Pandora’s Vault

On Tuesday, 7 March 2017, WikiLeaks began its new series of leaks on the U.S. Central Intelligence Agency. They have claimed that it is the largest ever publication of documents on the agency.

The dump of 8,761 documents, Code-named "Vault 7" by WikiLeaks, is billed as the first full part of the series called "Year Zero" and purportedly consists of an arsenal of computer exploitation tools, giving its possessor the entire hacking capacity of the CIA.

It would appear that WikiLeaks aspires to become the largest global cyber arms trader overnight.

The documents claim, among other things, that the agency has developed malware that can turn phones, smart vehicles and televisions into covert listening devices.

WikiLeaks justified releasing the material to spark a public debate about the security, creation, use, proliferation and democratic control of cyber-weapons, and questioned the Vulnerability Equities Process. They have threatened to release 'hundreds of millions of lines of code' that would enable anyone with a bad attitude.

Ironically, by opening Pandora’s Vault, WikiLeaks would enabled the ‘extreme proliferation’ of cyber weapons to rival states, organized crime, and black-hat hackers, while potentially weakening the ability to prevent crime, terrorism and espionage on our behalf.

The documents have not yet been authenticated or contextualized. So it is premature to speculate beyond some initial observations:

  • None of this should be a surprise any nation state, those in the security business or bad actors;

  • It is consistent with norms and law for a sovereign state to possess such cyber capabilities;

  • It is peculiar that WikiLeaks only targets Western Democracies and is so spectacularly cavalier about the personal privacy and security of citizens and businesses;

  • WikiLeaks has also been criticized on a number of occasions for inadequately curating its content and violating the personal privacy of individuals;

  • Although WikiLeaks suggests that the breach was result of an insider theft, remote exploitation by state actor has not been ruled out;

  • Pause to consider that the U.S. intelligence community expressed "high confidence" that the previously leaked DNC e-mails had been hacked by Russia and supplied to WikiLeaks;

  • Hot on the heels of the DNC Democratic National Committee email compromise and investigation into the political interference by Russia, one has cause to question whether this is all part of a wider espionage campaign;

  • Industry is often a proxy target of state cyber warfare and espionage;

  • It is unlikely that individual Internet citizens were ever at risk from a targeted CIA cyber program. However, populations are susceptible from criminal elements and other miscreants ready to profit from WikiLeaks;

  • WikiLeaks just deliberately compromised your privacy. They did it in their own self-interest, for the sake of a salacious news story, notoriety and possibly in support of the interests of foreign actors;

  • There will likely be collateral damage and unforeseen consequences.

My Advice

- Patch.

11 views0 comments

Recent Posts

See All

I’ve been in the foreign intelligence game for the better part of thirty years. It’s interesting to see how it has evolved from the Cold War, a renewed great power struggle, cyber-espionage, dis-infor

Cyberspace has clearly emerged as a strategic centre-of-gravity for renewed great power struggle, prompting adversaries to conduct a range of malicious cyber activities aimed at achieving competitive