The CIA, together with the National Security Agency and certain “friendly” foreign governments, have an extensive array of hacking methods and targets that include some of the most popular consumer-based technologies, including iOS, Android and Windows devices, among other operating systems smart devices.
The information comes from WikiLeaks, which published thousands of documents on Tuesday that revealed the kind of hacking methods and tools that the Central Intelligence Agency uses to hack users’ mobile phones, computers, smart TVs and even connected cars.
While a CIA spokesman, Jonathan Liu, claimed that “We do not comment on the authenticity or content of purported intelligence documents,” former CIA Director Mike Hayden reportedly told MSNBC that the documents, if authentic, would be a “very extensive file of the tactics, techniques, procedures, targets and other political rules.” He confirmed that he conducted a cursory review of the documents, adding: “If it is that, it would be very, very damaging.”
The documents describe in detail some of the methods used to bypass cybersecurity protocols such as encryption, antivirus software. A report by Seattle Times shows that government employees, including President Trump, use several of these products and services that can be compromised using these hacking tools.
What’s interesting is that these documents reveal methods to hack into smart TVs like those made by Samsung, and even connected cars with sophisticated on-board computers.
Experts reviewing the documents said that they appeared legitimate, which is worrisome, to say the least.
Some of the these tools were reportedly purchased by the CIA, but many are in-house products developed by hackers working for the government. Although WikiLeaks does have access to the hacking tools themselves, it said it would without them “until a consensus emerges” about the exact nature of the CIA’s program, from a political standpoint. They’re apparently considering how the software can be disarmed before being published.
Vulnerabilities in these systems naturally require the input of the said technology companies in order to be patched, so this puts a big question mark over the Vulnerability Equities Process, a program initiated by the Obama administration. Under this program, federal agencies are supposed to warn tech companies about flaws in their software so they can be patched.
So, how did WikiLeaks get access to such sensitive documentation in the first place?
“The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
Microsoft said it was looking into the documents, and messaging app company Signal said that the “purported CIA tools” did not affect its software design or encryption protocols, but the phones themselves.
Makers of the Telegram mobile messaging app said that it was the responsibility of cellphone makers and operating systems, such as Apple, Google and Samsung, to improve the security of their devices.
Does this situation call for consumers to panic? No, not unless the CIA is on your back, according to the statement that Telegram’s makers made to their customers.
The CIA is not alone in this, apparently. They’ve been sharing the information between themselves, and it includes the NSA and other U.S. intelligence agencies, as well as intel services from Australia, Canada, New Zealand and the UK.
WikiLeaks also said that their facility in Langley, Virginia as well as the U.S. Consulate in Frankfurt, Germany, were the base of operations for CIA hackers.
What’s unusual about this leak is that WikiLeaks is not only holding back information about the tools themselves, but also the “CIA targets and attack machines throughout Latin America, Europe and the United States.”
The organization also revealed that the data it received includes a substantial library of digital espionage techniques borrowed from countries like Russia. These include techniques to bypass some of the top antivirus and cybersecurity systems in the world, such as Kaspersky Lab, BitDefender, AVG Technologies, F-Secure and Rising Antivirus, the last of which is a Chinese cybersecurity company.
Even more unnerving is the fact that these state-sponsored hackers have also give detailed instructions on how usernames and passwords can be accessed for the most popular internet browsers, including IE, Google Chrome and Firefox.
WikiLeaks also revealed that some of the documents were tagged as “secret” or “top secret,” and indicated that they were not distributed to foreign nationals. This would prevent certain hacks from being attributed to the U.S. government.
There is certain to be more news forthcoming on the leaked documents. The cat is out of the bag, and now several interested parties will want to put it back. But most of the damage is already done, so we’ll have to wait and see how this impacts the cybersecurity landscape over the coming months.
Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.