Wikileaks/Vault 7
Date | 7 March 2017 - Present |
---|
Wikileaks' Vault 7 is a series of documents that WikiLeaks began to release on 7 March 2017. It was followed up by Wikileaks/Vault 8 which released source code of some of these exploits.
Contents
Revelations
Vault 7 revealed that CIA malware has been infecting Wi-Fi routers since 2007[1] and that at least since 2012 it has had a simple tool to try to collect data from air gapped computers.[2]
The ability to hack into vehicles would facilitate “nearly undetectable assassinations”, as Wikileaks put it, re-igniting debate about the fate of Michael Hastings who died in a single vehicle car crash in which he sped up and drove into a tree.[3]
Spin
The Register accused Wikileaks of "spinning" some of the data from Vault 7.[4]
Limited Hangout possibilities
- Full article: Limited Hangout
- Full article: Limited Hangout
The Vault 7 documents appear to be genuine. However, the possibility that they contain deliberately tainted information and were deliberately routed to Wikileaks cannot be ruled out. That routers have had a feature called "universal plug and play" turned on - which allows the firmware to be updated remotely - are vulnerable, is well known. These devices were released 15 years ago.
The time frame in: "As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks" is also potentially misleading because car computers have been "hack-able" since at least the mid-1990's. Since its inception the proprietary engine management and other control software installed by vendors has been progressively enabled to 'take-over' practically all modern automobile controls including acceleration, braking and steering.
The speculative wordings 'what "could" be done', '"would permit"...' may also instill feelings of excitement, fear, powerlessness and helplessness in people who are not aware of the technical details, which fits in the bigger picture of a strategy of tension.
Joshua Schulte
In August 2017 Joshua Schulte, a software engineer, was arrested and charged with leaking the data to Wikileaks.[5]
Bad operational security
Vice reported that he "uploaded at least some CIA-related source code to a personal website linked to his real name".[6]
References
- ↑ https://arstechnica.com/security/2017/06/advanced-cia-firmware-turns-home-routers-into-covert-listening-posts/
- ↑ https://www.theregister.co.uk/2017/06/22/wikileaks_cia_brutal_kangaroo/
- ↑ http://www.news.com.au/finance/business/media/wikileaks-vault-7-dump-reignites-conspiracy-theories-surrounding-death-of-michael-hastings/news-story/0df1d06403d0223ce1cfc286a1e75325
- ↑ http://www.theregister.co.uk/2017/03/31/wikileaks_cia/
- ↑ https://www.theregister.com/2020/03/09/cia_hacking_trial_verdict/
- ↑ https://www.vice.com/en_us/article/qvn83q/joshua-schulte-cia-vault-7-wikileaks-opsec