You’ve probably noticed news of Vault 7 (Wikileaks’ latest leak) with vague interest. If you’re not doing anything of concern to the CIA, it doesn’t apply to you, right? Well, no. Not directly anyway. But contained within the 8761 files that have been released so far, are details of how automated vehicles and machines can be hacked.
Automation is rapidly becoming a feature of our present reality, not a distant science-fiction future. Even those of us who don’t possess any fully-automated machines aren’t safe. Basically, whether it’s on your farm, in your factory or in your carport, machines with an element of online control can be hacked.
Of course, the CIA doesn’t tend to have a whole lot of interest in the lives of average Australians. But Wikileaks’ Vault 7 publication, the first round of which has been dubbed ‘Year Zero’, reveals a lot about the techniques of the CIA hackers.
Why was the information leaked?
According to the press release accompanying Vault 7:
“The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber weapons. Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.”
This is where the leak becomes relevant to those of us who will never be blips on the CIA’s radar. While the concept of opening up public debate seems noble, the release reveals the very information it highlights as dangerous, placing it in reach of the “rival states, cyber mafia and teenage hackers” they claim to be concerned about.
What has Wikileaks revealed in Year Zero?
The massive set of documents reveals the training, exercises, conversations and ongoing work of the CIA’s global troop of hackers. Otherwise known as the Center for Cyber Intelligence (CCI), the CIA’s hacking division appears to have more than 5000 users and has been a prolific producer of viruses, trojans, hacking systems, and malware.
No Operating System has been left out and personal security products (from Bitdefender to Kaspersky) have all been targeted for weaknesses. Software and operating systems are attacked through undisclosed security vulnerabilities (aka “zero days”).
Details are revealed about making attack appear to stem from other sources. So it seems all the conspiracy theories about the CIA framing Russia in the D.N.C and Podesta hacks may have been right. Unless, of course, this is another red herring. But lets not burrow down that rabbit hole.
The problem for everyday humans is this: if the CIA can hack these systems, so can anyone who discovers the vulnerabilities. And Wikileaks has unleashed a massive dump of information relating to the CIA’s processes.
Automated vehicles targeted
The Embedded Development Branch (EDB) section of the release is where the potential for automated vehicle hacking lies. Specifically, the “Weeping Angel” project. Part of this attack is targeted at Samsung Smart TVs. Infected machines are placed in a self-explanatory ‘Fake-Off’ mode. The apparently switched-off TV is then supposedly capable of recording and transmitting conversations, over the internet, to a CIA server.
Vehicle systems are specifically highlighted as possible targets for hacking in a section titled “Potential Mission Areas for EDB”. Wikileaks makes the inference that this could:
“permit the CIA to engage in nearly undetectable assassinations.”
However, it must be stressed that this jump in logic isn’t based on any overt evidence. Current vehicles may only be activated, like the smart TVs, as covert listening devices. However, with automated vehicles and machines on the horizon, it is feasible that any IoT machine could be hacked and control taken over remotely. If you aren’t yet familiar with the Internet of Things (IoT), here’s one of the best primers we’ve seen on the topic:
Why is this a problem?
The Wikileaks files contain a free license for a coding editor (if you’re game enough to trust it), as well as detailed how-tos for their processes.
With companies like New Holland, John Deere and Kubota already offering systems of control for farmers to link their machines, and the IoT looming in every other aspect of our lives, this threat potential is real. It won’t be the CIA messing with your car or tractor. But these CIA hackers are everyday people. What they can do, anyone can do.
The content of the Wikileaks release demonstrates this perfectly. While they may be working for the CIA, the hackers are still geeks and memelords at heart, using meme-inspired project titles like “Philosoraptor”, “Roid Rage” and “Candy Mountain”. Some of the chat sessions included are also more funny than revealing:
If these guys are capable of hacking automated systems, it’s only a matter of time before the rest of the world catches up.
A note for the conspiracy obsessed
If you know any keen conspiracy theorists, budding hackers or reporters, send them a link to the Wikileaks Vault 7 Release. The multi-national information sharing agency claims it has intentionally left tons of juicy leads buried in the obese release.
“They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.”
Just be warned, there are documents missing, marked as “still under analysis by Wikileaks”, and a lot of information has been redacted with no indication as to whether it will ever be released.