WikiLeaks just published its largest ever trove of confidential documents from the U.S. Central Intelligence Agency, describing the agency’s hacking arsenal. Apparently these tools have already sold in hacker marketplaces, which kind of makes it too late to respond to this information with any single security upgrade or investment.
The need to filter out ill-intentioned parties becomes clear just from the press release preceding the first publication in WikiLeaks’ “Vault 7: CIA Hacking Tools Released.”
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive…
Once a single cyber weapon is loose it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike…
While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber weapons, once developed, are very hard to retain.
Cyber weapons are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.
Securing such weapons is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same weapons against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global “vulnerability market” that will pay hundreds of thousands to millions of dollars for copies of such weapons. Similarly, contractors and companies who obtain such weapons sometimes use them for their own purposes, obtaining advantage over their competitors in selling hacking services.
The first installment of the Vault 7 publication includes 8,761 documents that together describe “thousands” of hacking systems targeting every imaginable type of device and turning it into surveillance and recording mechanisms.
The agency has been able to gain control of software running presidential Twitter accounts, both iPhone and Android smartphones and tablets, . The agency even breached a Samsung smart TVs to eavesdrop on conversations without anyone in the room knowing — a fake off button was used to fool the owner into believe the TV was turned off when it wasn’t.
The CIA also has the ability to manipulate vehicle software in order to cause accidents that might pass for “nearly undetectable assassinations.”
Whether the Internet of Things exploits have already gotten into the wrong people’s hands as well, it’s worrisome enough to make you wish you had the requisite defenses as of, well, yesterday. Any further protection ideally ought to go up as soon as possible to mitigate the risks.
Like how about setting something up within a couple of minutes? That’s all it takes to get started with RingCaptcha. Just copy and paste a couple of lines of code into your website or app, and you can authenticate users with a single SMS. And don’t just take our word for it — click here to see for yourself.