On Tuesday, WikiLeaks published part one of Vault 7, a trove of over 8,700 CIA documents and files revealing the scale and scope of the CIA's global hacking and tracking program. Among the most shocking revelations uncovered so far are the agency's capabilities to turn smart TVs into recording devices, as well as its efforts to hijack computer systems in cars to be able to carry out untraceable assassinations. Other revelations include information that the CIA has the means to penetrate prominent anti-virus programs, and that the agency has set up a covert 'hacker base' in the US consulate in Frankfurt.
Speaking to Radio Sputnik about the significance of the revelations, Troy Hunt, an internet security expert who maintains the breach-notification site haveibeenpwned.com, said that inside the web security community, the revelations weren't as shocking as they may have been to the general public.
"To be honest, many of us inside the security community have known for a long time that the zero day vulnerabilities that are being talked about by WikiLeaks – the vulnerabilities that the manufacturers haven't yet patched -we know that they've been exploited by everyone from professional cybercriminals through to nation states for a very long time," Hunt said, referring to the revelation that the CIA helps to deliberately develop and keep open vulnerabilities in US software coding.
The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words.— Edward Snowden (@Snowden) 7 марта 2017 г.
At the same time, the analyst suggested that the approach and types of tools the CIA uses to spy on individuals is very different from that of agencies like the NSA. "In fairness, looking at what we're seeing from WikiLeaks, everything that's in that document[s] tends to be very focused on 'individuals of interest,'" Hunt noted.
"Take the TVs," Hunt said. "The TVs are taking a lot of headlines, because they can listen to you. [But] the vulnerability that's being exploited there is going to require an individual's TV to be targeted. This is a really different set of tooling to what we saw with the NSA a few years ago, where they were siphoning up huge amounts of data, not from targeted individuals, but simply from the masses. I think that's a fundamental difference here."
Asked about the possible source of the leak, and whether some outside party or foreign government may have been involved, Hunt noted that the explanation of an insider with access, as presented by WikiLeaks actually holds up pretty well. In other words, the analyst said, "this may not be the result of a malicious party actually breaking in through some vulnerability in the CIA and stealing information; it may literally be people from inside the organization deciding, perhaps because of their own conscience, that they want to share with WikiLeaks."
Ultimately, Hunt suggested that the latest WikiLeaks revelations, important as they are, probably can't match those regarding the NSA made public in 2013. "A few years ago, when news was breaking of the NSA stuff, this was really revolutionary; now it's like 'wow, there's another vulnerability'. Yeah we know, it happens every day! So it's become just another part of our normal lives." People, the expert noted, have become very desensitized to these kinds of revelations.