'No big surprise' says security industry in response to CIA data breach

'No big surprise' says security industry in response to CIA data breach

The CIA breach is being described as the biggest "since Snowden", and yet most in the security industry have expressed that the view that "spooks will be spooks".

The cyber-security industry has responded to the latest leak of intelligence community data by WikiLeaks with a big wet ‘meh'.

WikiLeaks published yesterday what it describes as a leak of confidential documents from the CIA detailing the tools and vulnerabilities it allegedly uses to break into phones, communication apps and other electronic devices.

The trove of documents, part of the so-called Vault 7 which WikiLeaks has been trailing for several weeks, contains 8761 files which allegedly show the scope and direction of the CIA's global covert hacking programme.

It contains descriptions of its malware arsenal including dozens of "zero day" weaponised exploits against a wide range of consumer  products including Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.

WikiLeaks says the collection amounts to more than several hundred million lines of code, and “gives its possessor the entire hacking capacity of the CIA”. WikiLeaks has called for the software to be “analysed, disarmed and published”, but has not published any of the actual code.

Already, some commentators have said the files include far more pages than the Snowden files that exposed the vast hacking power of the NSA and other agencies.

Overnight, security experts around the world have poured over the documents and the TL;DR is that they simply “don't matter”.

Those are the words of Slawek Ligier, VP security engineering at Barracuda, who says the vulnerabilities are not news, and “[the vulnerabilities have] been possible for a while now. The disturbing part is that spy agencies seem more interested in stockpiling vulnerabilities for a future exploit rather than working with vendors to close the gaps.”

Ilia Kolochenko, CEO at High-Tech Bridge, said that it didn't appear that the CIA was doing anything unlawful – far from it, it's the agency's job to develop the means to eavesdrop on targets of interest. “If the intelligence agencies were using advanced resources to spy on innocent citizens or intervene in government, it would raise many questions, but the fact that they have developed many tools including cyber-weapons is perfectly normal."

He questioned whether there was even anything new in the release and speculated that it could even be a ploy to distract the attention of the public and foreign intelligence agencies. “People are talking about the [Weeping Angel] Samsung TV  hacking tool, and that was something that was public several years ago,” he said. “That's not something that's going to make you say ‘wow'. It looks like a honeypot strategy – it's deflecting attention from other things.”

Many of the vulnerabilities disclosed in the CIA files appear to have been developed after CIA agents attended public hacking conferences. One document discusses how to weaponise a USB stick using BadUSB, the subject of a talk at BlackHat USA in 2014 by Security Research Labs.

Other vulnerabilities disclosed in the document include exploits that allow an attacker to take over control of the microphone and camera, key stroke loggers for Windows and antivirus avoidance software, all tools readily available for free or for a price on the dark web.

This article originally appeared at scmagazineuk.com

Source: Copyright © SC Magazine, UK edition

 
 

Readers of this article also read...

NASA's 1970s space colony art is a reminder of how wrong futurists can be  

NASA's 1970s space colony art is a reminder of how wrong futurists can be

 
Review: Leica TL2 digital camera 

Review: Leica TL2 digital camera

 
Six benefits of hot desking 

Six benefits of hot desking

 
Meet the Firing Squad from Agents of Mayhem 

Meet the Firing Squad from Agents of Mayhem

 
Telltale confirms new Batman, Walking Dead, and Wolf Among Us 

Telltale confirms new Batman, Walking Dead, and Wolf Among Us

 

Latest Comments

From our Partners

PC & Tech Authority Downloads