A Guide to Vault 7: CIA Hacking Tools

JoshuaDomestic Policy, FP Columns

Tapped In


On Tuesday, WikiLeaks released thousands of new documents it claimed were from the Central Intelligence Agency. The documents, which detail some of the CIA’s hacking capabilities, are part of a larger trove of data WikiLeaks says it will continue to release in a series. WikiLeaks is calling the series Vault 7 and has named Tuesday’s dump Year Zero.


The CIA has neither denied nor confirmed whether the documents are real, saying it does not comment on the “authenticity or content of purported intelligence documents”. It is not uncommon for security agencies and law enforcement bodies to take this approach.

Former NSA contractor and whistleblower Edward Snowden tweeted to say the documents “look authentic. “Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them,” he wrote.

“If what I have read is true, then this seems to be an incredibly damaging leak in terms of the tactics, techniques, procedures and tools that were used by the Central Intelligence Agency to conduct legitimate foreign intelligence,” ex-CIA director Michael Hayden told the BBC.

“In other words, it’s made my country and my country’s friends less safe.”

The years 2013 to 2016 (is the time frame of documents.) The sort order of the pages within each level is determined by date (oldest first).

WikiLeaks has obtained the CIA’s creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order. If it is critical to know the exact time/date contact WikiLeaks.

The CIA allegedly created tools to spy on people through smart TVs and other household technologies, according to documents released by WikiLeaks. But security researchers say the methods imitate exploits that were discovered — and made public — years ago.

“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. “

Heather Adkins, Google’s director of information security and privacy

Ironically, though, the Vault 7 dump also shows just how strong modern encryption and privacy measures are. While Snowden revealed that telcos handed over data about their customers to the NSA in bulk, there is no sign in the Vault 7 documents that the CIA can hack into encrypted messaging apps like WhatsApp or Signal and use that to carry out mass surveillance. To see what’s on your phone, the agency must get access to the phone itself. Zeynep Tufekci, writing in the New York Times, said security researchers she interviewed saw “no big surprises or unexpected wizardry.”

“The actual headline here is that someone apparently managed to compromise a Top Secret CIA development environment, exfiltrate a whole host of material, and is now releasing it to the world,” Nicholas Weaver, a security researcher at the International Computer Science Institute in Berkeley, said in a blogpost. “Now the world wants to know who, and how, and why.”

Security experts and government officials have suggested the source could range from state-backed actors to a CIA insider. One official speaking to Reuters anonymously suggested it was more likely to be contractors, because there were no signs Russia had tried use the information. The leaker, if it is an individual, is already being dubbed Snowden 2.0, in reference to similar surveillance revelations from NSA whistleblower Edward Snowden in 2013.

WikiLeaks even appeared to boast about trumping Snowden’s revelations—who chose to take classified files to journalists rather than release them through the Assange’s organization—saying in a press release that part one of the Vault 7 documents “already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.”

Considering the CIA’s penchant for silencing and intimidating reporters and editors, journalists will have to overcome greater odds to protect the public’s right to know.

-MintPress News

Journalists across the board have great reason to be alarmed, chiefly due to the government’s tendency to mercilessly prosecute journalists who dig too deep. The CIA has been wiretapping journalists for well over 50 years, with some of the earliest documented and officially confirmed cases taking place in 1963. Despite the fact that much of this surveillance was illegal, the CIA – and the U.S. government – has only expanded its surveillance of both journalists and everyday citizens in recent decades, particularly with the dismantling of civil liberties in the post-9/11 world.

In addition, several prominent journalists have been silenced or imprisoned by the CIA or other parts of the U.S. power structure over the years. One very telling example is the case of Barrett Brown, a journalist and former member of the hacktivist collective Anonymous. Brown at one point faced a combined sentence of over 100 years just for writing about and linking to data that had been hacked. Brown was in no way involved in the hack, but his mere use of the hacked info as a source led him to be sentenced to over five years in prison.

MintPress News

In Conclusion

Some of the attacks are what are known as “zero days” — exploitation paths hackers can use that vendors are completely unaware of, giving the vendors no time — zero days — to fix their products. WikiLeaks said the documents indicate the CIA has violated commitments made by the Obama administration to disclose serious software vulnerabilities to vendors to improve the security of their products.
The Intercept

The idea that the CIA posed as foreign actors has gained currency among people who are using the WikiLeaks disclosure to question the U.S. intelligence community’s conclusion that Russia hacked the Democratic National Committee and Hillary Clinton’s campaign chairman last year in order to help elect President Donald Trump. These political commentators and outlets are implying the campaign hacks could have been a CIA operation.

At a press conference on Thursday, (Julian) Assange announced that WikiLeaks will give the affected tech companies access to CIA hacking tools for their defense measures, as the documents in the dump only described portions of agency tools, not full programs needed to run a cyber attack. Microsoft and Cisco Systems said they “have not yet been contacted,” but would welcome “submissions of any vulnerabilities through normal reporting channels.”
Rolling Stone

Modified: March 12, 2017

Spread the word