LeaksThe WikiLeaks CIA release: When will we learn?
This week’s WikiLeaks release of what is apparently a trove of Central Intelligence Agency information related to its computer hacking should surprise no one: Despite its complaints of being targeted by cyberattackers from other countries, the U.S. does a fair amount of its own hacking. Multiple federal agencies are involved, including the CIA and the National Security Agency, and even friendly nations. These latest disclosures also remind us of the cybersecurity truism that any electronic device connected to a network can be hacked. If the United States is going to be successful at securing its crucial government information, it must do a better job managing the volume of information generated and controlling access to it, both authorized and otherwise. Granted, neither is an easy task. However, absent fundamental changes that fix the proverbial cult of classification, there likely will be many more WikiLeaks-type disclosures in the future.
Co-author Anupam Joshi, University of Maryland // Source: umbc.edu
This week’s WikiLeaks release of what is apparently a trove of Central Intelligence Agency information related to its computer hacking should surprise no one: Despite its complaints of being targeted by cyberattackers from other countries, the United States does a fair amount of its own hacking. Multiple federal agencies are involved, including the CIA and the National Security Agency, and even friendly nations. These latest disclosures also remind us of the cybersecurity truism that any electronic device connected to a network can be hacked.
As cybersecurity researchers conducting a preliminary review of the data released in what WikiLeaks calls “Vault 7,” we find the documents mostly confirm existing knowledge about how common hacking is and how many potential targets there are in the world.
This round of leaks, of documents dating from 2013 to 2016, also reinforces perhaps the most troubling piece of information we already knew: Individuals and the government itself must step up cyberdefense efforts to protect sensitive information.
Almost everything is hackable
For years, security experts and researchers have warned that if something is connected to the internet it is vulnerable to attack. And spies around the world routinely gather intelligence electronically for diplomatic, economic and national security purposes.
As a result, we and others in the cybersecurity community were not surprised by the 2013 revelations from former NSA contractor Edward Snowden. We knew that the spying programs he disclosed were possible if not likely. By contrast, the general public and many politicians were astounded and worried by the Snowden documents, just as many citizens are surprised by this week’s WikiLeaks disclosure.
One element of the new WikiLeaks “Vault 7” release provides more insight into the scope of government spying. In a project called “Weeping Angel,” CIA hackers and their U.K. counterparts worked to turn Samsung F8000 smart television sets into remote surveillance tools. Hacked TV’s could record what their owners said nearby, even when they appeared to be turned off.
The fact that the CIA specifically targeted smart televisions should serve as yet another a wake-up call to the general public and technology manufacturers about cybersecurity issues inherent in modern devices. Specifically, “smart home” and Internet of Things devices represent a massive vulnerability. They are open to attack not only by government organizations seeking intelligence on national security information, but terrorists, criminals or other adversaries.
It’s not necessarily a good idea
