WikiLeaks has published a collection of hacking tools that claims belong to the United States Central Intelligence Agency (CIA). It ever release confidential documents including more than 8,000 documents as a part of Vault 7 that is a series of leaks on the agency that emerged from the CIA. The WikiLeaks dump, Vault 7 comes after a rogue hacking group calling itself the Shadow Brokers that leaked similar tools in the Summer of 2016. Vault 7 appears to confirm that NSA was behind the threat actor that tracked as ‘Equation Group’. The documents show that CIA learned from the NSA’s mistakes after its activities exposed by malware researchers.
The files are usually obtained from CIA network that provide details on intelligence agency’s vast hacking capabilities. The Equation Group operations and its links to NSA were detailed in February 2015 by Kaspersky Lab but the discussion made by WikiLeaks was initiated a few days later. The participants in the discussion has pointed out as one of the biggest mistakes of NSA’s that shared its tool code such as custom cryptography. The custom crypto is more of NSA falling to its own internal standards/policies.
To use the same custom cryptographic algorithm, CIA has identifies various mistakes made by NSA such as reuse of exploits, use of a unique mutex and the use of internal tool names in the code. The shared code appears to be largest single factor that allows to tie all tools together. WikiLeaks said that the documents include “armed” cyber weapons that holds details on CIA targets and machines used to attack them. The founder of WikiLeaks said that there is an high proliferation risk in the development of the cyber weapons.
Vault 7 is available to download through torrent files which delivers a password-protected archive. The password is SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds which WikiLeaks tweeted hours after announcing its latest leak. The archive file usually unzips into a folder called “year0” that holds 930 MB data. According to the WikiLeaks, the files comes from both US hackers and government contractors. The attacks are powerful enough to allow attacker to remotely take control over the kernel. These type of attacks most likely to be very useful for targeted hacking rather than mass surveillance.
The WikiLeaks CIA dump includes details about the malware that used by agency to hack, spy on and control Systems remotely. This means that CIA can bypass the PGP email encryption on your PC. The agency can see everything that you are doing online even if you are hiding it behind the TOR browser. The leaked documents including “Fine Dining” file that does not contain any list of zero-day vulnerabilities and exploits. Security firms have started assessing the impact of exposed hacking capabilities. The WikiLeaks has not released any exploits to determined exactly what are the capable of CIA programs. However, at the first glance, the intelligence agency’s tools do not appear as sophisticated.