacked Apple's firmware, meaning that the attack code would persist even if the device was rebooted. The "Dark Matter" archive included documents from 2009 and 2013. Apple issued a second statement assuring that based on an "initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released." Additionally, a preliminary assessment showed "the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013".
Cisco
WikiLeaks said on 19 March 2017 on Twitter that the "CIA was secretly exploiting" a vulnerability in a huge range of
Cisco
Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
router models discovered thanks to the Vault 7 documents.
[http://www.securityweek.com/cisco-finds-zero-day-vulnerability-vault-7-leak ] The CIA had learned more than a year ago how to exploit flaws in Cisco's widely used
internet switches, which direct electronic traffic, to enable eavesdropping. Cisco quickly reassigned staff from other projects to turn their focus solely on analyzing the attack and to figure out how the CIA hacking worked, so they could help customers patch their systems and prevent criminal hackers or spies from using similar methods.
On 20 March, Cisco researchers confirmed that their study of the Vault 7 documents showed the CIA had developed malware which could exploit a flaw found in 318 of Cisco's switch models and alter or take control of the network.
Cisco issued a warning on security risks, patches were not available, but Cisco provided mitigation advice.
Smartphones/tablets
The electronic tools can reportedly compromise both
Apple
An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...
's
iOS
iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also includes ...
and
Google
Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. ...
's
Android operating systems. By adding malware to the Android operating system, the tools could gain access to secure communications made on a device.
Messaging services
According to WikiLeaks, once an Android smartphone is penetrated the agency can collect "audio and message traffic before encryption is applied".
Some of the agency's software is reportedly able to gain access to messages sent by instant messaging services.
This method of accessing messages differs from obtaining access by decrypting an already encrypted message.
While the encryption of
messengers that offer
end-to-end encryption
End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, and even ...
, such as
Telegram
Telegraphy is the long-distance transmission of messages where the sender uses symbolic codes, known to the recipient, rather than a physical exchange of an object bearing the message. Thus flag semaphore is a method of telegraphy, whereas p ...
,
WhatsApp
WhatsApp (also called WhatsApp Messenger) is an internationally available freeware, cross-platform, centralized instant messaging (IM) and voice-over-IP (VoIP) service owned by American company Meta Platforms (formerly Facebook). It allows us ...
and
Signal
In signal processing, a signal is a function that conveys information about a phenomenon. Any quantity that can vary over space or time can be used as a signal to share messages between observers. The ''IEEE Transactions on Signal Processing'' ...
, wasn't reported to be cracked, their encryption can be bypassed by capturing input before their encryption is applied, by methods such as keylogging and recording the touch input from the user.
Commentators, among them Snowden and
cryptographer
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
and security pundit
Bruce Schneier
Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Cente ...
, observed that Wikileaks incorrectly implied that the messaging apps themselves, and their underlying encryption, had been compromised - an implication which was in turn reported for a period by the New York Times and other
mainstream outlets.
Vehicle control systems
One document reportedly showed that the CIA was researching ways to infect vehicle control systems. WikiLeaks stated, "The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations."
This statement brought renewed attention to
conspiracy theories
A conspiracy theory is an explanation for an event or situation that invokes a conspiracy by sinister and powerful groups, often political in motivation, when other explanations are more probable.Additional sources:
*
*
*
* The term has a nega ...
surrounding the
death of Michael Hastings.
Windows
The documents refer to a "Windows FAX
DLL injection
In computer programming, DLL injection is a technique used for running code within the address space of another process by forcing it to load a dynamic-link library. DLL injection is often used by external programs to influence the behavior of ano ...
" exploit in
Windows XP
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...
,
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
and
Windows 7
Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearly ...
operating systems.
This would allow a user with malicious intents to hide its own malware under the DLL of another application. However, a computer must have already been compromised through another method for the injection to take place.
Commentary
On 7 March 2017, Edward Snowden commented on the importance of the release, stating that it reveals the United States Government to be "developing vulnerabilities in US products" and "then intentionally keeping the holes open", which he considers highly reckless.
On 7 March 2017, Nathan White, Senior Legislative Manager at the Internet advocacy group
Access Now
Access Now is a non-profit organization founded in 2009 with a mission to defend and extend the digital civil rights of people around the world. Access Now supports programs including an annual conference on Human Rights (RightsCon), an index ...
, writes:
On 8 March 2017, Lee Mathews, a contributor to ''
Forbes
''Forbes'' () is an American business magazine owned by Integrated Whale Media Investments and the Forbes family. Published eight times a year, it features articles on finance, industry, investing, and marketing topics. ''Forbes'' also re ...
'', wrote that most of the hacking techniques described in Vault 7 were already known to many cybersecurity experts.
On 8 March 2017, some note that the revealed techniques and tools are most likely to be used for more targeted surveillance revealed by Edward Snowden.
On 8 April 2017, Ashley Gorski, an
American Civil Liberties Union
The American Civil Liberties Union (ACLU) is a nonprofit organization founded in 1920 "to defend and preserve the individual rights and liberties guaranteed to every person in this country by the Constitution and laws of the United States". T ...
staff attorney called it "critical" to understand that "these vulnerabilities can be exploited not just by our government but by foreign governments and cyber criminals around the world."
Justin Cappos, professor in the Computer Science and Engineering department at New York University asks "if the government knows of a problem in your phone that bad guys could use to hack your phone and have the ability to spy on you, is that a weakness that they themselves should use for counterterrorism, or for their own spying capabilities, or is it a problem they should fix for everyone?".
On 8 April 2017,
Cindy Cohn
Cindy Cohn is an American civil liberties attorney specializing in Internet law. She represented Daniel J. Bernstein and the Electronic Frontier Foundation in '' Bernstein v. United States''.
Education
She received her undergraduate degree ...
, executive director of the San Francisco-based international nonprofit digital rights group
Electronic Frontier Foundation
The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ci ...
, said: "If the C.I.A. was walking past your front door and saw that your lock was broken, they should at least tell you and maybe even help you get it fixed." "And worse, they then lost track of the information they had kept from you so that now criminals and hostile foreign governments know about your broken lock." Furthermore, she stated that the CIA had "failed to accurately assess the risk of not disclosing vulnerabilities. Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans." "The freedom to have a private conversation – free from the worry that a hostile government, a rogue government agent or a competitor or a criminal are listening – is central to a free society". While not as strict as privacy laws in Europe, the
Fourth Amendment to the
US constitution
The Constitution of the United States is the supreme law of the United States of America. It superseded the Articles of Confederation, the nation's first constitution, in 1789. Originally comprising seven articles, it delineates the nation ...
does guarantee the right to be free from unreasonable searches and seizures.
On 12 May 2017 Microsoft President and Chief Legal Officer Brad Smith wrote "This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks," In other words, Smith expressed concern about the fact that the CIA have stockpiled such computer vulnerabilities, which in turn were stolen from them, while they failed to inform Microsoft in a timely fashion about their security breach, as a result the privacy and security of their customers around the world were potentially negatively affected for an extended period and caused widespread damage.
See also
Notes
References
External links
Vault 7at
WikiLeaks
WikiLeaks () is an international Nonprofit organization, non-profit organisation that published news leaks and classified media provided by anonymous Source (journalism), sources. Julian Assange, an Australian Internet activism, Internet acti ...
Julian Assange Press Conference and Q&A on CIA/Vault7/YearZero Thursday 9 March 2017, the official WikiLeaks YouTube channel
{{WikiLeaks
2017 in the United States
Central Intelligence Agency domestic surveillance operations
Central Intelligence Agency controversies
Computer surveillance
Cyberwarfare
Hacking in the 2010s
Information published by WikiLeaks
Instant messaging
March 2017 events in the United States
Computer security exploits
Works about security and surveillance