WikiLeaks published the 1st part of documents which it claims are retrieved from U.S. Central Intelligence Agency. The initial upload consists of 8,761 documents and files.
“Recently, the CIA lost control of the majority of its hacking arsenal, including malware, viruses, Trojans, weaponized “zero-day” exploits, malware remote control systems and associated documentation,” the organization stated in a press release. “This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.”
The source of the document is not clear. WikiLeaks mentioned that the documents were already in circulation among the group of hackers.
“The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons,” WikiLeaks stated.
The ways of surveillance includes:
- Accessing Samsung smart TVs even when the units are turned off
- Installing software in vehicle control systems in cars and trucks
- Use of smartphones to access the camera, microphone, user location, audio and texts
- Efforts are done to bypass encryption of WhatsApp
CIA spokesman Jonathan said “We do not comment on the authenticity or content of purported intelligence documents.”
Skyport Systems EVP Rick Hanson told “Donald Trump previously praised WikiLeaks during his campaign,” he said. “When an organization like WikiLeaks is lauded in any forum there is reason to be concerned.”
“We are losing the cybersecurity war to other nation states and [are] at a deficit in our ability to protect ourselves,” Carbon Black nation security strategist Eric O’Neill said by email. “Now with the release of one of our offensive playbooks, our ability to attack is compromised. All of these tools will now proliferate among those for whom breaching security is a business or profession, leading to additional attacks.”
Contrast Security CTO Jeff Williams mentioned that answer isn’t to focus on “cyber arms control,” which he said will never work. “We need a massive increased focus on writing secure code and defending against attacks,” he said.
“As a nation, we are simply incapable of reliably writing code that isn’t susceptible to these attacks,” Williams continued. “But it’s not impossible. It’s not even that difficult. But we have to change the incentives in the software market, which currently don’t encourage writing secure code.”
Access Now senior legislative manager Nathan White said “Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them,” he said. “The United States is supposed to have a process that helps secure our digital devices and services — the ‘Vulnerabilities Equities Process.'”
“Many of these vulnerabilities could have been responsibly disclosed and patched,” White added. “This leak proves the inherent digital risk of stockpiling vulnerabilities rather than patching them.”
Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.