In the latest of what has been a decade of monumental disclosures, on 7 March whistleblowing organisation WikiLeaks published documents detailing methods and equipment used by the CIA to breach consumer software. This is achieved using “Zero Day” exploits, which are vulnerabilities in programmes used by the CIA to gain access to millions of mobile devices.
The collection, Vault 7, which includes malware used by the CIA to hack Android and iOS, in addition to Samsung Smart TV’s, is the first leak in a series titled Year Zero. The series will examine the scope of the CIA’s global hacking capabilities and ongoing programs in coming months, exploring the agency’s awkward foray into the realm of cyber warfare and the potentially far-reaching ramifications of this venture. The source of the information wished to “initiate a public debate about the security, creation, use, proliferation, and democratic control of cyberweapons”.
Perhaps most concerning, beyond the CIA’s insidious array of surveillance tools, is the ease with which the cyber weaponry can be accessed – proliferation. According to WikiLeaks, since officers need to be able to access information via the internet, and the servers used to facilitate this are deemed unsafe to hold classified information, most of the code of the CIA’s cyber arsenal has been left unclassified. This means that the code, redacted in WikiLeaks’ releases, is freely available to anybody with the technical ability to access it, whether they are independent hackers or affiliated with governments or other political organisations. Given that the CIA has, until now, chosen to hide its knowledge of Zero Day exploits from monolithic developers including Apple, Microsoft, Google, and Samsung, these exploits could be leveraged by rogue entities to access the data of the millions of individuals using these companies’ platforms. Essentially, hundreds of millions of lines of malicious code have thus potentially been gifted to the cyber warfare community. This oversight evidences even the CIA’s lack of comprehension of the protocols of the digital landscape, a worrying reminder that privacy in cyberspace is more a loose sketch than a carved fortress.
As a news organisation, WikiLeaks has pioneered a new form of independent journalism unbounded by corporate interests or socio-political affiliations. Headed by controversial journalist and programmer Julian Assange, the group encourages the submission of leaks via secure channels such as Tor. WikiLeaks is supported by a wide network of independent volunteers, such as members of the WikiLeaks Research Community.