10. March 2017

Vault 7: The CIA’s Cyber Weapons

G DATA Security Experts Eddy Willems and Ralf Benzmüller put the latest Wikileaks revelations into perspective

10/03/17 | Bochum  The leaked confidential CIA documents shine a bright light on the agency’s hardware and software hacking activities between 2013 and 2016. They explicitly mention iPhones, Android devices, Linux, Windows as well as Smart TVs as targets. Security vendors are also included in the list. It seems that not a single piece of hard- or software or operating system is safe from the CIA’s cyber weapons. G DATA Security Experts Eddy Willems and Ralf Benzmüller have scanned the available documents and add some perspective to them in their blog article.

Extensive capabilities

Just as with the famous Snowden leaks a couple of years ago, it should come as no surprise that intelligence agencies engage in spying activities. What is remarkable, though, is the scale and extent of their activities. This is also the case for the Vault7 documents. Those are not only about collecting security flaws in desktop PCs or servers. According to the documents, the agency has all internet-enabled devices in its sights. Android and iOS devices, routers and smart TVs are just as viable a target as embedded devices and IoT hardware. The CIA’s tool chest even includes tools for hacking industrial SCADA hardware as well as automotive systems. At the same time, extensive measure exist to conceal the CIA’s tools and their data exfiltration techniques. “You might get the impression that basically every piece of technology with some relevance in the market is being carefully evaluated for possible use in cyber espionage and cyber warfare”, says Eddy Willems, G DATA Security Evangelist.

Long-held suspicions are confirmed

Ralf Benzmüller, Executive speaker at G DATASecurity Labs, makes it clear that „It would be naive to think that the development of cyber weapons is only driven by the USA. We think that other members of the intelligence community have been developing similar programs for years, with millions of Euros worth of funding”. “The latest leak only confirms what many IT security experts had long been suspecting. Having the cyber equivalent of a Broken Arrow, where criminals get their hands on such cyber weaponry, would be highly problematic, to say the least. The consequences could be catastrophic."

 However, the G DATA security experts do not think that the espionage tools have been used or are currently used on a broad scale against regular internet users. The nature of the tools suggest that they are rather intended for use in targeted attacks. Many manufacturers have already gone to work to fix the security flaws, which were disclosed in the leaked documents.

Tricking security solutions

Numerous security vendors including G DATA were also mentioned in the CIA documents. It seems that the CIA has also developed tools which are designed to circumvent any security solution which is in place at the target. There is little information in this part of the publicly available documents, though. The information which exists is sparse (e.g. it contains incomplete lists of processes) and only applies to a few vendors. As of this writing, no further details are public at this time about most vendors, apart from their names. The corresponding sections are classified by Wikileaks as “secret”. We have established contact with Wikileaks to obtain this information as far as it concerns our solutions.

You can read the full comment on the Wikileaks documents on the G DATA Security Blog