WikiLeaks publishes details of alleged CIA hacking tools

WikiLeaks publishes details of alleged CIA hacking tools

Julian Assange arrested by Met Police after Ecuador withdraws asylum status

Whistleblowing group WikiLeaks has published what it claims are details of malware and cyber weapons used by the CIA – some developed in conjunction with MI5.

According to documents uploaded yesterday, the agency holds tools that target flaws in popular platforms including Windows, macOS, iOS and Android.

The alleged arsenal also includes an attack against Samsung smart televisions, which is said to have been developed with help from UK spy agency MI5.

WikiLeaks claimed the CIA had “lost control” of its tools, which were circulated “in an unauthorised manner”, giving their possessors the CIA’s “entire hacking capacity”.

The source of the documents has not been named and their contents have not been confirmed. Although a CIA spokesperson would not comment on the documents’ authenticity, NSA whistleblower Edward Snowden suggested they were genuine.

“Still working through the publication, but what WikiLeaks has here is genuinely a big deal,” he tweeted yesterday. “Looks authentic.

“What makes this look real? Program and office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them.”

Snowden went on to criticise suggestions that the CIA and US government had researched vulnerabilities in products and intentionally left them open, pointing out that those same flaws would remain present for cyber criminals to take advantage of.

Although the alleged tools vary in nature, a common theme is the compromise of smart devices to gain control of their cameras and microphones.

For example, the Samsung television exploit – dubbed Weeping Angel – creates a “fake-off” mode where sets appear to be off but continue to record audio.

“There is an extreme proliferation risk in the development of cyber ‘weapons’,” said WikiLeakes editor Julian Assange.

“Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade.

“But the significance of Year Zero goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective.”

More details on the documents, named Vault 7, are on the WikiLeaks website.

Photo © Cancillería del Ecuador (CC BY-SA 2.0). Cropped.

This story was originally reported by Business Reporter

Copyright Lyonsdown Limited 2021

Top Articles

UK to boost the use of digital identities to prevent impersonation fraud

The government is putting in place plans to raise the legal status of digital identities to make them as widely acceptable as driver’s licenses and bank statements.

Beware the homoglyph: Microsoft warns about the malicious use of imposter domains

Microsoft is warning businesses about malicious cyber actors setting up malicious homoglyph domains to perpetrate fraud.

A red-teamer explains: Multi-factor authentication bypass techniques

Multi-factor authentication may be less secure than you think if your IT system security is designed or implemented badly. Red-teaming can help keep you secure

Related Articles

[s2Member-Login login_redirect=”” /]