VAULT7 – The CIA’s Cyberwarfare Tools Exposed

Blog Author Aaron Robel

Written by: Aaron Robel, VP of Information Security

Published: March 10, 2017

Found in: News/Press

Just like learning about your daughter’s party last Friday through Facebook, the CIA is hiding in their room hoping the latest information breach goes away. Well, just like your daughter, that tactic won’t fly.

What Happened?

On March 7, WikiLeaks made public an almost 9,000 page tome they called “Vault 7.” These documents exposed many of the CIA’s cyberwarfare methods and tools. Some of these include:

  • Hacking smart TVs to eavesdrop
  • Hacking modern vehicles to take over control
  • Hacking iPhones and Android phones to track, use cameras and intercept information

In the spirit of sharing secrets I’ll let you in on a couple I know about…

Secret #1

No device is immune to compromise if it connects to the internet. All software has flaws called vulnerabilities AND we all accept a certain level of risk when using these devices. The only way to eliminate the risk is to disconnect from the internet, forever.

Secret #2
  • YES! The CIA has a division of cyberwarfare hackers.
  • YES! This team will use nasty malicious software to get the job done. Just like the nasty bombs and missiles we use in physical warfare to get the job done.
  • YES! This is part of today's arsenal for working on national security issues. If the government didn’t have this capability it would be like not having a navy in WWII.

Secret #3

If you are using any kind of automated voice solution that activates when your voice is heard, it’s always listening and recording at some level. Amazon Echo, Microsoft Xbox, smart TVs and Google Voice are a few of the products that have this ability.

The GOOD
  • So far WikiLeaks has not disclosed the actual code for the malware used by the CIA. So, an attacker would have limited ability to use the tools that were exposed. 
  • WikiLeaks has apparently offered to companies like Apple and Google to share the software flaws so they can be fixed. This is good, but it also puts the company in a precarious position with Wikileaks.
  • Apple has reviewed the software vulnerabilities related to their products and has stated that they’ve already been fixed.

The BAD
  • It’s no shocker that the CIA has a cyberwarfare capabilities and tools. The question is how this latest round of information got out, given they are Top Secret documents. Many would argue that there is the potential that information like this puts U.S. soldiers' lives at risk. 
  • Although the risk is low that the CIA would be using this on citizens, it always starts another debate around privacy. 

What steps should you take?
  • Ensure devices connected to the internet are fully updated on regular basis. As vulnerabilities are exposed companies provide patches to fix them.
  • If you are truly concerned about the CIA or hackers eavesdropping on your conversations through your devices turn these features off and stop using voice activated products.

What is WSECU doing?

As the information comes out we will look for any systems we use that may have newly exposed vulnerabilities. If any are identified we will work with the manufacturers to fix them.

Aaron Robel, VP of Information Security