23:13 GMT +323 March 2017
    The lobby of the CIA Headquarters building in McLean, Virginia.

    CIA Hackers: Why WikiLeaks 'Vault 7' Becomes a Wake-Up Call For Users, IT Giants

    © REUTERS/ Larry Downing
    Get short URL
    'Vault 7': WikiLeaks Exposes CIA's Global Covert Hacking Program in Largest Ever Leak (31)

    The world's IT giants are scrupulously analyzing the latest WikiLeaks' disclosure of the CIA hacking practices, and signaling that many of the vulnerabilities mentioned in the leaked reports have already been patched. However, it appears that it's too early to heave a sigh of relief.

    The release of the much discussed Vault 7 has become a wake-up call for computer users and IT giants: this time WikiLeaks, an international non-profit organization that publishes secret information from anonymous sources, has unveiled how the mighty CIA has been hacking the entire world.

    The files, leaked by the non-profit organization, indicate that for years the CIA has been methodically seeking and exploiting vulnerabilities in globally-famous software and hardware platforms in order to take control over them.

    According to the documents, the CIA hacking group possessed tools allowing them to infect a target computer bypassing PSPs (Personal Security Product).

    For instance, one of the files, entitled "Kaspersky 'heapgrd' DLL Inject," describes Russian cybersecurity provider Kaspersky Lab's PSPs vulnerabilities.

    "The Kaspersky AVP.EXE process references a DLL called WHEAPGRD.DLL. This DLL is supposed to be located in one of the Kaspersky directories (which are protected by the PSP). Due to a UNICODE/ASCII processing mistake, the DLL name is prepended with the Windows installation drive letter, rather than the full path to the DLL. For typical installations, this causes Kaspersky to look for the DLL 'CWHEAPGRD.DLL' by following the standard DLL search path order. Loading our own DLL into the AVP process enables us to bypass Kaspersky's protections," the document reads, adding that "this vulnerability is limited to some of Kaspersky's previous releases."

    The other document presents a screenshot of a "selected number of DLL misses from Kaspersky TDSS Killer Portable."

    Commenting on the issue, Kaspersky Lab spokesperson Olga Bogolyubskaya told Sputnik that the aforementioned DLL "heapgrd" vulnerability had been disclosed and fixed back in 2009.

    "Moreover, all new company products are subject to mandatory testing for this and other vulnerabilities before release," she stressed.

    "The products mentioned by WikiLeaks (KIS 7, KIS 8, WKSTNMP3) are obsolete versions of Kaspersky Lab's security software; [the company] has not provided technical support for these products for several years," Bogolyubskaya explained.

    Indeed, the CIA report published by WikiLeaks admits that Kaspersky Lab's more recent software products KIS 9+ and WKSTN MP4 do not have this vulnerability.

    "As for the DLL inject vulnerability in the TDSSKiller utility, also mentioned in the WikiLeaks report, it was closed in December 2015," she said.

    "Kaspersky Lab emphasizes that the documents published by WikiLeaks do not indicate that the given vulnerabilities were applied in practice against the solutions of Kaspersky Lab or other manufacturers of security software, but [they] describe the software analysis by using a 'reverse engineering' method," Bogolyubskaya elaborated.

    Earlier Kaspersky Lab said in an official statement that it is currently studying the latest reports released by WikiLeaks.

    "Kaspersky Lab is thoroughly studying the report published on WikiLeaks on March 7, 2017 in order to make sure that our clients are out of danger. The company pays special attention to such reports and statements," the statement said, highlighting that the cybersecurity of Kaspersky Lab's clients is the company's top priority.

    For its part, American cybersecurity provider Comodo Group, Inc., also mentioned in leaked CIA reports, said that the vulnerability in Comodo 6 antivirus, described by the CIA, was obsolete.

    Likewise, Apple Inc. called attention to the fact "many of the issues leaked today were already patched in the latest iOS."

    "While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates," an Apple spokesperson said as quoted by Techcrunch.com.

    While the world's leading software and hardware developers rushed to announce that they have either patched or are analyzing the vulnerabilities highlighted by WikiLeaks' CIA exposure, Google Inc. was the last one to dispel the mounting doubts.

    "As we've reviewed the documents, we're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing and we will implement any further necessary protections. We've always made security a top priority and we continue to invest in our defenses," Heather Adkins, Google's Director of Information Security and Privacy, told Recode.net.

    Does it mean that computer users across the globe may now breathe a huge sigh of relief?

    Unlikely. The truth of the matter is the disclosure covers the period between 2013 and 2016 and apparently presents just the tip of the iceberg.

    "The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers," WikiLeaks press release says.

    "In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons," WikiLeaks highlights.

    'Vault 7': WikiLeaks Exposes CIA's Global Covert Hacking Program in Largest Ever Leak (31)


    Russia Takes Into Account WikiLeaks Report of CIA Attempts to Wiretap Putin
    CIA: WikiLeaks-Type Disclosures Jeopardize US Personnel, Empower Adversaries
    Manual: How to Tell if The CIA Spies On Your Smart-TV
    NSA's Mass Spying Revelations Much More Serious Than CIA Leaks – Security Expert
    FBI, CIA Investigating WikiLeaks Publication of Hacking Documents
    Samsung Studying Reports About CIA Usage of Smart TVs for Surveillance
    Germany Taking WikiLeaks Information on CIA Surveillance 'Very Seriously'
    Silicon Valley, malware, software, intelligence, virus, hacking, hackers, surveillance, WikiLeaks, Central Intelligence Agency (CIA), Kaspersky Lab, Google Inc, Apple, United States, Russia
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik
    • Сomment

    All comments

    • Gary F.
      A thing to remember is that there is an ongoing struggle of global cyber superiority. During these "olympic games" quite huge spectacles can be expected. What is particularly interesting in this game, is that those who run it seem to be rather ignorant on the past, and at the same time, even if they were, seem to think that there was some kind of happy ending in sight.
    • Alan Reid
      Why is it that the many are so unable to see the obvious facts of this Vault 7 stuff.. It's 1% of the game the spooks knock you over the head with every day... 99% of the things we all are subject to are still hidden away... If Wikileaks keeps that 99% under wrappers what does this tell you about them? These agency's have a mountain of tricks to call upon and until they are busted YOU don't attempt to fathom the depth of the pool you are drowning in. At this point assume the worst is a very good path to take. Forget the piss poor attempts of this Wikileaks group to help you. Try to do a little thinking for your self.. Do some real and timely sanctioning of the MANY companies that are working against you for the privilege of being first in line to feed at the spying trough. Think about the Industry behind all this, Think about the Money YOU shell out to be drowned in their pool of vulnerabilities. Do you think that Apple is not involved? Do you think Samsung is the only player in this spy game? does it not sink in that perhaps Samsung crossed a red line about all this and this Vault 7 thing is a broadside to get them back in line? I am sure the monetary impact of Wikileaks doing this like it's being done is focusing the impact onto Samsung and away from Apple, Why is it they did this? What does this tell you about Wikileaks? The average Joe Punch-clock is going to have to start asking a lot more intelligent questions of this so called leakier if he is going to avoid being drowned in this huge spying pool.
    • avatar
      With DLL injection into kapersky anti virus the CIA may freely remote control the computer.

      Like giving instructions attacking US election servers.

      Perhaps only to such level where the attack stops "thanks to" CIAs firewall protection.

      Hey mr President, look bad Ruski and we need more funding for our firewall.

      Aint that some treasonous shit???
    • One Tongue Johnny
      JFK was right.
      Scatter 'em to the four winds!
    • One Tongue Johnnyin reply toGlamoureus(Show commentHide comment)
      Glamoureus, It is indeed, Glamoerus. It is indeed!
    Show new comments (0)