CIA Hacking & Vault 7: Your Guide to the Latest WikiLeaks Release

James Frew 10-03-2017

After multiple teasers from WikiLeaks, on 7th March 2017 the whistle-blowing website released a set of documents called Vault 7. These were purportedly leaked from inside the Center for Cyber Intelligence unit of the CIA. To accompany the Vault 7 documents, WikiLeaks prepared a press release detailing the background and main discoveries of the leak.


However, in the hours following its release there were a number of sensational headlines that claimed encryption on apps like WhatsApp and Signal had been compromised. This isn’t true, despite the widespread reporting. So what exactly did the Vault 7 leaks tell us, and should we worry?

What Are the Vault 7 Leaks?

The Vault 7 documents are the first in a series of releases from WikiLeaks, dubbed Year Zero, from the CIA’s Center for Cyber Intelligence. In total there are 7,818 web pages with 943 attachments that include documents, images, and other files dating between 2013 and 2016.

CIA Hacking & Vault 7: Your Guide to the Latest WikiLeaks Release Vault7

Although WikiLeaks didn’t name a source for the leak, in their press release they did state that their source “wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons”.

Unlike in previous releases, WikiLeaks has redacted names and other personally identifiable information before publication. In their statement they also said that they have intentionally withdrawn certain information to prevent “the distribution of ‘armed’ cyberweapons”.


What’s in Vault 7?

The documents in Vault 7 seem to have come from a piece of software called Confluence. Confluence is an internal wiki for corporate settings which typically runs on an Atlassian server.

Atlassian servers are notoriously difficult to secure, which could give an indication as to how this leak may have happened.

Being an internal collaboration tool, the release contains work-in-progress projects, presentations, and technical documentation, alongside the code used to execute many of the exploits. Although there is a significant portion of this that has been held back by WikiLeaks.

Smartphone Hacking With Zero-Day Exploits

Software vulnerabilities are inevitable. They are often discovered by researchers, who report them to the developer. The developer will write and deploy a patch and the vulnerability is closed. However, if an attacker finds the vulnerability before the developer, they can create an exploit, known as a zero-day attack.


CIA Hacking & Vault 7: Your Guide to the Latest WikiLeaks Release Android Exploits

Vault 7 shows that the CIA had access to a number of zero-day exploits which they were using in order to compromise both Android and iOS devices. Interestingly, it seems that a lot of effort was put into making sure that the exploits would work specifically on Samsung devices. While many of the Android exploits are older than the iOS ones, it’s not clear if that’s because the exploits were still operational or they had shifted their focus towards iOS. There was clearly a lot of effort put into iOS devices, as User Guide for the DBROOM exploit shows that almost every iPad, iPod, and iPhone model is supported.

CIA Hacking & Vault 7: Your Guide to the Latest WikiLeaks Release iOS Device List

The documents show that the CIA was purchasing many exploits from other organisations. As Edward Snowden pointed out on Twitter, this is evidence of the US government paying to keep software unsafe. Of course, this isn’t unusual for intelligence organisations or the cyber criminals who often use these exploits. What is unusual is that in this case, the Government is paying in order to keep their citizens less safe by not disclosing the exploits so they can be patched.


Weeping Angel & Samsung Smart TVs

You may remember that back in 2015, it was reported that Samsung TVs may be spying on you. At the time, this was flatly denied by Samsung, and they said that audio was only collected so they can process your voice requests. It turns out that actually Samsung Smart TVs can spy on you, thanks to the CIA.

CIA Hacking & Vault 7: Your Guide to the Latest WikiLeaks Release Weeping Angel ToDo

The Weeping Angel project, run by the Embedded Development Branch (EDB), created an exploit that could turn your smart TV into a microphone, able to report back all audio to the CIA. According to one document from June 2014, they even had plans to add video capture, live stream audio, and disable auto-upgrades.

Rain Maker

The Rain Maker tool allowed the CIA to collect system data and specific files from a computer. The tool could be inserted onto a USB drive (or other removable media) and triggered once a user opened the portable version of VLC Media Player on the drive.


CIA Hacking & Vault 7: Your Guide to the Latest WikiLeaks Release RainMaker

The captured data would be encrypted on the removable media, ready to be decrypted at a later time. This implies that for this exploit to work a CIA agent must be able to get physical access to the media drive. The Rain Maker User Guide says that it would work only on Windows XP, Vista, 7, 8, or 8.1. Although, as the guide is dated March 2015, there is the potential that Rain Maker had been extended to support Windows 10.

Vehicle Control Systems

The internet of Things movement has persuaded many manufacturers that adding an internet connection The Internet of Things: 10 Useful Products You Must Try in 2016 The Internet of Things is ramping up in 2016, but what does that mean exactly? How do you personally benefit from the Internet of Things? Here are a few useful products to illustrate. Read More to their products makes them infinitely better. However, there are some that you would really not want to connect 5 Devices You Do NOT Want to Connect to the Internet of Things The Internet of Things (IoT) may not be everything it’s cracked up to be. In fact, there are some smart devices you may not want to connect to the web at all. Read More — like your car.

While we have seen passenger vehicles be hacked before at Black Hat USA, this was done as an ethical proof-of-concept. Alarmingly the EDB appears to have also been looking at how to compromise connected vehicles. Although the only information Vault 7 gives us on this is minutes from a meeting in October 2014, it’s a cause for concern that they were potentially looking for zero-day exploits in our cars.

Fingerprinting & Framing Other Governments

Back in 2010, news broke of a computer worm called Stuxnet which had infected and caused damage to Iran’s nuclear program. Many security researchers believe that the worm was built by the American and Israeli governments. This is because each attack will contain a “fingerprint” that may identify a particular state or hacking collective.

CIA Hacking & Vault 7: Your Guide to the Latest WikiLeaks Release UMBRAGE Library

Vault 7 contained documents that show the CIA was maintaining a database of known malware, keyloggers, and other spyware and exploits. This was used in order build a collection of fingerprints from different states around the world under the UMBRAGE project. They could then use those fingerprints in order to misdirect attribution of the attack if it were discovered.

This is only a fraction of attacks that are included in Vault 7. There are many more relating to Windows, Linux, and Mac OS. The leak also shows that they were developing exploits for routers, as well as looking to compromise anti-virus software.

While the technical information gives a fascinating, and sometimes worrying, insight into how the CIA attempts to infiltrate other organisations and individuals, there is also a more human side on display. Many of the exploits are named after characters in nerd culture — like Weeping Angels, presumably inspired by the creatures of the Doctor Who universe.

Did the CIA Hack WhatsApp?

In the Vault 7 press release WikiLeaks had stated:

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

They then widely shared a tweet emphasising that “the CIA [is able] to bypass encryption”. This led to most media organisations running with the headline that WhatsApp, Telegram, and Signal’s encryption had been compromised.

Unfortunately, these outlets took no time to either dig deeper, or consider WikiLeaks original statement. By looking at the detail it was clear that the encryption in any of these apps had not been compromised. Instead, WikiLeaks had chosen to editorialize. The CIA had used zero-day exploits in order to compromise smartphones running both iOS and Android.

By compromising the device, they would be able to access data that was not encrypted. This approach is not the same as being able to compromise encryption mechanisms.

Can You Trust WikiLeaks?

According to their website “WikiLeaks is a multi-national media…[which] specializes in the analysis and publication of large datasets of censored or otherwise restricted materials.” After being established by the now-infamous Julian Assange, they published their first release in December 2006.

It gained notoriety and worldwide fame after publishing diplomatic cables from the United States government in 2010. Following the release of the cables, the U.S. launched a criminal investigation into WikiLeaks. Around the same time, Assange was accused of sexual assault and rape in Sweden and a request was made to extradite him. In order to prevent his extradition to either Sweden or the U.S., Assange sought asylum from the Ecuadorian Embassy in London, where he has remained since 2012. WikiLeaks has continued to publish leaks in the meantime including the DNC hacks and Podesta emails WikiLeaks, the DNC, and John Podesta: What You Need to Know What is going on with Wikileaks and the 2016 Presidential elections? Did Russia hack the DNC? Is Hillary Clinton corrupt? And is it illegal for Average Joe to read the leaked emails? Let's find out. Read More in the run up to the US Presidential Election in 2016.

The leak of the DNC and Podesta emails has been widely reported as having been the work of Russian intelligence agents and spies. Although that claim has been disputed by Russia and the Trump Administration, the allegation has remained. Julian Assange’s strained history with the U.S. has led many to believe that he acted alongside the Russian government to undermine confidence in the U.S. electoral system, and to help Donald Trump win the Presidency. This is believed by some to have been an act of revenge after former Secretary of State Hillary Clinton allegedly suggested subjecting Assange to a drone strike following an earlier WikiLeaks release.

Ultimately, this has led to skepticism of the latest WikiLeaks publications, as they feel that the organisation can not be trusted to be impartial, particularly in relation to matters of US government.

Editorialized Misreporting

The Vault 7 release also differed from past WikiLeaks publications. Although WikiLeaks does tend to offer contextual background and summaries to their releases, the press release for Vault 7 appears to have been editorialized in order to emphasize particular aspects. As we already saw, they were instrumental to the misreporting around encryption both in their press release, and then again on Twitter.

It seems as though the staff at WikiLeaks took it upon themselves to insert popular encrypted apps into the conversation as initial readings of Vault 7 show no references to any of the apps WikiLeaks listed. Although many outlets later corrected their initial headlines to reflect that the encryption wasn’t broken, the lasting impression of those statements may undermine confidence in encryption.

Another peculiarity in this release was that WikiLeaks independently redacted over 7,000 pieces of information. Although they have faced heavy criticism for not doing so in the past, even from Edward Snowden, this abrupt change is surprising. This is especially strange given that WikiLeaks themselves have said that “every redaction is propaganda.”

Initial reports suggest that the documents inside Vault 7 are genuine so the fundamental point that the CIA has been using exploits in popular technology to hack individuals appears to be true. However, the narrative around the release may not be as impartial as WikiLeaks would have you believe.

Should You Be Worried?

The fact that the CIA has the ability to compromise many of the devices we use every day, including our smartphones, computers, laptops, and smart home devices is extremely unsettling. If the Vault 7 information has been passed around between informants for around a year already as has been suggested, then there is a good chance that the exploits in the leak will be in the hands of various criminals and other governments around the world.

While that could be worrying there is some hope to be found. Most of the exploits listed in the Vault 7 leaks are at least over a year old, and there is a potential that they have been patched in subsequent releases. Even if they haven’t, there is a good chance that now this information is public the companies affected will work to patch them immediately.

Another reason for comfort, despite the severity of the leak, is that for most of the exploits the CIA had devised, there needed to be some form of physical access to the target or their devices. This means that, from what we’ve seen so far, there is no capability for mass surveillance like we saw in Edward Snowden’s NSA leaks. In fact, a large amount of the exploit relies on agents being able to effectively perform social engineering to gain either access or information.

The fact that the CIA develops tools to allow them to spy on foreign organisations and persons of interest shouldn’t really be all that surprising. The CIA’s entire purpose is to collect national security information from around the world. Although it breaks with the time-honored tradition of a James Bond-style spy, the Vault 7 leaks show how the intelligence community is shifting into the digital age.

Cause for Concern?

While Vault 7 is only the first in a series of promised releases under Year Zero, it gave us an insight into how the CIA operates now that intelligence gathering has moved digital. Although the breadth of their exploits was quite astonishing, especially the number for iOS and Linux devices, it might not be as shocking as initial claims suggested.

As the tweet from Troy Hunt noted we all expect our Governments to be doing their utmost to protect us and our security from those that want to do harm, but they are often criticized when their efforts are exposed.

Although the chances that you would be targeted by the CIA are relatively slim, now these exploits are public it may be wise to give yourself a security checkup Protect Yourself With An Annual Security and Privacy Checkup We're almost two months into the new year, but there's still time to make a positive resolution. Forget drinking less caffeine - we're talking about taking steps to safeguard online security and privacy. Read More . Make sure you’re not reusing passwords, use a password manager How Password Managers Keep Your Passwords Safe Passwords that are hard to crack are also hard to remember. Want to be safe? You need a password manager. Here's how they work and how they keep you safe. Read More , keep software up to date, and be on the lookout for social engineering attacks How To Protect Yourself From These 8 Social Engineering Attacks What social engineering techniques would a hacker use and how would you protect yourself from them? Let's take a look at some of the most common methods of attack. Read More .

Perhaps the most worrying part of Vault 7 isn’t even the exploits themselves. That Vault 7, or any of Year Zero, was exposed shows that despite having access to potentially dangerous “cyber weapons”, the CIA was unable to protect these from being leaked for the entire world to see.

What do you make of the latest WikiLeaks release? Is it something to worry about or did you already suspect? What will be in the rest of the Year Zero leaks? Let us know your thoughts in the comments!

Image Credits: Gearstd/Shutterstock

Related topics: Surveillance, WikiLeaks.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Mark
    March 15, 2017 at 3:25 pm

    As for me, Google, Amazon, Microsoft, Facebook and Samsung (not to mention CIA or NSA) eavesdropping on us ARE cyber criminals.

  2. Richard Borkovec
    March 12, 2017 at 10:21 am

    WikiLeaks has proved they're anything but neutral since the election here I'm the US. They flat out said they also hacked the RNC email system, but didn't publish those. Astrange said he'd do what he had to to make Hillary lose, and the Embassy he's in Eve. Cut his internet access. While Vault 7 is a good update on just exactly how the CIA is spying, it's no surprise to anyone that they're buying zero day exploits or creating that type of malware. After Snowden blew the lid on the NSA, this seems like a follow-up report. If this leak even proves to be legit, WikiLeaks has a very tarnished reputation now.

    • ikkf
      March 12, 2017 at 9:54 pm

      Your logic for coming to your conclusion is flawed. It's based on the premise that the Democrats are the "good guys" here. Only someone with a highly partisan bias would feel that way.

      • Richard Borkovec
        March 12, 2017 at 10:24 pm

        I never said the Dems were to good guys, in fact I wanted Sanders like a lot of the Dems did, and they proved to intentionally screw him over. But you can't claim to be neutral when you have dirt on both sides, and only release it on one. That's not being neutral, that's taking sides.

  3. Fred Thompon
    March 11, 2017 at 2:58 pm

    John Podesta wasn't "hacked" in the most common use of the term. He was phished and revealed his email password. There's a significant difference.
    WRT Wikileaks, the percentage of their releases that are from the U.S. government is far, far greater than that of any other country. That's a major reason they are not considered to be "neutral."

  4. Howard A Pearce
    March 10, 2017 at 8:03 pm

    While the article expresses concern about trusting Wikileaks or concern for the government to protect us from enemies, it is shocking that it seems to have said nothing about any concern citizens should have for government spying on citizens - given the items disclosed by the leake AND what the Snowden release showed us earlier - not to mention Clapper actually lying to congress about it .

    But his seems to be normal for most reporting on the subject. It is beware the evils of Wikileaks and feel sorry for government intelligence agencies - and who gives a damn about the privacy of citizens - after all, we expect government to spy on us and violate our civil rights, maybe.

    A real disgusting commentary on the media.

    • James Frew
      March 10, 2017 at 8:08 pm

      I'm sorry you feel that way. I did include a section "Should You Be Worried?" which aimed to tackle some of those points. Although there are many reasons to be concerned about government intervention and spying on their citizens, this particular leak did not show any evidence that this was happening in this division of the CIA. I don't hold the government or the organisations to any higher regard, but in this instance the main reporting on the leaks appears to over-hype the issue. What Vault 7 primarily showed was that the CIA is involved in highly targeted surveillance of key international persons, which is why I chose not to comment on larger government surveillance as it was outside of the scope of this post, and arguably of our technology focused website.

    • Iowan
      April 25, 2017 at 2:09 am

      Fairly good overview, overall. Though I agree with Howard here, this is much bigger cause for concern, little reason to doubt the validity of WL. Plus there are things MSM are brushing under the rug. Beyond the fact that it "primarily showed was that the CIA is involved in highly targeted surveillance," it also shows the more disturbing extent to which they can not just survey.... but they can hack - literally - with the windows exploits, and they can command and control (remote code execution) computers of anyone. Furthermore, additional research on the subject is finding that some of these exploits are fairly widespread in the US and abroad. Though it's a given that some of this proliferation may also be caused by the fact that they're public now, but we have good reason to believe they've been in the wild a lot longer.
      And so to that tune, I think that half the point of whomever it was that provided the info, is that these exploits (at least some of them) were on the market and in the wild (lost out of the gov'ts hands) quite a while before Wikileaks did their release. Plus to cite the scale, and affects just check out the huge amount of MS security bulletins and security updates that have came out in with April round updates. Fairly outrageous to see that MS was complicit with ignoring so much of this (so it seems is the case anyways), but glad to see their putting forth an effort to patch the holes. Its been a lot of info fast and a lot for the IT departments to try keep up with.

      • James Frew
        April 25, 2017 at 9:02 am

        Its true that the exploits will have been available for a period of time. Zero-day flaws are ones that have not been disclosed and so could be exploited. Although the documents show that the CIA had access to zero-days it doesn't guarantee that they were/are the only ones. However, before the release there was no sign that there were any current exploits being used to mass-target regular users by criminals from those zero-days.
        Although I agree that Microsoft has a patchy reputation on security, zero-day exploits are ones that by definition have not been discovered by the software vendor. To say Microsoft is complicit in this particular segment of Government surveillance wouldn't be accurate.

        • Iowan
          April 27, 2017 at 8:59 pm

          haha, Ok. I see, well I'm not here to argue on how morally upright MS is ( I own stock, as I'm sure many other readers here do as well), but yes... we can agree that they're reputation on security is patchy, indeed. And as a guy who's out there each day working these viruses, exploits, and making sure the holes get patched, I can tell you from experience I've seen some pretty good indicators that these exploits were actually out there in the wild previous to vault 7. In the last year, I've worked on three particular machines [in the US] that had viruses which match descriptions of Vault 7 exploits, to a T. All three had with infection dates on all three of them from 2016, months before this drop. Albeit, this is not hard proof, (still working on proving or disproving that) but pretty hefty circumstantial evidence.

        • James Frew
          April 27, 2017 at 9:04 pm

          It would be interesting to know if you find hard proof. Let us know how you get on!