WikiLeaks, in its largest filtering to date, has released the CIA hacking tools: we tell you everything you need to know.
At lunchtime in Spain, and after a little decline, WikiLeaks has released one of the biggest bombs in its history. After having been talking about something called Vault 7, It was today when the Julian Assange agency has decided to reveal what it was. And we can say that it has not left anyone indifferent.
The case is that the leak has left us hundreds of documents to examine. From conversations with CIA technicians to documentation on how their tools work. And, of course, access to those tools. At Omicrono we have analyzed all this training, and we tell you everything you should know. Of course, in 7 clear and concise points.
All documents of the leak can be found here
1. The CIA has tools to hack any system
This WikiLeaks revelation is terrifying because it confirms something we already imagined. Faced with the rise of encryption and security, their efforts have been put compromise the device. Thus, CIA hacking tools retrieve the data before it becomes encrypted.
Although perhaps most terrifying is the number of exploits the CIA knows about. We have entire divisions dedicated to exploiting bugs on iOS, Android, Windows, Mac and Linux. They have even developed a system to make Samsung TVs never turn off, clicking the microphone of the television without alerting the owner.
The 500 CIA hacking projects
The truth is that, according to WikiLeaks, there are around 500 projects within the CIA, each with their own sub-projects and tools. These tools will serve to penetrate, infest and control computing devices.
These are the lists of exploits for smartphones that the CIA handled at the time of the leak:
- IOS exploits (list shared by CIA, NSA, FBI, MI5 and GCHQ)
- Android exploits(list shared by CIA, NSA, FBI, MI5 and GCHQ)
And here are the tools that the CIA uses to hack all kinds of devices:
- UMBRAGE| A project that collects and maintains a library of attack techniques, stolen from malware made in other countries. CIA hackers can take advantage of this to increase their attacks, and to place false leads on every attack that makes them unable to relate to the CIA.
- Fine Dining | A standardized questionnaire that CIA field agents fill out, specifying who they want to hack. A branch of the CIA collects these requests and transforms them into technical requests that the hacker branches can complete. You can see an example of a form here.
- Improvise | A utility kit that allows an operator to execute attacks of all kinds. The idea is that each tool is customized according to the needs of the Fine Diningreceived, that is, according to the type of attack required. The names of the tool are:
- Dancefloor on Linux
- Jukebox on Mac
- Bartender on Windows
- HIVE| A CIA malware with control software, with implementations in Windows, Solaris, MikroTik and Linux. WikiLeaks has leaked both the HIVE user guide and the developer guide.
- HammerDrill | A utility made to control the insertion and extraction of CDs and DVDs. In addition to registering, it is also capable of reading and modifying them.
- Grasshopper | A modular tool that installs information gathering software on Windows systems. Installers can be configured to operate only under certain conditions, and have mechanisms to prevent detection.
2. And not only operating systems, but also specific applications
Do you think that with the operating system they already had everything done? Well, no, because the CIA has also made an effort to hack known apps and games. Within HIVE, the hacking and control tool, there are also modules to be implemented in the following programs:
- Chrome Portable
- Firefox portable
- Sandisk Secure Access
- LibreOffice Portable
- Notepad ++
- VLC Portable
- Opera portable
- 7-Zip Portable
3. No antivirus will save you from this
If you hope that an antivirus will save you from all this, you are not in luck. The leak has revealed that they have a study group for antivirus only. And that the vast majority of antivirus on the market will have rulings that would allow the CIA to avoid them.
The antivirus that, according to the documents, would be affected, form the following list:
There are also mentions to these programs, but it cannot be confirmed that they are compromised. The reason is that, although there is a page dedicated to each one, it is empty and contain no samples about security breaches.
- Zone Alarm
- Zemana Antilogger
- Panda Security
- Trend Micro
- Microsoft Security Essentials
4. The CIA had already lost control of the information
Although most worrying of all, according to the press release that WikiLeaks published along with the leak, the CIA had already lost these weapons. The filter version is that the CIA is no longer in control of most of the arsenal.Millions of lines of code capable of doing a lot of damage.
These files have been circulating among former government hackers and contractors. Individuals and companies that are no longer under the control of the CIA. And it has been one of them who has sent part of the file to WikiLeaks.
5. Frankfurt: CIA base of operations in Europe
Remember, in Narcos, Steve Murphy entered Colombia as a maintenance employee for the US embassy? This was his alibi for entering the country as a DEA agent. Well, CIA hackers do something similar to enter Germany: they carry a diplomatic passport (black in color), and enter with the alibi of being technical consultants for the Frankfurt consulate.
According to the Wikileaks leaks, this consulate would not be just any consulate: we would be talking about CIA headquarters for hackers who work in Europe, the Middle East and Africa. Having entered Germany gives them unrestricted access to the 25 passes belonging to Schengen, including Spain. And even the water that is given to the agents to be infiltrated has been leaked.
6.The leaks confirm that the NSA created Stuxnet
Some of you may remember the existence of the Equation Group, one of the most sophisticated cyberattack groups in the world. Yes, we are talking about the group that is credited with creating weapons like Stuxnet. Well there is a discussion thread dedicated to commenting on what mistakes they made, in order not to repeat them. For example, they criticize the use of custom encryption, or the reuse of exploits.
We also knew that there are threads connecting this group to the NSA, butthis leak could finish joining the threads. One of the CIA employees, in the discussion, states that custom encryption is the fault of the NSA falling into its own internal standards. Another employee also mentions the NSA as they continue the conversation.
It is also worth noting that, among all the content, there is a folder called NSA Tools. Which implies that the CIA uses the tools of the NSA, in addition to sharing information about exploits. The folder leads us to Ghidra, an SMB from the CIA intranet. From here the speculation opens.
In addition, they also decided analyze everything that leaked from Hacking Team. In addition to various GitHub repositories, they obtained an order to analyze the torrent with 380GB of leaked data. And it is to be hoped that, as indicated in the document, they have taken advantage of all this knowledge to apply it to their hacking utilities.
7. The CIA has broken the law, and has unprotected users
Hopefully, the CIA will have this whole arsenal of exploits. And that these are kept secret to exploit them as much as possible. All of this is logical from the prism of an intelligence agency. If it wasn’t because the Obama Administration promised to discloseany serious security breach to the American companies involved. They have not complied with this, so it is logical to expect a reaction from the technological world to this leak.
On the other hand, this also implies that users have been checked out. If they have found that bug, anyone else can find it, too, and can exploit it. Not having transmitted it to companies, the security flaw to fix it has exposed us to any hacker. If we listen to WikiLeaks, other non-CIA agencies would also have discovered the same flaws, and would also be exploiting them today.
Bonus: grab it, this is just the beginning
And be careful, because everything does not end with this leak. According to WikiLeaks, this is the first in a series of leaks that they will do over time. Also, in the current leak, there are uploaded documents that have not yet been verified by WikiLeaks, and that will be uploaded in the next few days.