By now you all know that on Tuesday Wikileaks released its new series of leaks on the CIA, code-named “Vault 7”. They say it is the largest ever publication of confidential documents on the agency. It exposes the CIA’s loss of control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation.
This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
What you may not know is the extent of the information they found. It comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
In recent years, the CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.
By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
According to Fox News, the source of the information is a veteran cyber contractor for the intelligence community who previously worked in the breached unit, the CIA’s Center for Cyber Intelligence. He told Fox that CCI has long maintained an internal database of information — accessible to anyone with proper credentials or security clearance — that seemed to be dumped in total to WikiLeaks. In its news release on the disclosure, WikiLeaks said CCI had more than 5,000 registered users, a number alternatively referred to as “absurd” and “a bit high” by security experts who spoke to Fox News. The CIA declined comment to Fox News.
The following is a summary (courtesy of the Conservative Treehouse) of the information Wikileaks disclosed:
The FBI opened a federal criminal investigation into the WikiLeaks disclosure on Wednesday, Fox News confirmed. As the probe gets underway, experts said there’s a typical incident response playbook they would use to narrow down the massive pool of suspects.
“They’re going to try to do some forensic work because those documents probably have been changed [over time], so that enables them to narrow down the period to when they were taken,” said Alex Yampolskiy, the CEO of SecurityScorecard. “They can look at audit logs of who had access to the document during that time frame.”
Regardless of the results of the inquiry, Brian Vecci, a technological evangelist for cybersecurity company Varonis, said the secret trove revealed by WikiLeaks illustrates the pervasive issue of another “major data breach of a major government organization tasked with security.”
“What’s clear to me – and this is true of pretty much every big data breach – the preventive controls were broken, or the detective controls were broken,” Vecci said. “Meaning, either too many people had access to the information, or the people that had access weren’t being recorded and analyzed. Or both.”
While it’s mind-boggling enough to know that we have an entire government department of hackers – and a duplicate to the NSA – there are several things that take it to next level of mind blowing. One, that they would focus that much time, money and effort on extensive methods to go after ‘troublesome’ individuals, as Garnet put it in his piece yesterday.
Two, that we have a government department with the power to spy on everyone with an internet connection and, three, their efforts can’t be traced back to them – in fact they can leave ‘fingerprints’ and make it appear to have been done by the Russians.
And lastly number four, that it is so horribly mismanaged, an unknown number of people could have accessed this information and leaked it without anyone’s knowledge.
Perhaps someone should tell the brainiac democrats to stop blaming the Russians for everything – it’s us.