The extent of the US government’s hacking powers has been revealed in a fresh batch of documents released by WikiLeaks yesterday.
The “cyber-weapons” included in the leaks include smart TVs, phones and cars, which are all vulnerable to CIA hacking. Once hacked, these devices have the capability to record sounds, images and the private messages of users, even when encrypted apps are used.
In the case of vehicles, the leaked documents revealed that the CIA has studied the possibility of infecting vehicle control systems that could allow almost undetectable assassinations. In other words, they looked into being able to hack your car and drive you off a cliff. That’s some next-level devious.
For now, the CIA isn’t addressing the leaks. A spokesman told NPR, “we do not comment on the authenticity or content of purported intelligence documents.”
One guy who is definitely choosing to comment is former National Security Agent (NSA) turned guest-of-the-Russians Edward Snowden. He tweeted:
Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.
— Edward Snowden (@Snowden) March 7, 2017
What makes this look real?
Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them.
— Edward Snowden (@Snowden) March 7, 2017
Are you watching TV or is your TV watching you?
One CIA tool described in the Wikileaks documents is called “Weeping Angel” and appears to be based on villains from ultra-nerdy British sci-fi show Doctor Who. Those creatures turn to stone when viewed but attack when you close your eyes or turn your back on them.
Similarly, the “Weeping Angel” attack infects certain Samsung smart TVs and then places them in a fake off mode. Users then falsely believe the TV is off while it is actually on and recording conversations in the room. Just like the Doctor Who creatures, it attacks when unobserved. It would be really cool if it weren’t so scary, invasive and creepy.
It wasn’t the only pop culture reference to appear in the documents, either. USA Today reports that one hack for Microsoft Windows was dubbed “RickyBobby”, after the Will Farrell character in the 2006 film Talladega Nights. And another Trojan spread via thumb drives was named Fight Club, after the book and movie of the same name. Oh well, at least some of these hackers have good taste in movies.
Well…this is awkward
Gordon Corera, BBC’s security correspondent, said the latest leaks will be a “huge problem” for the CIA.
Firstly, he identified the “embarrassment factor” – which alludes to the fact that an agency whose currency is secrets is unable to keep its own. He also pointed out that the leaks could lead to massive losses of intelligence data and an inevitable public backlash.
Phone hacks galore
The WikiLeaks documents claim that the CIA has dozens of Android “zero days” hacks. This is a term that is given to previously unknown security flaws in code, so basically “new hacks”. As a result, devices running Android are said to be compromised, which may even result in the CIA having access to encrypted chats.
The BBC also reports that a specialised CIA unit was established with the specific purpose of targeting iPhones and iPads. These hacks would allow the agency to see a target’s location, activate the devices’ cameras and microphones and read communications. Yup, that “dumb” new Nokia 3310 is looking better than ever.
But wait…there’s more
WikiLeaks has stated that there is more to come. Yesterday’s leak is just the first in a planned series of leaks related to the CIA, which it is calling ‘Vault 7’.
WikiLeaks founder and much-maligned Aussie, Julian Assange, has been living in the Ecuadorian embassy in London since 2012 to avoid extradition to Sweden or the United States. In an official statement, he noted that the leaks showed “an extreme proliferation risk in the development of cyber weapons”.
Meanwhile, in Australia, the government has just passed data breach notification laws that will come into effect within a year. These laws require that Australians are alerted when their data is being inappropriately accessed. No worries about being spied on here, right?
Before you get too excited, keep in mind that the notification laws will only apply to companies covered by the “Privacy Act”, making intelligence agencies, small businesses and political parties exempt.
Under current data-retention laws, law enforcement agencies are able to access two years’ worth of customer’s call records, location information, IP addresses and other data stored by telcos.