Wikileaks had promised that after the first of the year there would be startling new releases of documents. It was unclear just what they would consist of, but on March 7th they provided a huge document dump they code-named “Vault 7”.
Here’s the link so everyone can dig in for themselves:
I am not that tech savvy, so I will rely on published materials and hopefully provide a brief overview on what is probably just the tip of the iceberg in a global eavesdropping program that was only hinted about in Congressional hearings with the NSA. Up until now, it was unknown what similar capabilities the CIA had but it appears to rival that of the NSA, further suggesting that there may be a turf-war between the two agencies.
Before we look at elements of the program, here is a statement from former CIA Deputy Director Mike Morell disputing claims that the information was hacked from outside sources – say, the Russians. Take a look at this:
Ex-CIA deputy director: Leak ‘has to be an inside job’
By Nikita Vladimirov – 03/11/17 11:10 AM EST
Former CIA Deputy Director Mike Morell believes the leak of CIA documents published this week by WikiLeaks “has to be an inside job.”
“This data is not shared outside CIA. It’s only inside CIA,” Morell said in an interview with “CBS This Morning” on Saturday.
He argued that the data is on CIA’s “secret network” that is not connected to other networks.
“It’s on CIA’s top secret network, which is not connected to any other network. So, this has to be an inside job,” he added.
WikiLeaks published thousands of CIA documents this week, claiming that they describe the agency’s hacking tactics.
The leaked documents suggested that CIA used a number of techniques for surveillance, including the ability to hack mobile devices, computers and televisions.
Here are some details from the Wikileaks data dump and press release:
(Excerpts, refer to link above)
“The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.
By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell’s 1984, but “Weeping Angel”, developed by the CIA’s Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.
The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
U.S. Consulate in Frankfurt is a covert CIA hacker base
In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.
CIA hackers operating out of the Frankfurt consulate ( “Center for Cyber Intelligence Europe” or CCIE) are given diplomatic (“black”) passports and State Department cover. The instructions for incoming CIA hackers make Germany’s counter-intelligence efforts appear inconsequential: “Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport”
Your Cover Story (for this trip)
Q: Why are you here?
A: Supporting technical consultations at the Consulate.
Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures.
Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area — including France, Italy and Switzerland.”
It gets pretty technical from here on out, but let’s sum up the points above;
*With over 5,000 CIA-employed hackers using these tools, Wikileaks claims that the CIA “Lost control” of these cyber weapons
*Hacking tools allowed for surveillance through any computer, mobile device, or “smart appliance”, including Samsung TV’s
*The U.S. Consulate in Frankfurt Germany was used as cover for hacking all of Europe, the middle east, and Africa.
And confirming suspicions, the CIA was working on hacking motor vehicles, presumably to cover for assassinations via car accidents. Let’s look at one recent possible use of this technology from Russ Baker at “Who What Why”:
“Newest Remote Car Hacking Raises More Questions About Reporter’s Death” (7-23-15)
As readers of WhoWhatWhy know, our site has been one of the very few continuing to explore the fiery death two years ago of investigative journalist Michael Hastings, whose car left a straight segment of a Los Angeles street at a high speed, jumped the median, hit a tree, and blew up.
Our original report described anomalies of the crash and surrounding events that suggest cutting-edge foul play—that an external hacker could have taken control of Hastings’s car in order to kill him. If this sounds too futuristic, a series of recent technical revelations has proven that “car hacking” is entirely possible. The latest just appeared this week.
Hackers, seeking to demonstrate the vulnerability of automobiles to remote attacks, were able to largely take over the Jeep Cherokee driven by a writer for the tech magazine Wired:
Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
Back when Michael Hastings died, former counterterrorism czar Richard Clarke—by all accounts a sober, no-nonsense man—said that the Hastings’s crash was “consistent with a car cyber attack” and that it was likely that intelligence agencies knew “how to remotely seize control of a car.”
It is worth noting, too, that the day before his death, Hastings had “urgently” requested to borrow his neighbor’s car—he wanted to get out of town, but he feared his own car was being tampered with.
How is it then that “mainstream” publications, including even Wired, do not talk about the very odd circumstances surrounding the death of a journalist who had made powerful enemies? Did the fact that he had caused a famed general to be fired, that he was investigating the CIA chief, that he told colleagues he himself was being investigated by the FBI—did none of this at least raise the slightest suspicion on the part of our journalistic community? How about the fiery explosion when his car hit a palm tree—which automotive experts say should not normally take place; what about the fact that the engine flew out of the vehicle and landed a considerable distance away–which, again, we are told, is highly unusual?
Here’s some additional information on why Hastings may have been targeted – from “Heavy.com”
“Hastings died on June 18, 2013, in a fiery high-speed automobile crash in his Mercedes C250 Coupé following the publication of “Why Democrats Love to Spy On Americans” on BuzzFeed. Hastings had been a vocal critic of the Obama administration…
According to CW6 San Diego, Hastings claimed to have received a death threat prior to the crash by a staff member at the McChrystal Group about a critical passage in his book, The Operators: The Wild and Terrifying Inside Story of America’s War in Afghanistan. The McChrystal Group is an advisory firm started by retired United States Army general Stanley Allen McChrystal.
McChrystal’s last military assignment was in Afghanistan.
CW6 also reported that Hastings was investigating CIA Director John Brennan for an upcoming exposé before his death.”
Hastings may have been the key hit people are looking at now, but what about Senator Paul Wellstone’s airplane crash (among others) or even the car wreck of Princess Di?
There is a very good analysis of the CIA hacking program by “Technocracy News”, Here are a few excerpts:
“Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booze Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.
A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.
Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information. The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.
Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike….
…To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufactures and computer hackers can freely “pirate” these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.”
As we can see, this is a very complicated subject, and this is clearly just the tip of the iceberg. The fact that the CIA has veered off into NSA’s eavesdropping territory lends credence that the two agencies are in a turf battle, something speculated about since the Snowden document release.
As far as the hacking tools themselves, the cat is out of the bag. Nobody knows how far and wide they have spread. In fact, since some of the malware was stolen from other countries, the CIA can point to digital fingerprints that suggests a foreign player may have been responsible for a hack when it was the CIA all along – a “false flag”.
Wikileaks has made it very clear that they removed any elements of code or other components that would allow further proliferation of these hacking tools.
Let’s close with this question; how many terrorists do you suppose have plotted their next attacks while sitting in front of an internet-connected Samsung television?