The WikiLeaks publication of hacking tools and malware the CIA has allegedly used continues to stir the ire and fear of those concerned about the possible risk of the US government’s backdoor access to private data. But WikiLeaks’ publication of alleged CIA-created malware instructions, which the CIA has not confirmed as authentic, diverts attention away from how numerous other state-sponsored agents are aggressively seeking to steal intellectual property and other data, security experts say.
In this way, WikiLeaks’ publication of the data trove, called Vault 7, serves less as an example of possible CIA hacking methods than it does as proof of an even greater menace security experts have known for a long time: there are many government-sponsored threats originating beyond the US borders that likely pose a bigger collective peril than malware the CIA, NSA, or other US governmental agencies might develop.
In addition to intellectual property-related theft associated with how cyber thieves can extract sensitive data, companies are vulnerable on a number of fronts. These include how third parties can gain access to the overall network, laterally compromise electronics devices, disrupt daily operations of an organisation, alter stored data, and other risks, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), told Intellectual Property Watch.
In the case of the Vault 7 data, electronics devices have become that much more at risk in the wake of the disclosure.
“OEMs [original equipment manufacturers] have been shipping flawed and vulnerable devices for years, and thereby burdening consumers with unrequested security risk, because manufacturers lack accountability and incentives to incorporate security-by-design,” Scott said. “Individuals and industries that use these devices were vulnerable before Vault 7 and are left even more vulnerable afterward.”
The scope of the hacker’s treasure trove of WikiLeaks’ Vault 7 remains, nevertheless, formidable. If WikiLeaks’ publication of the data is indeed authentic, there were over 5,000 CIA user accounts with access to the hacking tools. It includes thousands of ways to expose data by using over one thousand viruses, spyware, trojans, and other malware outlined in almost 9,000 documents and files.
“The CIA had created, in effect, its own NSA,” WikiLeaks said in a statement.
Many of the vulnerable devices described in Vault 7 have been fixed, such as those described for the millions of Apple devices sold. However, many electronic devices remain at risk to the extent that anyone can follow the instructions described in Vault 7 to steal data or cause other harm.
“The most significant and arguably underreported aspect of the Vault 7 data dump was the public disclosure of a number of inherently vulnerable IoT [internet of things] devices ranging from TVs to automated cars, many of which remain unmitigated by the OEM after disclosure,” Scott said.
The Status Quo
Vault 7, if indeed it is an arsenal of tools and instructions for exploits developed by the CIA, reflects the types of counter-intelligence cyber defences other governments around the world are assumed to have and use.
“Any self-respecting government with an offensive cyber division is expected to hoard as many 0-days, the new munitions in the cyber arms race, as possible. The Vault7 so-called ‘disclosure’ released information about weaponized technology without stating any facts about their actual use,” Scott said. “As a superpower, if the US didn’t have these cyber weapons, they’d be pummelled by any and every adversary that had an interest in doing so. It’s important to understand that the best cyber defence is a potent-and-profound, next-gen cyber offense.”
Tools developed by governmental agencies also often eventually trickle down for use by hackers once they are leaked. The hacking tools revealed in the Vault 7 data, have been “around for a while” because of the dates on the files, Bruce Schneier, the chief technology officer of IBM Resilient and a fellow at Harvard’s Berkman Center, told Intellectual Property Watch.
“Today’s top-secret NSA programs become tomorrow’s PhD theses and tomorrow’s hacker tools,” Schneier said. “These capabilities goes downhill.”
Bigger Fish to Fry
WikiLeaks’ agenda behind the publication of Vault 7 has also been called into question. “WikiLeaks has always had an anti-American slant to their initiatives. They have therefore created chaos in the US between its government and civilian population as part of their modus operandi,” Scott said. “Their ‘slant’ when communicating the use of these technologies is that its government uses them to survey Americans.”
Specific to intellectual property theft, governments around the world continue to use much more-advanced cyber tools to access data compared to what the Vault 7’s hacking tools offer. The US and other world governments have often singled out China for sponsoring cyber theft.
“If we are talking about IP theft, look no further than China. Their 13th Five Year Plan demands theft of any and all IP in the west in order to become less technologically dependent on the West. When you buy a Chinese manufactured product, there is a Chinese communist party representative on the manufacturing floor who maintains this strategy,” Scott said. “They find perpetual success with their hacking and pilfering of American networks, not because of their sophistication or stealth, rather the sheer volume and variation of cyber-kinetic attack methods used.”
The Chinese access intellectual property by relying on tongs and Chinese student associations, Triad and other Chinese nationals and associations “to further their IP theft and espionage initiatives,” Scott said. “Chinese [state-backed infiltrators] will steal and pilfer any network that possesses information that they deem necessary to become less technologically and economically dependent on the west. “
Meanwhile, WikiLeaks’ publication of the CIA Vault 7 data is likely just one small battle in the major cyber war that is waged between the world’s superpowers at this time.
“WikiLeaks makes no mention of the fact that the United States is at war, not merely a visible kinetic war but cyberwar,” Scott said.
In a blog post earlier this month, Schneier described how NSA and CIA leaks show “there’s something going on” between intelligence communities from “at least two countries, and we have no idea what it is.”
“Consider these three data points. One: someone, probably a country’s intelligence organization (ie: CIA) , is dumping massive amounts of cyberattack tools belonging to the NSA onto the Internet. Two: someone else, or maybe the same someone, is doing the same thing to the CIA,” Schneier wrote. “Three: in March, NSA Deputy Director Richard Ledgett described how the NSA penetrated the computer networks of a Russian intelligence agency and was able to monitor them as they attacked the US State Department in 2014.”