WOT logo

Vault 7 Leak & Cyber Warfare: What are the boundaries and how will it affect us?

Cyber warfare, vault 7 and wikileaks
The CIA has been at it again. On March 5th, Wikileaks published over 8,700 CIA documents that focus on hacking and surveillance techniques. What’s more, they say this is only 1% of the documents in this leak. As details of the story are still unfolding as the documents are being analyzed, we investigate how this affects the you and what you can do about it.

How credible is Wikileaks?

In this age of alternative facts, half-truths, and misinformation, it’s important to question everything we see and view it from an outside context. This release led to a lot of misplaced hype and exaggeration by the press, and it’s not the first to have done so. Given Wikileaks’ previous tendency to sensationalize a release, it’s important to scrutinize their techniques and agenda. Given that they release a large amount of documents at one time, paired with sensationalist tweets, it’s difficult for journalists to properly inspect each document in a timely manner before they need to publish the story. When thousands of documents are released at one time, nearly every publication wants to be among the first to draw and publish headlines from the leak – sometimes leading to an inadvertent spread of misinformation. Is this part of Wikileaks’ agenda?

In an interesting twist, Wikileaks, a small short-staffed organization somehow managed to redact 70,000 names and pieces of information from the documents. How could they have done this with so few resources? Did they do the redactions themselves or did they receive the documents with the redactions already in place? If they got the documents in post-redaction form, who has the resources to do such a thorough job? Most people’s minds are wandering towards the path of foreign intelligence agencies with an interest in weakening America’s position. For now, this is an unknown.

It’s difficult to know for sure how credible Wikileaks truly is, whether they intentionally sensationalize or even how much truth lies in the stories they expose. One thing is for certain, whenever they release information, they cause massive waves, forcing individuals and government agencies to respond quickly. Immediately after releasing the CIA documents, the CIA went on the defensive. A CIA spokesman went on record to argue that the agency exists mainly to “aggressively collect foreign intelligence”, and that their agents are “legally prohibited” from hacking attempts on Americans. The spokesman also warned the public should be worried about the latest release from Wikileaks. The spokesman went on to state the agency will neither confirm nor deny the authenticity of the documents. Given the damning nature of the leak, that’s probably a good call.

As of today, nobody has stepped forward to claim leaking the information. If proven to be authentic, the information would expose the CIA and other intelligence agencies as hackers targeting consumer devices such as Android based phones and Samsung televisions. The documents could detail how the CIA has been spying on users of this technology as well as those in the proximity among other information collecting methods.

Good News From Signal and Whatsapp

According to the leaks, the gold standards in encryption are owning up to their title. It appears that so far the CIA has been unable to crack the encryption on Signal and Whatsapp, meaning that security issues on your mobile phone do not stem from these two apps. Good for you, Signal and Whatsapp! That being said, messages sent over these services can be intercepted before encryption happens. If your phone has a keylogger on it, everything you type can be recorded and sent to a third party.

Securing IOT – Samsung F8000 TV – Weeping angel

One of the documents alleging spy activity by the CIA points to the Samsung F8000 Smart TV. The claim states the television can record conversations while the TV appears to be turned off. No proof of this claim exists in the recent hack, but several people are still convinced it is true. The “Weeping Angel” hack began in June 2014. A “fake” off mode was developed to make people think their TV was off, however it recorded voice conversations and sent them back to CIA servers.

Part of the ensuing mass hysteria on social media (possibly justified) has led many people to believe that if a device has wifi, it can be hacked by the CIA and used to spy on you. While there are reasons we should all be taking IOT security seriously, we’re probably not at this stage yet.

Snowden claims the US Government intentionally pays to keep software unsafe

Edward Snowden, the former NSA employee who has lived in exile in Russia since blowing the whistle on NSA’s methods of surveillance in 2013, tweeted a response to the Wikileaks dump of CIA documents, explaining that it was a big deal, saying that the leaked documents appeared to be authentic. His March 7th tweet referred to the leaked documents, showing how Android and iOS devices got hacked, and the knowledge of the vulnerabilities was withheld from the companies by the US government, which points to a larger issue. Furthermore, Showden tweeted a picture that he claims is proof that the US government pays to keep US software unsafe. If true, this opens the door to a lot of questions about the American government’s agencies responsibilities to report vulnerabilities to companies, rather than exploit them, or even pay for them to be there.

Are these advanced surveillance and hacking tools in the hands of only the CIA and its allies?

According to Wikileaks, the thousands of documents they released were just the tip of the iceberg and plans to release even more documents later on. One pressing question is, who should we be more concerned with collecting information – the CIA or hackers with malicious intent? Identity theft and identity fraud are proven threats by hackers. Concerns about the CIA gathering information about you should take a backseat to the threat of hacking attempts at stealing your identity.

Moving forward, you can take a few steps to prevent your life from being hacked. You can begin by cracking down on you and your family’s personal online security. First, you should figure out how long it takes for hackers to crack your password. Change the passwords on all of your devices and accounts to something complex and hard to guess – there are tools that can help you manage your passwords. Next, turn off location tracking. Many apps ask to use your location to enhance the service, turn this feature off and never allow apps to track your location. Next, if you have a smart TV and are paranoid about the CIA listening in on your private conversations, get a power strip with a master switch to ensure the power is shut off to the TV rather than simply turning the TV off. Finally, do not click anything you do not deliberately mean to click on. Phishing attempts and malware are the real threat to your personal security.

Leave a Reply

Your email address will not be published. Required fields are marked *