Earlier today Wikileaks made good on their claims to release startling revelations regarding the American intelligence community, which turns out to involve the Central Intelligence Agency, and has made public the largest leak in American history that details the spy organization’s deepest digital secrets.
Julian Assange, who founded Wikileaks over 10 years ago and has never been proven wrong, has released part one of what he calls the “Vault 7” series. The release contains more than 8,000 documents that have allegedly been leaked from an inside source at the CIA, similar to how Edward Snowden turned whistleblower after revealing the NSA’s privacy intrusions.
One of those most politically relevant details from the Vault 7 leak is the CIA’s project “UMBRAGE”, which allows them to craft malware or hacking techniques that will leave a fingerprint pointing to Russian hackers, rather than the CIA’s personnel.
The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
In other words, it appears that the media’s “Russian hacked the election” narrative could be blown apart by the latest Wikileak’s revelations, as it appears the true identify of these hackers has likely been revealed.
Wikileak’s outlines what it describes as 500 different projects managed under the CIA’s Engineering Development Group (EDG) department, which oversees operations involving malware, hacking, penetration, control of digital devices and implanting files. Special projects revealed under this group even target WiFi household devices, such as “smart” TVs, routers and gaming consoles.
Essentially, anything in your home that can connect to the Internet with a camera installed has the capability to spy on you, which the CIA can easily take advantage of according to Wikileaks.
‘Improvise’ is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from ‘Fine Dining’ questionairies.
In essence, the CIA has the capabilities to infiltrate any major operating system that you use in conjunction with your phones, tablets, laptops or desktop computers. If you have webcams, they can see you. If you have microphone enabled devices (cell phones/pc mics), they can hear you.
Wikileaks reveals that if you have a WiFi capable appliance, vehicle or computer then they have the tools to access or manipulate it. As long as you are connected online, the CIA can access just about anything they want on your devices.
The CIA’s hacking tools don’t end at personal devices, however, as Wikileaks outlines their plans started several years ago to infect and manipulate vehicle control systems used by most modern cars or trucks.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
Wikileaks also reveals that the CIA’s Mobile Device Branch has developed a wide range of utilities to infect smart phones. These malware or programs that they have can allow them access to all photos, files and data stored on smart phones along with controlling the device’s operations.
The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.
In a tweet earlier today, Wikileaks showed how the CIA is even bragging about having the best Trojan viruses and malware that can essentially hack any American citizen’s devices. They seem very proud of the fact they have undermined the fabric of certain privacy guarantees that every citizen believes they are entitled to.
— WikiLeaks (@wikileaks) March 7, 2017
Also, just in case some pesky law enforcement detectives start putting the pieces together and discover that someone’s unfortunate “accident” traces back to the CIA, the spies have a plan to prevent that as well.
— WikiLeaks (@wikileaks) March 7, 2017
Although it will take some time to glean all of the shocking revelations from this Wikileaks dump, what has been released thus far is enough to send the anti-Trump media forces into a tailspin.
Ironically, President Trump himself made claims that Obama wiretapped his communications during the election, which caused the Democrat allies to boldly claim that “no such wiretaps took place”. Now, it appears that spying not only likely took place on Donald Trump, but also takes place on a mass scale on American citizens at the hands of the CIA on a regular basis.
Top five most shocking CIA digital spy projects in Wikileak’s Vault 7 release:
- The CIA’s Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by “Year Zero”) each with their own sub-projects, malware and hacker tools. The majority of these projects relate to tools that are used for penetration, infestation (“implanting”), control, and exfiltration.
- Umbrage: The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.
- Fine Dining: Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency’s OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically “exfiltrating” information from computer systems) for specific operations. Among the list of possible targets of the collection are ‘Asset’, ‘Liason Asset’, ‘System Administrator’, ‘Foreign Information Operations’, ‘Foreign Intelligence Agencies’ and ‘Foreign Government Entities’. Notably absent is any reference to extremists or transnational criminals.
- ‘Improvise’; a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor).
- HIVE: HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants. The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.
Wikileaks Vault 7 FAQ:
- Why now? WikiLeaks published as soon as its verification and analysis were ready. In Febuary the Trump administration has issued an Executive Order calling for a “Cyberwar” review to be prepared within 30 days. While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.
- What time period is covered? The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first). WikiLeaks has obtained the CIA’s creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order. If it is critical to know the exact time/date contact WikiLeaks.
- What is “Vault 7” “Vault 7” is a substantial collection of material about CIA activities obtained by WikiLeaks.
- What is the total size of “Vault 7”? The series is the largest intelligence publication in history.
- When was each part of “Vault 7” obtained?: Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.
- Is each part of “Vault 7” from a different source? Details on the other parts will be available at the time of publication.
- How did WikiLeaks obtain each part of “Vault 7”? Sources trust WikiLeaks to not reveal information that might help identify them.
- Isn’t WikiLeaks worried that the CIA will act against its staff to stop the series? No. That would be certainly counter-productive.
Essentially you can assume that all of your phone calls, emails, photos transmitted and other communications are stored somewhere in a massive data facility, managed by one of America’s three letter intelligence agencies.
If you’re wondering how the CIA has possibly grown into such a digital spying powerhouse, Wikileaks has also released an organizational chart outlining their various departments and where they fall on the corporate ladder.
In the coming days you will likely see the media attempt to downplay the massive spying operations that Wikileak’s revealed, but at least they are now on the defensive, trying desperately to prop up their “Russian hacker” narrative.