Wednesday, April 5, 2017

WikiLeaks Exposed CIAs Hacking Tools And Capabilities Details

WikiLeaks Exposed CIAs Hacking Tools And Capabilities Details


WikiLeaks has published a massive trove of confidential documents in what appear to be the biggest ever leak involving the US Central Intelligence Agency (CIA).

WikiLeaks announced series Year Zero, under which the whistleblower organization will reveal details of the CIAs global covert hacking program.

As part of Year Zero, Wikileaks published its first archive, dubbed Vault 7, which includes a total of 8,761 documents of 513 MB (torrent | password) on Tuesday, exposing information about numerous zero-day exploits developed for iOS, Android, and Microsofts Windows operating system.

WikiLeaks claims that these leaks came from a secure network within the CIAs Center for Cyber Intelligence headquarters at Langley, Virginia.

The authenticity of such dumps can not be verified immediately, but since WikiLeaks has long track record of releasing such top secret government documents, the community and governments should take it very seriously.

CIAs Zero-Day Exploits & Ability to Bypass Encrypted Apps


According to initial analysis and press release, the leak sheds light on the CIAs entire hacking capabilities, including its ability to hack smartphones and popular social media messaging apps including the worlds most popular WhatsApp messaging app.
"These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Weibo, Confide and Cloackman by hacking the smartphones that they run on and collecting audio and message traffic before encryption is applied," WikiLeaks said.
The exploits come from a variety of sources, including partner agencies like NSA and GCHQ or private exploit traders, as well as the CIAs specialized unit in its Mobile Development Branch that develops zero-day exploits and malware for hacking smartphones, including iPhones and iPads.
"By the end of 2016, the CIAs hacking division, which formally falls under the agencys Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other weaponized malware," WikiLeaks said.
The agency can remotely activate smartphones cameras and microphones at its will, allowing it to hack social media platforms before encryption can be applied, WikiLeaks claims in the statement on their website.

"Weeping Angel" Attack — Hacking Smart TVs to Spy On Users


Vault 7 also details a surveillance technique — codenamed Weeping Angel — used by the agency to infiltrate smart TVs, transforming them into covert microphones.

Samsung smart TVs, which previously drew criticism for their always-on voice command system, are vulnerable to Weeping Angel hacks that place the TVs into a “Fake-Off” mode.

In Fake-Off mode, the TV owner believes it is off when it is actually on, allowing the CIA to record conversations "in the room and sending them over the Internet to a covert CIA server."

HammerDrill v2.0: A Malware to Steal Data From Air Gapped PCs


The CIAs cyberweapon arsenal also includes a cross-platform malware, dubbed Hammer Drill, that targets Microsoft, Linux, Solaris, MacOS, and other platforms via viruses infecting through CDs/DVDs, USBs, data hidden in images, and other sophisticated malware.

What more interesting? Hammer Drill v2.0 also added air gap jumping ability used to target computers that are isolated from the Internet or other networks and believed to be the most secure computers on the planet.

Besides listing all hacking tools and operations, the documents also include instructions for using those hacking tools, tips on the configuration of Microsoft Visual Studio (which is classified as Secret/NOFORN), as well as testing notes for various hacking tools.

Some of the leaked documents even suggest that the CIA was even developing tools to remotely control certain vehicle software, allowing the agency to cause "accidents" which would effectively be "nearly undetectable assassinations."

For more details on the leak, you can peruse on the WikiLeaks website.

Go to link download