We have been asked repeatedly whether the recent Wikileaks dump of what is likely the largest collection of confidential CIA documents in history is real or not. The short and long answers are both … yes.
Our company spends a lot of time and resources diving into the Internet underground to observe cyber activity and trace it back to its sources. We collect tons of cyberthreat data and analyze it to develop threat patterns and forensics supporting malicious activity.
There is no question in our minds as to the verity of these documents and to the implications related to the Federal government’s and specifically, the CIA’s cyber-adventures on behalf of what might be characterized as our nation’s primary geo-political and global interests.
Our own intelligence validates the apparent loss of control by the CIA of a large volume of documentation that describes and defines its hacking capacity and specific arsenal of malware.
But we want to be quick to point out that knowledge related to the fact that most malware, viruses, Trojans, and weaponized “zero day” exploits originate with the CIA and with the other U.S. Intelligence agencies as part of their arsenal of weapons used to prosecute cyberwarfare is and has been well-known to the world of cybersecurity for years.
There is a long history of discontent within the cybersecurity community resulting from the spy guys not sharing information about these strains or informing businesses about what to look out for and how to defend against the assaults.
For example, the CIA’s Engineering Development Group (EDG) within the CIA’s Center for Cyber Intelligence, is responsible for building and supporting backdoors, malicious payloads, Trojans, and viruses that the CIA used globally for its covert operations. These same devices subsequently appear in the wild and are used against our organizations and businesses by cyber-criminals and hackers.
But, the activities of this group and others within the NSA and CIA and elsewhere within the Federal Intelligence community are immune from department of justice oversight and are in fact apparently protected by several Presidential executive orders. Among them, #12,333 which though it has been debated endlessly, empowers the CIA to essentially do whatever they want as long as it is conducted in support of our national foreign policy objectives. Spying on suspected terrorists operating on U.S. soil fits that bill. Often, that may include U.S. citizens.
Setting aside all of the outrage about how this leak showed that the CIA is able to surveille anyone’s activities via compromised smart TV’s, iPhones and Android devices, etc., the real outrage should be directed toward the reveal that The CIA is able to misdirect cyber-attack attribution. They are able to do this by leaving behind stolen “fingerprints” from groups that they want to implicate in a given attack.
Why is this more significant than targeting our WiFi household devices, like smart TVs, routers and gaming consoles? Why should we care about this mis-attribution thing more than say, the fact that we just confirmed that the CIA can place any one of our home TV’s in a ‘Fake-Off’ mode, so that they can then record our conversations and send them over the Internet to a covert CIA server?
Everyone living understands that Microsoft’s flagship operating system on which 98% of the world’s computer work is done, remains one of the key targets for hackers because it is full of exploitable holes. And, not a week goes by without some mobile phone exploit being reported upon by the mainstream press. What most of us have not known was whether or not a cyber-attack source could be easily camouflaged and made to look like it was originated elsewhere.
This goes directly to the issue of Russian interference in our electoral process and Trump’s early characterization of the 400 lb. guy with a laptop and his contention that we had no way of knowing who did what. As you will recall, the mainstream media did all they could do to make now-President Trump look like the guy who just fell off a turnip cart.
Was the DNC and/or the “election process” hacked by the Russians, or was it another entity who had the skills and tools to misdirect the attribution from the real perpetrators to someone else?
The fact that the CIA, NSA and probably every other Intel agency within the Federal government can launch cyber-attacks and misdirect attribution is either the height of fright or the best news we have heard in a while, depending on your point of view.
The real issue resulting from the WikiLeaks as I see it, is whether we are comfortable with this newly verified power on behalf of our Intel agencies, which should give them a sizable advantage in the field of battle (cyber-wise) or whether we would prefer that our government did not have the wherewithal to freely spy on its citizens under the flag of “special activities”.
There is much more to these and future Vault 7 leaks, not the least being the question of whether Assange is a hero or an enemy of the state. Suffice to say at this point, anyone pointing fingers at the Russians and making wild accusations about election hacking by foreign entities should be very afraid of what an investigation into these leaks may discover.