If you’re interested in computer security, then by now the name Vault 7 would sound familiar to you. But in case you’re lost, here’s a quick refresher. On the 7th of March, WikiLeaks leaked its largest publication of confidential documents regarding the U.S. Central Intelligence Agency (CIA). These documents codenamed “Vault 7” by WikiLeaks, is the first of many more to come from an isolated network belonging to the CIA’s Center for Cyber Intelligence in Langley, Virginia.
What these documents reveal is very alarming. This is because the Vault 7 documents have revealed the majority of the CIA’s hacking arsenal. The leaks covering this powerful cyber warfare arsenal includes: malware, viruses, Trojans, weaponized zero day exploits, malware remote control systems and their associated documentation. Anybody who controls this arsenal has the entire hacking capacity of the CIA.
Exactly how worried should I be about this?
To understand just how scary this hacking arsenal is, take the example of a tool that’s called “Weeping Angel”. Developed by the CIA’s Embedded Devices Branch (EDB), Weeping Angel infects smart TV’s and transforms them into cover microphones that can be used to spy on you. It does this by placing your TV in a “Fake-Off” mode after it’s infected. In other words, while you think your TV is off it is actually recording what you say and sending them over the Internet to a covert CIA server. This is what Weeping Angel does and this is only one example of the tools at the CIA’s disposal.
But Weeping Angel is merely scratching the surface. In October 2014, the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. Officially, the purpose of this project wasn’t specified. However, the implications of this project are terrifying. In theory, the CIA could use this to take control of cars to actually kill people.
Additionally, none of our phones are secure either. According to the Vault 7 documents, the CIA also has a specialized unit developing malware to infect, control and capture data from iPhones and other iOS devices. This is done through the use of the numerous exploits the CIA developed or obtained from other security agencies and cyber weapons manufacturers such as Baitshop.
Furthermore, a similar unit within the CIA targets Android devices. This unit has added 24 weaponized Android zero day exploits as of 2016 to the CIA’s cyber warfare arsenal. This means that much of the encryption that apps such as WhatsApp, Signal, and Telegram aren’t as effective anymore. While the apps do still offer secure encrypted messaging, these exploits would allow the CIA’s hackers to see your messages and record what you say before encryption is applied.
Of course, not even desktops are safe. According to WikiLeaks, the Vault 7 documents state that the CIA also heavily focuses on infecting Windows PC’s with malware. Once again, this is done through weaponized zero day exploits and a variety of viruses. One notable mentioned by WikiLeaks is codenamed “Hammer Drill”, which infects PC’s using removable devices such as CD’s or USB pen drives.
As the Vault 7 documents show, no platform is safe. Everything from Android to iOS to Windows to OSx to Linux and more is vulnerable. Not even our Internet infrastructure is safe from the CIA’s arsenal. The CIA’s Network Devices branch has developed attacks against Internet infrastructure and web servers.
You should be worried but none of this is new
What the Vault 7 document shows us is an arsenal of terrifying cyber weapons. Cyber weapons that the CIA could use to spy or even kill anyone they want with just a few lines of code. Yet, as frightening as this arsenal is none of these threats are new. They’ve been around for ages.
For example: let’s take the topic of Weeping Angel hacking Smart tvs. In 2013, there was a presentation at the Black Hat USA 2013 Conference where SeungJin Lee – CEO of GrayHash spoke about the vulnerabilities of Smart tvs. During his presentation he shared how Smart TV’s can be hacked through malicious apps, hackers inside & outside your network, and even hackers around you. The full presentation can be found here and its slides here. This shows us that Smart TV vulnerabilities have been around for over 4 years.
Similarly, hackers getting into and taking control of computer systems in vehicles isn’t anything new either. It’s well known amongst computer security experts that hackers can manipulate steering, acceleration, speedometers and various other features of cars. In fact, in 2015 two hackers built a tool to take control of jeep over the internet while it was on a highway. Meanwhile, the hackers themselves were comfortably miles away.
And exploits have been around ever since we started building computer systems. No computer system enjoys complete 100% foolproof airtight security. Anything can be hacked. Exploits and vulnerabilities exist in every system and will be exploited by hackers until security researchers release a fix. This is the nature of computer security. It’s always a race between the hackers and the defenders.
What could all of this mean in the future?
Back in 2014, we heard an interesting quote that perfectly describes the power hackers have, “You don’t need a nuclear war. You just need a mobile phone.” With the rise of the internet, wars between countries are set to change. The first attacks will not be missiles being fired in the middle of the night or soldiers landing on the shores at dawn. No, the first attacks will take place with the push of a button and over the internet.
Some of the deadliest weapons in the arsenal of a country in the 21st century is its cyber weapons. For proof, you only need to look at the Vault 7 documents again. The tools at the CIA’s disposal are deadly and are set to become even deadlier. This because these cyber weapons are still programs that can be pirated as easily as movie off a torrent site. Once a cyber weapon is loose it can easily spread across the world in mere seconds. Then it can be used by anyone from rogue states to mafia gangs to curious teenagers looking to take down the President’s website for fun.
Of course, it gets worse when you look at the future. Advanced technologies such as Artificial Intelligence and Robotics are set to revolutionize society completely. Already we are seeing AI replace humans at certain jobs. One example would be a Japanese Insurance firm that recently replaced 34 employees with an AI system based on IBM Watson. Furthermore, Foxconn – the manufacturer of the iPhone is also looking at replacing many of its employees with robots.
Needless to say, computers are set to take over almost every aspect of our lives. As we hand over so much control to computers, we need to ensure that they are as secure as possible. Yet the reality is that we don’t. We in Sri Lanka know this all too well as we’ve been hacked repeatedly over the years. Many modern computer systems are woefully insecure. This is what makes the tools revealed in the Vault 7 documents truly frightening. As we rush to embrace the quick comforts of an insecure digital future, how much power are we giving hackers who wish to destroy it all with the press of a button?