reposted from The Hacker News

10 Things You Need To Know About ‘Wikileaks CIA Leak’

by Swati Khandelwal
March 08, 2017


Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets, including the agency’s ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems.

It dubbed the first release as Vault 7.

Vault 7 is just the first part of leak series “Year Zero” that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA).

According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on.

One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause “accidents” which would effectively be “nearly undetectable assassinations.”

While security experts, companies and non-profit organizations are still reviewing 8,761 documents released as Vault 7 archive, we are here with some relevant facts and points that you need to know.

Here’s Everything You Need to Know About Vault 7:

WikiLeaks Exposes CIA’s Mobile Hacking Secrets

Vault 7 purportedly includes 8,761 documents and files that detail intelligence information on CIA-developed software intended to crack any Android smartphone or Apple iPhone, including some that could take full control of the devices.

In fact, Wikileaks alleges that the CIA has a sophisticated unit in its Mobile Development Branch that develops zero-day exploits and malware to “infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.”

Some of the attacks are powerful enough to allow an attacker to remotely take over the “kernel,” the heart of the operating system that controls the smartphone operation, or to gain “root” access on the devices, giving the attacker access to information like geolocation, communications, contacts, and more.

These types of attacks would most likely be useful for targeted hacking, rather than mass surveillance.

The leaked documents also detail some specific attacks the agency can perform on certain smartphones models and operating systems, including recent versions of iOS and Android.

CIA Didn’t Break Encryption Apps, Instead Bypassed It

In the hours since the documents were made available by WikiLeaks, a misconception was developed, making people believe the CIA “cracked” the encryption used by popular secure messaging software including Signal and WhatsApp.

WikiLeaks asserted that:

“These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.”

This statement by WikiLeaks made most people think that the encryption used by end-to-end encrypted messaging clients such as Signal and WhatsApp has been broken.

No, it hasn’t.Instead, the CIA has tools to gain access to entire phones, which would of course “bypass” encrypted messaging apps because it fails all other security systems virtually on the phone, granting total remote access to the agency.

The WikiLeaks documents do not show any attack particular against Signal or WhatsApp, but rather the agency hijacks the entire phone and listens in before the applications encrypt and transmit information.

It’s like you are sitting in a train next to the target and reading his 2-way text conversation on his phone or laptop while he’s still typing, this doesn’t mean that the security of the app the target is using has any issue.

In that case, it also doesn’t matter if the messages were encrypted in transit if you are already watching everything that happens on the device before any security measure comes into play.

But this also doesn’t mean that this makes the issue lighter, as noted by NSA whistleblower Edward Snowden, “This incorrectly implies CIA hacked these apps/encryption. But the docs show iOS/Android are what got hacked—a much bigger problem.”

CIA Develops Malware to targets Windows, Linux & MacOS

The Wikileaks CIA dump also includes information about the malware that can be used by the agency to hack, remotely spy on and control PCs running Windows, macOS, and Linux operating systems.

This apparently means that the CIA can bypass PGP email encryption and even Virtual Private Network (VPN) on your computer in a similar way. The agency can also see everything you are doing online, even if you are hiding it behind Tor Browser.Again, this also does not mean that using PGP, VPNs, or Tor Browser is not safe or that the CIA can hack into these services.

But the agency’s ability to hack into any OS to gain full control of any device — whether it’s a smartphone, a laptop, or a TV with a microphone — makes the CIA capable of bypassing any service spy on everything that happens on that device.

CIA Borrowed Codes from Public Malware Samples

Yes, in addition to the attacks purportedly developed by the CIA, the agency has adopted some of the code from other, public sources of malware. Well, that’s what many does.One of the documents mentions how the agency supposedly tweaks bits of code from known malware samples to develop its custom code and more targeted solutions.

“The UMBRAGE team maintains a library of application development techniques borrowed from in-the-wild malware,” the WikiLeaks document reads. “The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions.”

Some of the exploits listed were discovered and released by security firms, hacker groups, independent researchers, and purchased, or otherwise acquired by the CIA from other intelligence agencies, such as the FBI, NSA, and GCHQ.

One borrowed exploit in “Data Destruction Components” includes a reference to Shamoon, a nasty malware that has the capability to steal data and then completely wipe out hard-drives.

Another acquired attack by the CIA is SwampMonkey, which allows the agency to get root privileges on undisclosed Android devices.Persistence, another tool in the CIA arsenal, allows the agency to gain control over the target device whenever it boots up again.

CIA Used Malware-Laced Apps to Spy on Targets

The leaked documents include a file, named “Fine Dining,” which does not contain any list of zero-day exploits or vulnerabilities, but a collection of malware-laced applications.

Fine Dining is a highly versatile technique which can be configured for a broad range of deployment scenarios, as it is meant for situations where the CIA agent has to infect a computer physically.

CIA field agents store one or more of these infected applications — depending upon their targets — on a USB, which they insert in their target’s system to run one of the applications to gather the data from the device.

Developed by OSB (Operational Support Branch), a division of the CIA’s Center for Cyber Intelligence, Fine Dining includes modules that can be used to weaponize following applications:


About this Author:

Swati Khandelwal
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.