On the other hand, the German Foreign Ministry said that
it's attempting to authenticate the Vault 7 documents
carefully and will initiate an investigation if it sees any
evidence of "concrete criminal acts or specific
perpetrators."
But the question remains:
Has the CIA ever spied on
American citizens?
This was the exact question that was thrown at Julian
Assange Thursday during a press briefing hosted on Twitter's
Periscope, to which Assange's response was: "The answer is
not no."
Assange claimed that Wikileaks had recovered over 22,000 IP
addresses in the Vault 7 files that "corresponded" to the
United States.
"It is not clear which are attack infrastructure,
intermediary victims, or targets," Assange added. "But
we know there are numerous attacks on Europe and Latin
America, including Brazil and Ecuador... are not really
known for their extremists."
Well, we need to wait until next WikiLeaks release for
having more clarity on the US intelligence agencies'
operation, as the whistleblower organization
tweeted that it "released less than 1% of its #Vault7
series in its part one publication yesterday 'Year Zero.'"
Questions Arise Over CIA
Handling of Zero-Day Vulnerabilities
During a
keynote at the Black Hat 2014, Dan Geer, chief
information security officer at the CIA's venture capital
arm In-Q-Tel, suggested that the government should purchase
zero-days from the black market and disclose them to the
software makers.
This practice, Geer said, would not only help the companies
improve the security of its product, but would also burn its
enemies' stockpiles of exploits and vulnerabilities, making
the U.S. far less susceptible to cyberattacks.
But the WikiLeaks dump shows that the CIA is itself
stockpiling vulnerabilities in hardware and software for
future exploitations, and it is unlikely to share details of
these flaws with responsible vendors.
This puts the privacy and security of millions of people
around the world who rely on smartphones, computers,
routers, IoT gear, potentially smart TVs at risk, making
them vulnerable to spying not only agencies but also
hackers.
Google, Apple, Samsung,
Microsoft, and Linux Foundation React to Wikileaks' CIA Leak
In response to WikiLeaks CIA dump, several technology firms,
including Apple, Microsoft, Samsung, Google and even Linux
Foundation have released their statements.
While Apple says it has already patched many iOS
vulnerabilities revealed in CIA leaks its latest iOS
version, Google's response is almost identical to Apple's,
claiming "many" of the vulnerabilities are already fixed.
Here's what Google's director of information security and
privacy Heather Adkins said in a statement:
"As we have reviewed the documents, we are confident
that security updates and protections in both Chrome and
Android already shield users from many of these alleged
vulnerabilities. Our analysis is ongoing, and we will
implement any further necessary protections. We have
always made security a top priority, and we continue to
invest in our defenses."
Microsoft and Samsung also reacted to the claims that the
CIA had created malware to target computers running
Microsoft's Windows operating system and Samsung SmartTVs,
saying they are looking into the issues raised.
Microsoft only says:
"We are aware of the report and are
looking into it," while Samsung says:
"Protecting
consumers' privacy and the security of our devices is a top
priority at Samsung. We are aware of the report in question
and are urgently looking into the matter."
Since the Vault 7 leak also suggests that the CIA had
created "attack and control systems" to hijack PCs powered
by Linux-based software, The Linux Foundation CTO Nicko van
Someren responded, delivering the following
statement to the BBC:
"Linux is a very widely used operating system, with a
huge installed base all around the world, so it is not
surprising that state agencies from many countries would
target Linux along with the many closed source platforms
that they have sought to compromise. [But] rapid release
cycles enable the open source community to fix
vulnerabilities and release those fixes to users
faster."
WikiLeaks will share Exploits
with Tech Companies to 'Disarm' CIA Hacking Tools
While the hackers had been expecting WikiLeaks to publish
the actual code of the zero-days that the CIA uses to
exploit previously undisclosed flaws in software and
hardware products used by consumers and businesses,
WikiLeaks announced to help tech firms fix the holes.
Assange said Thursday that his anti-secrecy group would
offer tech companies, including Google, Microsoft, and
Apple, access to CIA's leaked hacking techniques and code,
giving them time to "develop fixes" before further details
about the tools are revealed to the public.
"After considering what we think is the best way to
proceed and hearing these calls from some of the
manufacturers, we have decided to work with them, to
give them some exclusive access to the additional
technical details that we have, so that fixes can be
developed and pushed out and people can be secured,"
Assange said during a
press conference.
Assange also warned that others outside the agency might
already have access to the CIA's digital arsenal.
"They
were not securing it very well," he said, adding it's
quite possible numerous people, including China, have it.
But, this doesn't mean that WikiLeaks will not release the
CIA hacking tools to the public.
Once all vulnerabilities are patched by the tech firms in
their affected hardware and software, WikiLeaks will release
the actual computer code for the CIA's alleged cyber weapons
to the public, Assange promised.
However, if the code is released and doesn't get patched by
vendors or more likely devices whose owners neglect to
update them, the respected hardware and software would
remain vulnerable, and this time, to anyone.
U.S. Intel Officials Were
Aware Of CIA Breach Since Late Last Year
The CIA has been aware of a security breach since late last
year, which led to the latest Wikileaks data dump, a U.S.
intelligence agencies and a law enforcement officials told
Reuters on Wednesday.
The officials, who wished to remain anonymous, said the
agency became aware of a cyber attack on its systems last
year but did not know the exact nature of the breach.
The duo believed the documents about CIA tools and tactics
used between 2013 and 2016 were authentic.
Meanwhile, the White House also said President Donald Trump
was "extremely concerned" about the security breach, adding
that the Trump administration will be intended to be tough
on leakers.
Hunt For Snowden 2 Begins: FBI
And CIA Launch Criminal Investigation
Well, the FBI is launching a hunt to unmask the mysterious
whistleblower inside the CIA who's responsible for the CIA
leak that has rocked the US intelligence services.
According to the investigators, the leak was not the work of
nation state like Russia, but of an insider. The FBI is set
to interview possibly over a thousand officials who may have
had access to the information leaked by WikiLeaks,
the NY Times reports.
The CIA and FBI are also trying to determine if there are
other unpublished files and documents WikiLeaks may have.
After the two anonymous officials confirmed the authenticity
of the leaked documents, the biggest concern for the federal
government right now is if the whistleblower organization
publishes the code for zero-days held by the CIA, hackers
could take that code and cause havoc overseas.
The CIA revelations by the whistleblower organization are
just beginning. People will see more revelations about the
government and agencies from the WikiLeaks in coming days as
part of its Year Zero leak series.