Wikileaks released the password “SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds” to #Vault7 today, unlocking a whole slew of files including 0-day exploits used by the CIA on modern electronic devices such as Iphones, Androids, Windows and Linux OSes as well as Smart TVs – transforming them into spying tools against “tens of thousands of” unsuspecting targets.
The data more than 8,000 documents comes from the Central Intelligence Agency’s Center for Cyber Intelligence.
The data dump “includes software that could allow people to take control of the most popular consumer electronics products used today,” WikiLeaks claimed.
“‘Year Zero’ introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones,” the whistleblower organisation said in a press release.
This is the largest publication of confidential documents on the CIA in history. Wikileaks further noted that today’s release is larger than the number of documents released from the Snowden archives, to date.
In one portion of the release is a program called “Weeping Angel.”
Weeping Angel is the codename that was used by the CIA for hacking Smart TVs and turning them into “covert microphones.”
This confirms what CIA Director David Petraeus once said about spying on us through our toaster, vacuum cleaner, washing machine, dishwasher and TV in an old wired article.
It’s not so crazy after all.
As an anonymous hacker once told me who alleged to be a part of the infamous Lulzsec “nothing is secure with a motherboard circuits and a processor everything with a computer chip can be exploited and hacked.”
One document explains what a user might do with “Weeping Angel.”
Weeping Angel — Things you might do
Extract browser credentials or history
Extract WPA/WiFi credentials
Insert Root CA cert to facilitate MitM of browser, remote access, or Adobe application
Investigate the Remote Access feature
Investigate any listening ports & their respective services
Attempt to override /etc/hosts for blocking Samsung updates without DNS query and iptables (referred to by SamyGo)
- Add ntpclient update calls to startup scripts to sync implant’s system time for accurate audio collection timestamps
There is also a section dedicated to various programs for exploiting mobileIOS and Android apps as well as the operating systems themselves.
— WikiLeaks (@wikileaks) March 7, 2017
The CIA even has the ability to bypass encrypted mobile communications apps like WhatsApp, Signal, Telegram, Wiebo, Confide, and Clockman.
The smartphones would be hacked first and then audio and message traffic was collected before encryption was applied through the apps.
Another section in the release is dedicated to bypassing Antivirus software that the CIA calls PSP or Personal Security Products.
Those personal security products that have exploits include –
Security researchers are already buzzing on Twitter claiming all sorts of things about what the files show. Megaupload founder, internet entrepreneur Kim Dotcom has alleged that the files prove that the CIA could even use fake Windows’ update processes as a payload or DNS resolvers and air gap viruses to hack Windows users PCs. If true this has massive implications for users.
— WikiLeaks (@wikileaks) March 7, 2017
The CIA was also looking at infecting vehicle control systems. Julian Assange noted that such control could allow the CIA to covertly commit assassinations. (Michael Hastings anyone?)
“In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency,” the release said. “The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.”
The whistleblower who leaked the data said he wanted to start a conversation about if the CIA has become far too powerful for its own good. What do you think? Let us know in the comment section below!
To get the full benefit of this article you need to have the Wikileaks files downloaded (and replace the windows user id “magma” with your own user id if you are using windows).
Alternatively, you can take keywords you found in this article and search CTRL + F inside the Wikileaks index document.