In March 2017, WikiLeaks published thousands of documents it said revealed hacking tools the CIA developed to break into servers, smartphones, computers and TVs. The news conference took place at the Embassy of Ecuador in London, where Assange has been holed up since seeking asylum in 2012. WikiLeaks says, “By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware.”
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive, WikiLeaks claims.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable. WikiLeaks will allow tech companies access to much more detailed information about CIA hacking techniques so they can “develop fixes” before the information is widely published, WikiLeaks founder Julian Assange.
Several companies have already said they are confident that their recent security updates have accounted for the purported flaws described in the CIA documents. Apple said in a statement on Tuesday that “many of the issues” leaked had already been patched in the latest version of its operating system
WikiLeaks has conducted a global crusade to expose government secrets through a series of controversial and sometimes embarrassing document dumps in recent years. Assange’s group released Democratic emails during the 2016 presidential campaign that U.S. intelligence agencies say were hacked by Russia to try to tilt the election against Democratic candidate Hillary Clinton.
Earlier Edward Snowden had leaked documents that showed details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.
CIA malware targets iPhone, Android, smart TVs
CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation). The DDI is one of the five major directorates of the CIA.
One file described a program known as Weeping Angel that purportedly could take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room. Other documents described ways to hack into Apple iPhones, devices running Google’s Android software and other gadgets in a way that could observe communications before they are protected by end-to-end encryption offered by messaging apps like Signal or WhatsApp.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.
CIA malware targets Windows, OSx, Linux, routers
CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized “zero days”, air gap jumping viruses such as “Hammer Drill” which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( “Brutal Kangaroo”) and to keep its malware infestations going.
Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its ‘target’. CIA malware does not “explode on impact” but rather permanently infests its target. In order to infect target’s device, copies of the malware must be placed on the target’s devices, giving physical possession of the malware to the target. To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers
Wikileaks earlier expose of NSA surveillance
Police State USA compiled a list of powers and tricks used by the NSA, NSA can crack all types of sophisticated computer encryption and access personal email, chat, and web browsing history; set up fake social networking profiles on LinkedIn, set up fake Internet cafes to spy on unsuspecting users; it can identify individuals’ friends, companions, and social networks.
It can crack cellphone encryption codes and monitor the data in smartphone applications; tracks the numbers of both parties on phone calls, their locations, as well as time and duration of the call, can intercepts troves of personal webcam video. It monitors financial transactions and credit card purchases.
The NSA can intercept phone calls by setting up fake mobile telephony base stations.It undermines secure networks by diverting users to non-secure channels. They can install a fake SIM card in a cell phone to secretly control it.
US and British intelligence agencies illegally hacked into a major manufacturer of Sim cards Gemalto to steal codes and facilitate eavesdropping on mobiles, a US news website Intercept says that gave US and British surveillance agencies “the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data”.
The NSA spies on foreign leaders’ cell phones, intercepts meeting notes from foreign dignitaries, spy on ambassadors within embassies among many others.
The scope of the National Security Agency’s spying abilities has increased dramatically in the last few of years. Russia-based security firm Kaspersky recently released a report about a mysterious and sophisticated malware distributor, dubbed Equation group, which might be linked to the U.S. National Security Agency (NSA). “The Equation group is probably one of the most sophisticated cyber attack groups in the world,” and may have been operating undetected for almost two decades, Kaspersky said in an advisory
The campaign infected possibly tens of thousands of Windows computers in telecommunications providers, governments, militaries, utilities, and mass media organisations among others in more than 30 countries. According to Reuters sources, the agency would sometimes pose as software developers to trick manufacturers into supplying source code, or could simply keep a copy of the data when the agency did official code audits on behalf of the Pentagon.
The most powerful tool in the Equation group’s arsenal are modules which allow reprogramming of the hard drive firmware of more than a dozen of the popular HDD brands including Western Digital, Seagate, Samsung, Hitachi and Toshiba. By reprogramming the hard drive firmware (i.e. rewriting the hard drive’s operating system), the malware achieves an extreme level of persistence that helps to survive disk formatting and OS reinstallation. It may prevent the deletion of a certain disk sector or substitute it with a malicious one during system boot.
Existing antivirus products and most security protocols are also incapable of removing the said malware. “Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. For most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. “It means that we are practically blind, and cannot detect hard drives that have been infected by this malware” – warns Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab.
By taking over the firmware, the attackers can insert further malware into the operating system itself, creating a range of exploits that can be customized for individual machines, says Ben Johnson, chief evangelist at Bit9+Carbon Black.
The agency also spread its spy tools by intercepting and infecting removable media including CDs. Kaspersky described one case where participants of a scientific conference were sent with the material of the conference. But these optical discs were tampered by the vicious group as they had added two zero-day exploits with the disk.
The NSA can use radio waves to hack computers that aren’t connected to the internet, makes a USB thumb drive that provides a wireless backdoor into the host computer and can remotely access computers by setting up a fake wireless connection. It also appears to use radio-frequency devices implanted in various computer-system components to transmit information and exfiltrate data.
“The arguments that the illegal interception of information and data aims at protecting nations against terrorism cannot be sustained,” according to Brazilian President Dilma Rousseff. Martin Scheinin, European University, Institute Professor of Public International Law, wrote, “Electronic mass surveillance – including the mass trawling of both metadata and content by the U.S. National Security Agency – fails drastically in striking the correct balance between security and privacy that American officials and other proponents of surveillance insist they are maintaining.