Tuesday, March 7th, 2017, has been a Very Bad Day for the Central Intelligence Agency (CIA). On this fateful day, whistleblower organization, Wikileaks, began releasing confidential documents in a multipart series that promises to be the largest release in history focusing on the governmental office.
Named, “Vault 7,” its initial entry “Year Zero” contains over 8,000 individual documents focusing on the CIA’s world-class hacking program. Wikileaks claims that the agency “recently lost control of their hacking arsenal,” giving an unknown source direct access to all the malicious and investigative power of the CIA – at least when it comes to computer-based information.
Wikileaks claims that the leak includes “thousands of lines of code” comprising viruses, malicious trojans, zero day” exploits, malware, and remote control systems designed to grant the CIA access to almost any system in the world, both accessed via network and via other hardware.
But “Year Zero” goes far beyond just releasing the code itself; it also bold-facedly exposes the CIA’s entire cyber-intelligence program. That includes potential and past targets like the Apple iPhone, Google’s Android, and even Samsung televisions – the latter of which the CIA can effectively turn into a remote microphone if they wish.
Operating systems like Linux and Mac aren’t safe, either; unlike traditional viruses, the CIA had code that could penetrate just about every system on the market today. Even USBs and CDs aren’t safe; specially coded programs provided the agency with the ability to read, and in some cases write to, ejectable media.
The leak is particularly damaging to the CIA who, in recent years, made a name for themselves on a global scale simply because of their elite group of hackers and coders. With over 5,000 different programs created, they were effectively the “cream of the crop” for the government and several other entities.
Unlike other agencies (including the National Security Agency (NSA), the CIA lacked oversight and accountability. Several of their most covert practices were widely considered controversial and even downright questionable.
That’s a dangerous precedent when you’re dealing with matters of intelligence.
Those critical of the CIA say it was only a matter of time before they lost control of the information. Supporters question whether disgruntled ex-hackers may have orchestrated the attack for revenge. Either way, the leak clearly demonstrates the fact that the CIA’s lack of oversight, accountability, and procedural guidance quite possibly could be placing the public at risk in ways that simply aren’t acceptable.
Wikileaks leader Julian Assange points out that churning out weaponized code without oversight isn’t wise. After all, it takes just a single disgruntled ex-hacker to unleash the weaponized code to the public – potentially giving cyber-criminals and foreign terrorists the leg up they need to cause significant harm.
If you’re expecting to find the weaponized code itself on Wikileaks, prepare to be disappointed. While the organization did release significant amounts of information informing the public about the code itself, it refrained from releasing the code itself specifically to prevent further distribution. Keep checking back to see what else we uncover as we explore this ongoing release of information.