WikiLeaks again blew off the lid of yet another secret mission of US surveillance agency CIA. WikiLeaks has released 8,761 of secret documents of Centre for Cyber Intelligence, which is a part of CIA. These documents are greater in size than those released during the first three years of Snowden. Code named “Vault 7”; this is a first part of a series “Year Zero” that WikiLeaks is developing.
Snowden’s revelations were the first hand exposure of US and UK’s programmes capturing people’s communications and exploiting the machines. The massive expansion in utilisation of mobile phones for communications, data encryption in the mobile phones was a larger question that came up. It is now clear that US and UK are on an ambitious mission of collecting data even before it is encrypted, by taking control of the operating systems of the devices. The mission is to capture the text while it is being typed, take control of graphic/video files even before they are encrypted by the application software – such as WhatsaApp, Signal, Telegram etc. The control of the devices allow the spy agencies to take control of microphones and cameras in the devices. The mobile phones or the Smart TV can then be used to spy on your activities, even if these devices are not turned on.
How much data has the CIA collected and who have they spied on? The targets are not just possible suspects but even heads of friendly states such as Angela Merkel.
These leaks expose the large number of Cyber Weapons that CIA has built up. By 2016 CIA, has created a hacking division that has close to 5000 programmers. These programmers have produced thousands of hacking systems, trojans, viruses, and other "weaponised" malware that target operating systems such as Android, Windows and iOS (Macs, iPhones, iPads). These operating systems are found in mobiles, tablets and computers. These weapons turn every popular phone, laptop, Televisions and smart devices based on Internet of Things into surveillance devices. This is worse than any science fiction imagination.
Just to give some idea of the software created, these programmers have written or utilised code to that is more than what is used to run Facebook. Facebook is a complex solution that has close to 1.86 billion active users (as of last quarter of 2016), and who continuously upload and download information.
The majority of the projects exposed in the current leaks relate to tools that are used for penetration, infestation ("implanting"), control, and exfiltration. The WikiLeaks Press Release states, “Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponised "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
Clearly, CIA's huge arsenal of weaponised malware that it lost is now available for criminal purposes. It puts at risk the entire global communications infrastructure on which all of us rely and has become the basis, for example, all our financial transactions.
Mobile Devices and Smart TV
The CIA malware hacking tools penetrate into the Android, iPhone, Windows, smart TVs and convert them into surveillance devices. The Engineering Development Group (EDG) of CIA is responsible for building backdoors into devices. This is a technique in which a system security mechanism is bypassed undetectably to access a computer or its data. The EDG is responsible for testing and operational support of all kinds of malware used by CIA for such covert operations worldwide. The malware of CIA penetrates into the Android, iOS, Windows devices, computers, servers and exploit the vulnerabilities of the system or a network, take control and send data back to the CIA. This is called data exfiltration and is a malicious activity of unauthorized copying, transfer or retrieval of data from a computer or server.
The CIA's Mobile Devices Branch (MDB) developed malware that on infecting phones, can be remotely instructed to send CIA the user's geolocation, audio and text communications, as well as covertly activate the phone's camera and microphone.
It is interesting to note that despite iPhone’s minority share in the smart phone market, there is a specialized unit in CIA’s MDB that focuses on producing malware to infect, control and exfiltrate data from iOS devices. A special focus on iOS could be the popularity of the iPhone among social, political, diplomatic and business elite. Indian government gives away iPhones and iPads to lawmakers in the country.
There is a similar CIA unit for all brands of Android phones as well, which has market share close to 85%. In the year of 2016, 1.15 billion Android phones were sold. These techniques were developed by CIA and also obtained from GCHQ, NSA and their cyber arms contractors.
After the Snowden revelations, a number of digital monopolies lost their reputation for handing over the encryption codes. To overcome this difficulty of obtaining encryption codes from these companies, CIA worked on hacking the operating systems themselves of the devices. These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman, etc., by hacking the "smart" phones they run on, and collecting audio, video and messages before encryption is applied. As Telegram a popular messaging service puts it
“...the issue is like imagine a castle on a mountainside. That castle is a secure messaging app. The device and its OS are the mountain. Your castle can be strong, but if the mountain below is an active volcano, there's little your engineers can do. So in the case of "Year Zero", it doesn't matter which messenger you use. No app can stop your keyboard from knowing what keys you press. No app can hide what shows up on your screen from the system. And none of this is an issue of the app. It is now up to the device and OS manufacturers, like Apple, Google, or Samsung, to fix their volcanoes back into mountains.”
The actual communications on WhatsApp or Signal cannot be broken into, but if the mobile is hacked, then all data stored on it including the conversations are available to CIA. So the encrypted messages themselves have not been hacked. Means the CIA cannot read these messages from their access to service providers but have to hack into our mobiles to do so.
Internet of Things – IoT
Most terrifying and a snubbing tool revealed is the “Weeping Angel” tool co developed by the CIA and UK’s MI5 security agency. This tool was specifically targeted at Samsung smart TV’s. On infesting the smart TV’s, it transforms them into covert microphones, records the conversations and sends them back to the CIA servers. The target TV fakes to be Off, while in reality is on. This makes the smart devices connected over the internet as soft targets for surveillance agencies. There is a significant growth in adoption of more accessories to the televisions like chromecast etc., and using TV’s over internet. With 22.9 billion IoT(Internet of Things) devices in 2016, which is likely to go to 50 billion by 2020, the hacking of IoT Devices will be come a huge threat. The documents dealing with Samsung televisions has a CIA logo on it and describes itself as secret. It further adds “USA/UK” and states, “Accomplishments during joint workshop with MI5/BTSS (British Security Service) (week of June 16, 2014).” The document also states that CIA added feature to prevent updates, so that firmware update of the TV doesn’t erase the malware installed in it. Now we have a big brother watching and peeping into bedrooms, living rooms and bathrooms.
As of October 2014 the CIA was working on to infect the vehicle control systems used by modern cars and trucks. More or less all the vehicles manufactured in this decade have On Board Diagnostics(OBD) ports. Modern OBD implementations use a standardized digital communications port to provide real-time data in addition to a standardized series of Diagnostic Trouble Codes, or DTCs, which allow one to rapidly identify and remedy malfunctions within the vehicle. These are ports in vehicles that connect to specific devices that have embedded electronics. Connecting to these ports can be either through a hand held device, or through a mobile device such as cell phones or a tablet. A number of new devices allow the vehicle's OBD port to stream data directly to the Internet via a cellular connection. Though the purpose of such control is not specified anywhere in the CIA documents, it is evident that CIA can engage in gaining control of the target vehicles and perform undetectable assassinations.
Infecting Network Infrastructure
The vulnerabilities of Microsoft Windows are well known. CIA brags about its tools that exploit the vulnerabilities in Microsoft Windows. There is a substantial effort by CIA to infect and control Windows based systems with its malware. This includes multiple local and remote weaponised viruses which infect software distributed on CD/DVDs,USB’s, etc. CIA’s Automated Implant Branch (AIB) developed several automated infestation and control malware.
CIA’s Network Devices Branch develops malware that attacks Internet infrastructure and webservers. The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more
Demanding International Action
It is very clear that CIA using these vulnerabilities has an access to the phones of the population at large, including the PM, President, Law Makers, Defence establishments, top business houses etc. in our country also.
The U.S. Consulate in Frankfurt is a covert CIA hacker base as revealed by the documents. The earlier revelations by Snowden in the Xkeyscore program state that there are 150 different locations on the globe that are nodes of surveillance and India is among them.
CIA arrogating itself the right to penetration, infestation ("implanting"), taking control, and exfiltration is a serious violation of Human Rights for individuals, and a serious matter of concern of sovereignty of nations.
Our Prime Minister is silent on racial discrimination being meted out to Indians, even in the aftermath of some them being brutally killed in the US. It is high time that government of India takes strong position against these measures of US and UK surveillance agencies and isolate them internationally. All international platforms have to be utilised for the purpose.
Compared to the revelations made by Snowden, the Vault 7 revelations are even more serious. They prove that there is a massive surveillance program in place in the world and in India. Apart from large population using devices which are vulnerable for exploits, the whole infrastructure of the nation is also vulnerable. Our telecom, defence establishments, communications, etc., are completely dependent on the devices manufactured by the Multinational corporations that are in bed with the US surveillance agencies. Indian government should initiate a cleaning up process and take up sanitization measures, fix compromises of infrastructure, and keep a check on the activities of US consulates in India.