The latest WikiLeaks exposure has given both enterprises and ordinary consumers of IT products the shivers.
While former NSA contractor Edward Snowden's revelations shed light on the extent of US global surveillance, the WikiLeaks files offer an inside peek at how the intrusion has been carried out.
WikiLeaks' "Year Zero" document collection has introduced "the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of 'zero day' weaponized exploits against a wide range of US and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones."
While the real magnitude of the problem has yet to be evaluated, the question remains open, whether the US government and Silicon Valley giants were aware of the CIA's hacking problem.
Commenting on the explosive leak Tuesday, Snowden tweeted: "If you're writing about the CIA/@Wikileaks story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe."
If you're writing about the CIA/@Wikileaks story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe. pic.twitter.com/kYi0NC2mOp
— Edward Snowden (@Snowden) 7 марта 2017 г.
"The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words," he added.
The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words.
— Edward Snowden (@Snowden) 7 марта 2017 г.
However, besides targeting potential US adversaries overseas by penetrating into their systems, it appears that the US intelligence community had no scruples about exposing American citizens to both its spying practices and potential data theft by external intruders.
"Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open — to spy," Snowden pointed out, referring to the leaked documents.
Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open — to spy. https://t.co/mDyVred3H8
— Edward Snowden (@Snowden) 7 марта 2017 г.
The WikiLeaks press release called attention to the fact that "the same vulnerabilities exist for the population at large, including the US Cabinet, Congress, top CEOs, system administrators, security officers and engineers."
"By hiding these security flaws from manufacturers like Apple and Google, the CIA ensures that it can hack everyone, at the expense of leaving everyone hackable," the press release stated.
Meanwhile, on early Tuesday, ArsTechnica.co.uk published an article describing the Data-wiping malware program Shamoon and warning that the virus is likely to make a successful comeback.
"Shamoon — the mysterious disk wiper that popped up out of nowhere in 2012 and took out more than 35,000 computers in a Saudi Arabian-owned gas company before disappearing — is back," the media outlet wrote, citing Russian multinational cybersecurity provider Kaspersky Lab.
The provider has revealed it observed "three waves of attacks of the Shamoon 2.0 malware, activated on 17 November 2016, 29 November 2016 and 23 January 2017."
While analyzing the Shamoon 2.0 attacks, Kaspersky Lab stumbled upon a new wiper strikingly similar to Shamoon. The company dubbed it "StoneDrill."
#Shamoon is back. And it's not alone. Double wipers trouble in Saudi Arabia https://t.co/NJCDNDdnxv #StoneDrill pic.twitter.com/igl2BkQJw9
— Eugene Kaspersky (@e_kaspersky) 7 марта 2017 г.
According to the company, the new malware possesses an impressive ability to evade detection and includes functions that are used for espionage purposes.
"StoneDrill has several 'style' similarities to Shamoon, with multiple interesting factors and techniques to allow for the better evasion of detection," the press release said.
The cybersecurity provider stressed that the embedded language sections could have been "false flags" intended to mislead investigators about the origins of the malware.
So, what does Shamoon have to do with the latest WikiLeaks disclosure?
The crux of the matter is that the malware could have been used by the CIA's hacking group for data destruction. This malware is described in the CIA files as part of its Component Library.
"The UMBRAGE team maintains a library of application development techniques borrowed from in-the-wild malware. The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions. Rather than building feature-rich tools, which are often costly and can have significant CI value, this effort focuses on developing smaller and more targeted solutions built to operational specifications," one of the leaked CIA files reads.
"When possible, each item should include a working example of the technique (and/or pointer to code in the SVN repository), documentation describing the application of the technique, and notes concerning our use of these techniques in delivered tools," it added.
In the section describing components related to destroying data on a target system, the CIA highlights the much-discussed Shamoon malware.
"The Shamoon malware made use of a legitimate, signed driver from a commercial company called Eldos," the CIA report says.
"This method is quite obvious and trivial to implement, since it involves using a signed driver to perform raw disk access. The biggest limitation is that it requires the installation of a driver on the target system," it adds.
While it does not necessarily mean that the CIA could have been behind the recent attacks mentioned by Kaspersky Lab, WikiLeaks files clearly indicate that the US intelligence agency has weaponized and most probably reused the malware for its own needs. The files also show that the CIA hacking group could use "fingerprints" belonging to foreign hacking groups.
The question then arises, where legal operative work ends and mere hacking begins.
