The CIA has been caught with its pants down, big time, with a release by WikiLeaks of the CIA's Vault 7, more than 8,000 confidential documents with apparently many more to come. What do you need to know about this release? I'll tell you. Thank you for joining me on the thirty-third episode of The LAVA Spurt, CIA's Vault 7. And, make sure to hang out to the end of this episode for your chance to win a prize pack!

A total of 8,761 documents have been published as part of ‘Year Zero’, the first in a series of leaks the whistleblower organization WikiLeaks has dubbed ‘Vault 7.’ WikiLeaks said that ‘Year Zero’ revealed details of the CIA’s “global covert hacking program,” including “weaponized exploits” used against company products including “Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.” These documents cover a period of years between 2013 and 2016. WikiLeaks claims that this is the largest intelligence publication in history.

WikiLeaks tweeted the leak, which it claims came from a network inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.

Among the more notable disclosures which, if confirmed, “would rock the technology world“, the CIA has managed to bypass the encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is ever applied.”

 

Read Full Transcript

The CIA has been caught with its pants down, big time, with a release by WikiLeaks of more than 8,000 confidential documents with apparently many more to come. What do you need to know about this release? I'll tell you. Thank you for joining me on the thirty-third episode of The LAVA Spurt, CIA's Vault 7. And, make sure to hang out to the end of this episode for your chance to win a prize pack!

A total of 8,761 documents have been published as part of ‘Year Zero’, the first in a series of leaks the whistleblower organization WikiLeaks has dubbed ‘Vault 7.’ WikiLeaks said that ‘Year Zero’ revealed details of the CIA’s “global covert hacking program,” including “weaponized exploits” used against company products including “Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.” These documents cover a period of years between 2013 and 2016. WikiLeaks claims that this is the largest intelligence publication in history.

WikiLeaks tweeted the leak, which it claims came from a network inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.

Among the more notable disclosures which, if confirmed, "would rock the technology world", the CIA has managed to bypass the encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is ever applied.”

This is huge, folks. If this is actually true, and it seems that it is, it means that the end-to-end encryption protection given by Signal and Wire, both of which I've recommended to you in the past, is useless. If the CIA can gain access to your device without you knowing, they can see the message you are sending in clear-text before you send it, and before the encryption is ever applied. To be clear, according to Edward Snowden's analysis of these documents, the software itself in Signal and Wire is not vulnerable and has not been broken, but, as he says, it is a much bigger problem that the CIA can easily hack into your iOS and Android phones. And, the CIA exploits aren't just happening to your phone.

Among the various techniques profiled by WikiLeaks is “Weeping Angel”, developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs such as Samsung TVs, transforming them into covert microphones. After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

And, according to Kim Dotcom, this is likely not just happening to Samsung Smart TVs, but is also likely possible with your Playstation and XBOX as well, and possibly even other consumer gadgets such as your Amazon Echo and Google Home devices.

The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized zero-day exploits, air gap jumping viruses such as "Hammer Drill" which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas, and systems to keep its malware infestations going. And, don't think your Mac OS X, Solaris, Linux or any other operating systems are safe, because they aren't. These documents reveal that they are just as vulnerable.

And, as of October 2014, the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of this control is not specified in these documents, but it would permit the CIA to engage in nearly undetectable assassinations, not to mention total surveillance of the vehicles.

The techniques used by the CIA includes dozens of "zero-day" weaponized exploits against a wide range of U.S. and European company products. A zero-day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware of it and hurries to fix it.

Wikileaks claims that the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero-day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia, and teenage hackers alike.

Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others.

By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook.

In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the government would disclose on an ongoing basis — rather than hoard — serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers. But, to be fair, who actually believed that the government would keep such a commitment? And, according to a tweet today from Snowden himself, these documents show the very first ever evidence that the United States government is not just finding these exploits and keeping them secret themselves, they are actually paying for these exploits from hackers. The US government is actually paying to keep these exploits secret so they can use them against us, in direct violation of the promises made by the Obama administration, not to mention the 4th Amendment to the US Constitution. Documents also show that the US government is sharing these exploits with other government agencies, including the UK's Government Communications Headquarters, the GCHQ, an organization known to spy on journalists.

In a statement to WikiLeaks the source of this massive leak details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber weapons.

This is perhaps the scariest leak ever, including, in my opinion, scarier than the information that Snowden leaked. Keep in mind, folks, that these holes exist for anyone to exploit. If the government can find these holes, others know about them as well. Hackers, foreign governments, script kiddies, the mafia, criminals, anyone you can imagine may know about these vulnerabilities. Hell, we know the US government paid for some of these exploits, likely from hackers, and we know that this information has been in the wild for a while now. At this point, there is no way you can consider any data you own to be safe from vulnerability. Act as if everything you have ever digitized has been compromised.

You know that Samsung, Apple, Google, Yahoo, and many other companies are in a bit of a tizzy right now. Their security departments will be working overtime over the next few months trying to find and fix all these vulnerabilities. I highly recommend that if you have any communications devices that connect to the internet in any way that you keep an eye out for updates because they will be coming quickly and they will hopefully be patching some of these vulnerabilities.

Either way, I encourage you to be very careful in your communications until this is resolved. Your cell phones, computers, TVs, gaming consoles, vehicles, smart devices, voice assistants, and anything else that connects to the internet can no longer be considered safe. Be careful out there.

And, don't forget about the new contest running through the month of March! The prize pack is a Pax Libertas Productions t-shit from the PLP show of your choice, including this show, the Ancap Barber Shop, Freecoast Freecoast, or even Resist the Empire! You'll also receive a The LAVA Flow tote bag and a copy of one of my favorite libertarian books signed by the author.

All you have to do to be entered in the contest is fill out a simple short survey with 17 questions. It will take about five minutes of your time and it will really help me out. And, if you want to be entered into the contest, just put your email address in the last question. You can fill out the survey and get your chance to win this prize pack by going to thelavaflow.com/survey!

You'll only hear about this contest on the Pax Libertas Productions podcast episodes because I want to restrict it only people who actually listen to the show, so don't expect reminders on Facebook or other social media for this contest. Go do it now before you forget!

Good luck in the contest! And don't forget to subscribe to Resist the Empire at resisttheempirepodcast.com/subscribe.

Until next time... keep striking the root!

 

Ask a question or share some feedback!

  • Email feedback@thelavaflow.com (audio files welcome)
  • Like our Facebook page
  • Send me a tweet @TheLAVAFlowPod
  • Advertise on The LAVA Flow and other Pax Libertas Productions podcasts
  • Help support The LAVA Flow!

  • One-Time Support Using Bitcoin
  • Per-Episode Support Using Bitcoin
  • Per-Episode Support Using Federal Reserve Notes on Patreon
  • Check out more libertarian podcasts on the Pax Libertas Productions Network

  • Resist the Empire - A libertarian view of the Star Wars universe
  • Ancap Barber Shop - Your barber chair for all things anarcho-capitalist and voluntaryist.
  • Freecoast Freecast - You premier source for libertarian news, philosophy, and events on the Seacoast of New Hampshire
  • Share This