CIA and its ‘Vault 7’

Fear has spread throughout the technology industry due to the release of documents by WikiLeaks, which has unveiled that the CIA is in possession of hacking tools with the ability to infiltrate and hack into some of the world’s most popular technology systems. Codenamed “Vault 7”, the leak contains 8,761 documents detailing the various hacking strategies implemented by the CIA against household technology brands like Apple, Microsoft, Google and Samsung.

Questions must be asked about the quality of the security systems implemented that allow such a disclosure of information to happen, especially as we live in such a hostile world of connected technologies. Mike Ahmadi, Global Director of Critical Systems Security at Synopsys, believes the security technology within the US Government is simply “outdated” and the software is “fraught with vulnerabilities” leaving the government wide open to the potential for a security breach. “The government needs to take a closer look at their exposure if they hope to defend against what is becoming an embarrassing regular occurrence.”

A potential solution to the systems operated by the government is by moving to open source as this could yield more secure results and is a move supported by Art Swift, President of the prpl Foundation. He believes the current system operated by the government is flawed, leaving citizens exposed to “cyber criminals and nation state attackers in the worst way”. A change is needed and the government should be encouraging the use of open source with hardware backed security” which would give vendors the opportunity to patch the problems.

Surely one of the world’s elite spy agencies would have implemented a robust, finely tuned security system that would surpass all others, so is there another element relating to how the data was disclosed. Brian Vecci, Technical Evangelist at Varonis, speculates there’s involvement from an insider or employee with unsupervised access to the data. He claims this wasn’t a “random smash and grab but a targeted and organised capture of data that someone knew would be explosive if released. A federal employee or contractor with access to this data decided to grab what he or she could and get it out into the world.”

Negative impact on tech firms

Fear has spread throughout the technology industry due to the release of documents by WikiLeaks, which has unveiled that the CIA is in possession of hacking tools with the ability to infiltrate and hack into some of the world’s most popular technology systems. Codenamed “Vault 7”, the leak contains 8,761 documents detailing the various hacking strategies implemented by the CIA against household technology brands like Apple, Microsoft, Google and Samsung.

Questions must be asked about the quality of the security systems implemented that allow such a disclosure of information to happen, especially as we live in such a hostile world of connected technologies. Mike Ahmadi, Global Director of Critical Systems Security at Synopsys, believes the security technology within the US Government is simply “outdated” and the software is “fraught with vulnerabilities” leaving the government wide open to the potential for a security breach. “The government needs to take a closer look at their exposure if they hope to defend against what is becoming an embarrassing regular occurrence.”

A potential solution to the systems operated by the government is by moving to open source as this could yield more secure results and is a move supported by Art Swift, President of the prpl Foundation. He believes the current system operated by the government is flawed, leaving citizens exposed to “cyber criminals and nation state attackers in the worst way”. A change is needed and the government should be encouraging the use of open source with hardware backed security” which would give vendors the opportunity to patch the problems.

Surely one of the world’s elite spy agencies would have implemented a robust, finely tuned security system that would surpass all others, so is there another element relating to how the data was disclosed. Brian Vecci, Technical Evangelist at Varonis, speculates there’s involvement from an insider or employee with unsupervised access to the data. He claims this wasn’t a “random smash and grab but a targeted and organised capture of data that someone knew would be explosive if released. A federal employee or contractor with access to this data decided to grab what he or she could and get it out into the world.”

Spotlighting global issues

The war between companies and cyber criminals is a game of cat and mouse with organisations continuously looking to develop security measures before they are sophisticatedly attacked by hackers. Despite this, there is no absolute cyber security solution, and the general public will understand that the government has the resources to monitor connected devices. 

For Comparitech Security Researcher, Lee Munson, the information revealed something more intriguing. He said “most citizens should not be any more concerned about surveillance today than they were yesterday. The really interesting aspect to this leak, however, is how the alleged cyber spying tools all appear to have one thing in common – the need to acquire information over the wire. That means, for now at least, we can assume that messaging systems with strong end-to-end encryption are beyond the reaches of the security services; a win for everyone who is truly concerned about protecting their privacy today.” It is no surprise that the CIA has the capabilities to compromise a device but what has been disclosed through WikiLeaks essentially means the hacking tools were used to execute malware onto devices rather than break the encryption of the software.   

No matter how you view the WikiLeaks report, it has undeniably placed the spotlight on the global issue regarding the vulnerabilities associated with the technology in today’s connected devices. Even though the likes of Apple, Microsoft and Google have all claimed that the flaws mentioned have since been fixed, this is just the tip of the iceberg in what WikiLeaks describes as “the first full part of the series” with more to be revealed.

Dean Alvarez, Features Editor, IT Security Guru
Image Credit: Flickr / AJTalkEng