WikiLeaks says the CIA created a weapon and lost control of it

By Charis Chang

America's spy agency has created a series of cyberweapons that it has now lost control of and can now be used against the US by rival countries, cyber mafia and even teenage hackers.

In a massive release of documents code-named "Vault 7", WikiLeaks said the Central Intelligence Agency has recently lost control of the majority of its hacking arsenal.

These "cyberweapons" actually consist of several hundred million lines of code and can give those who possess it the entire hacking capacity of the CIA.

WikiLeaks now has possession of some of this code, after it was passed around among former US government hackers and contractors in an unauthorised way, and one of them passed it on to the whistleblower site.

READ MORE
WikiLeaks releases thousands of CIA documents
Wikileaks' bombshell claims - why the CIA is using your TVs, smartphones and cars for spying

WikiLeaks 'Vault 7' dump reignites conspiracy theories surrounding death of Michael Hastings
FBI prepares for new mole hunt for WikiLeaks' source

The latest leak exposes how US spies can remotely hack and control smartphones, computers, TVs and even vehicles.

WikiLeaks has not released the code but has published thousands of documents highlighting how it can be used, and that it cannot be controlled.

"Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike," a WikiLeaks statement said.

As WikiLeaks points out, cyber weapons are just computer programs that can be pirated just like any other program and are therefore very hard to keep under control.

There is a significant incentive for government hackers and consultants to hand over information about these malware, viruses, trojans, weaponised "zero day" exploits and malware remote control systems, because some would pay millions of dollars for it.

WikiLeaks said the CIA had also created an "own goal" by choosing to make its cyberarsenal "unclassified" so that its officers aren't prosecuted for placing classified information on the internet.

"This means that cyber 'arms' manufactures and computer hackers can freely 'pirate' these 'weapons' if they are obtained," it said.

"The CIA has primarily had to rely on obfuscation to protect its malware secrets."

Curtin University cyber security expert Mihai Lazarescu said the WikiLeaks release was an "absolute calamity" and "heads should roll" at the CIA.

"It is significant in the sense that, if the information WikiLeaks made available is the actual code itself, this would allow any other group to make use of it," Associate Professor Lazarescu told news.com.au.

He said other countries like China and Russia would already have their own programs to target western infrastructure but if they were able to access the US codes, they could gain a better understanding of what the CIA was targeting. It would also make it easier for them to imitate the CIA and impersonate their agents.

"I would be very surprised if WikiLeaks servers haven't been breached by every intelligence agency in the world," he said.

But it was not just other states that would be interested in the code. Prof Lazarescu said criminal groups would also be trying to access it.

This would most likely be to compromise the confidentiality of data for financial gain or to manipulate data.

It all sounds very ominous but Professor Greg Austin, an expert in cyber security research from UNSW Canberra, said it was difficult to judge precisely how significant the latest breach was.

"It's almost impossible to judge from a distance what share of the CIA capability the leak represents," he said.

"The large volume of lines of code looks like a lot but I would be very surprised to find that the best assets of these agencies are now in the public domain."

Prof Austin said the programs were definitely tools that could be used to attack other countries but he doesn't necessarily believe the CIA has lost control of them.

"I want to see the evidence," he said. "But if the programs and sequences (that WikiLeaks has obtained) are genuine, they can definitely be used by anybody."

However, Prof Austin said it was also important to note the National Security Agency, not the CIA, is America's primary cyber intelligence agency, so he doesn't believe the leak would include the totality of CIA and NSA capability.

Prof Austin said other countries already had their own technology anyway.

"Other countries already have it," he said. "That horse has bolted. Any weaponised code like that can be used by malicious actors."

Realistically, Prof Austin said private citizens couldn't do much to stop cyber espionage by foreign intelligence agencies.

"I already operate on the assumption that anything I do electronically is already accessible by foreign intelligence agencies," Prof Austin said.

"So I'm not concerned whether it is Russian, Chinese or American."

And while teenage hackers could get hold of programs to hack into people's lives, Prof Austin said it was unlikely they would target ordinary citizens.

"The prospect of your personal photos being put in the public domain is extremely low, you've got to be a celebrity or government official for that," he said.

"However, if you win that lottery you can suffer substantial disadvantage and cost or personal injury," he said.

Prof Austin said companies like Microsoft or Google regularly released updates to patch their software once they become aware of threats, and this was part of the never-ending cycle of threat and counter defence.

"It speaks to how far behind the world is on cybersecurity, we are almost defenceless against determined snooping or spying by major powers," he said.

"This is definitely the world we live in. Webcams and CCTVs are hijacked and hacked and used for other purposes. This isn't science fiction anymore.

"We are heading for the future, the dawn of the cyber age."

Prof Austin believes the WikiLeaks drop is part of its campaign to redraw the boundaries of civil liberties within the US and other countries.

But he said the problem would likely be very different in 20 years time and much worse than it was now.

"The more technology spreads, the harder it will be for the government and community to be alert for all the security implications."

- news.com.au

Get the news delivered straight to your inbox

Receive the day’s news, sport and entertainment in our daily email newsletter

SIGN UP NOW

© Copyright 2017, NZME. Publishing Limited

Assembled by: (static) on production bpcf04 at 30 Apr 2017 21:30:45 Processing Time: 647ms