Do You Know What “VAULT- 7” is. ????? It’s been all over the news.

Do You Know What “VAULT- 7” is.  ????? It’s been all over the news.–g39h.,b71

Vault 7 is a series of documents that WikiLeaks began to release on 7 March 2017, that detail activities and capabilities of the United States Central Intelligence Agency to perform electronic surveillance and cyber warfare. The files, dated from 2013–2016, include details on the agency’s software capabilities, such as the ability to compromise smart TVs,[1] web browsers (including Firefox, Google Chrome, and Microsoft Edge), and the operating systems of most smartphones (including Apple‘s iOS and Google‘s Android), as well as other operating systems such as Microsoft Windows, macOS, and Linux.

Background

WikiLeaks started teasing the release of “Vault 7” in early February 2017 with a series of cryptic tweets.[2] On 16 February 2017, WikiLeaks released CIA documents describing how the CIA monitored the 2012 French presidential election.[3] The press release for this leak stated it was published “as context for its forthcoming CIA Vault 7 series.”[4]

On 8 March 2017 US intelligence and law enforcement officials said to the international news agency Reuters that they have been aware of the CIA security breach, which led to the Vault 7 since late 2016. The two officials said they were focusing on “contractors” as the likeliest source of the leak.[5]

Part 1

The first batch of documents was publish by WikiLeaks on 7 March 2017. Which consist of 7,818 web pages with 943 attachments, purportedly from the Center for Cyber Intelligence,[6] which already contains more pages than former NSA contractor and leaker, Edward Snowden‘s NSA release.[7] According to WikiLeaks, the source “wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons” since these tools raise questions that “urgently need to be debated in public, including whether the C.I.A.’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.”[1]

WikiLeaks redacted names and other identifying information from the documents before their release,[1] WikiLeaks.[8][9]It also said that it would postpone releasing the source code for the cyber weapons, which is reportedly several hundred million lines long, “until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analyzed, disarmed and published.”[1] WikiLeaks founder Julian Assange claimed this was only part of a larger series.[7]

Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm.”[10]

Assange held a press conference on 9 March to offer to share unpublished data from Vault 7 with technology companies to enable them to fix vulnerabilities detailed therein. He stated that only 1% of the total leak has been released and that much of the remainder of the leak included unpatched vulnerabilities but that he was working with Microsoft, Apple and Google to get these vulnerabilities patched as he would not release information which would put the public at risk, and as fixes were released by manufacturers he would release details of vulnerabilities.

According to WikiLeaks, only Mozilla had been provided with information on the vulnerabilities, while “Google and some other companies” only confirmed receiving the initial notification.

Part 2

On 23 March 2017 WikiLeaks published Vault 7 part 2 “Dark Matter”. That publication includes documentation for several CIA efforts to infect the Apple’s Mac devices.[15][16]

Part 3

On 31 March 2017 WikiLeaks published Vault 7 part 3 “Marble”. It contained 676 source code files for the CIA’s Marble Framework, it is used to hide text fragments, which were utilised in malware created by the CIA, from visual inspection. As part of the program, foreign languages were used to cover up the source of CIA hacks. It reached 1.0 in 2015 and was used by the CIA throughout 2016.[17][18][19]

In its release, WikiLeaks described the primary purpose of “Marble” as to insert foreign language text into the malware to mask viruses, trojans and hacking attacks, making it more difficult for them to be tracked to the CIA and to cause forensic investigators to falsely attribute code to the wrong nation. Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion”, WikiLeaks wrote in a statement.[20] The source code revealed that Marble had examples in Chinese, Russian, Korean, Arabic and Farsi.[21] These were the languages of the US’s main cyber-adversaries – China, Russia, North Korea and historically, at least Iran.[22]

According to analysts, the Marble toolkit is used as a malware with two main purposes, first to fool forensic investigators from attributing viruses, trojans, and hacking attacks to the CIA, and second as an obfuscator to avoid detection by antivirus programs.[23][24]

The CIA’s Marble Framework also contained a deobfuscator tool with which the CIA could reverse text obfuscation.[22]

Authenticity; With the CIA, I just want people to know, the CIA was hacked, and a lot of things taken — that was during the Obama years. That was not during us. That was during the Obama situation. Mike Pompeo is there now doing a fantastic job.”

— transcript, Tucker Carlson Tonight, March 16, 2017, (Fox News)[25]

When asked about their authenticity, former Director of the Central Intelligence Agency Michael Hayden replied that the organization does “not comment on the authenticity or content of purported intelligence documents.”[1] However, speaking on condition of anonymity, current and former intelligence officials said that the documents appear to be genuine.[26] Edward Snowden tweeted shortly after the documents’ release that they looked authentic.[27] Robert M. Chesney, a law professor at the University of Texas and Director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), likened the Vault 7 to NSA hacking tools disclosed in 2016 by a group calling itself The Shadow Brokers.[1]

Organization of US cyber warfare

WikiLeaks said that the documents came from “an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia.”[30] The documents allowed WikiLeaks to partially determine the structure and organization of the CCI. The CCI reportedly has an entire unit devoted to compromising Apple products.[27]

Frankfurt base

The first portion of the documents made public on 7 March 2017, Vault 7 “Year Zero”, revealed that a top secret CIA unit used the German city of Frankfurt as the starting point for hacking attacks on Europe, China and the Middle East. According to the documents, the US government uses its Consulate General Office in Frankfurt as a hacker base for cyber operations. CIA agents, NSA spies, military secret service personnel, the United States Department of Homeland Security employees and the Secret Service employees are working in the building complex with high walls and barbed wire in the north of the citySigmar Gabriel from the Social Democratic Party responded to the documents of Vault 7 “Year Zero” that the CIA used Frankfurt as a base for its digital espionage operations, saying that Germany did not have any information about the cyber attacks.[33]

UMBRAGE: The documents reportedly revealed that the agency had amassed a large collection of cyberattack techniques and malware produced by other hackers. This library was reportedly maintained by the CIA’s Remote Devices Branch’s UMBRAGE group, with examples of using these techniques and source code contained in the “Umbrage Component Library” git repository. According to WikiLeaks, by recycling the techniques of third-parties though UMBRAGE, the CIA can not only increase its total number of attacks,[34] but can also mislead forensic investigators by disguising these attacks as the work of other groups and nations.[1][27] Among the techniques borrowed by UMBRAGE was the file wiping implementation in the Shamoon. According to PC World, some of the techniques and code snippets have been used by CIA in its internal projects.

False flag theories

On the day the Vault 7 documents were first released, WikiLeaks described UMBRAGE as “a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation,” and tweeted, “CIA steals other groups virus and malware facilitating false flag attacks”.[37] A conspiracy theory soon emerged alleging that the CIA framed the Russian government for interfering in the 2016 U.S. elections. Conservative commentators such as Sean Hannity and Ann Coulter speculated about this possibility on Twitter, and Rush Limbaugh discussed it on his radio show.[38] Russian foreign minister Sergey Lavrov said that Vault 7 showed that “the CIA could get access to such ‘fingerprints’ and then use them.[37]

Apple products: On 23 March 2017, WikiLeaks released “Dark Matter”, the second batch of documents in its Vault 7 series, detailing the hacking techniques and tools all focusing Apple products developed by the Embedded Development Branch (EDB) of the CIA. The leak also revealed the CIA had been targeting the iPhone since 2008, a year after the device was released. A preliminary assessment showed “the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

Cisco: WikiLeaks said on 19 March 2017 on Twitter that the “CIA was secretly exploiting” a vulnerability in a huge range of Cisco router models discovered thanks to the Vault 7 documets.[48][49] The CIA had learned more than a year ago how to exploit flaws in Cisco’s widely used internet switches, which direct electronic traffic, to enable eavesdropping. Cisco quickly reassigned staff from other projects in order to turn their focus solely on analyzing the attack and to figure out how the CIA hacking tricks worked, so they could help customers patch their systems and prevent criminal hackers or spies from using the same methods. Cisco issuied a warning on security risks, patches were not available, but Cisco provided mitigation advice.[49]

Smartphones/tablets

The electronic tools can reportedly compromise both Apple‘s iOS and Google‘s Android operating systems. By adding malware to the Android operating system, the tools could gain access to secure communications made on a device.[52] At least 23 different exploits and tools were developed to target Android operating systems.[53] In the JQJGUNSHY test, the IOC used some of these tools to successfully hack a Samsung Galaxy Tab 2.[54]

Messaging services

According to WikiLeaks, once an Android smartphone is penetrated the agency can collect “audio and message traffic before encryption is applied”.[1] Some of the agency’s software is reportedly able to gain access to messages sent by instant messaging services.  Commentators, among them Snowden and cryptographer and security pundit Bruce Schneier, observed that Wikileaks incorrectly implied that the messaging apps themselves, and their underlying encryption, had been compromised – an implication which was in turn reported for a period by the New York Times and other mainstream outlets.[55][1]

Weeping Angel

One of the software suites, reportedly code-named “Weeping Angel“, is reportedly able to use Samsung smart televisions as covert listening devices. In June 2014, the CIA held a joint workshop with British intelligence’s MI5 to improve the “Weeping Angel” hack, which appears to have specifically targeted Samsung’s F8000 series TVs released in 2013. It would allow an infected smart television to be used “as a bug, recording conversations in the room and sending them over the internet to a covert C.I.A. server” even if it appears to be off.[1]

Windows

The documents refer to a “Windows FAX DLL injection” exploit in Windows XP, Windows Vista and Windows 7 operating systems.[6] This would allow a user with malicious intents to hide its own malware under the DLL of another application. However, a computer must have already been compromised through another method for the injection to take place.

Commentary

Lee Mathews, a contributor to Forbes, wrote that most of the hacking techniques described in Vault 7 were already known to many cybersecurity experts. Nathan White,  Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them. The United States is supposed to have a process that helps secure our digital devices and services — the ‘Vulnerabilities Equities Process.’ Many of these vulnerabilities could have been responsibly disclosed and patched. This leak proves the inherent digital risk of stockpiling vulnerabilities rather than fixing them.

Cindy Cohn, Electronic Frontier Foundation’s executive director, an international non-profit digital rights group based in San Francisco, California, said the CIA had “failed to accurately assess the risk of not disclosing vulnerabilities. Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans”.[67]

source–wikipedia, tucker carlson, michael hayden, robert chesnev, the shadow brokers, csis, petyer frank, sigmar gabriel, pc world, kim zetter, robert craham, ben buchanan, kevin poulsen, hammer drill, kim dotcom, weeping angel, lee mathews, nathan white, cindy cohn

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s