Smart TVs that spy on your every action and word, hijacked vehicles used to assassinate dissidents, operating systems deliberately altered to track all you do on a computer or smartphone. Seems like science fiction, right? In fact, these are merely the daily tools of the Central Intelligence Agency (CIA), as revealed this month by Wikileaks.
Locked in a desperate tussle with its chief rival, the National Security Agency (NSA), the CIA has been developing clandestine ways to monitor and even assassinate its targets. In many capacities, especially those pertaining to cyber warfare, the CIA’s Langley, Virginia headquarters often had to rely on the NSA for technical expertise. It would appear that an extreme desire for independence, mixed with a massive injection of taxpayer funds, pushed the CIA to cultivate its own hacker methods and computer specialist armies to carry them out.
Whilst this may seem logical to some, the problem facing the CIA–and by extension the US government and America itself–is that the blueprints, if not all the details of this cyber warfare build-up have been widely disseminated by current and former employees, to the point that they have ended up right in the lap of Wikileaks.
Here are some of the key–and shocking–revelations coming from the so-called Vault 7 leaks, which make you wonder whether the fears of George Orwell in 1984 have been directly transplanted into 2017:
The CIA is now able to hack other countries and make it look like a foreign government (Russia?) did it
The existence of Project Umbrage threatens to blow the “Russia hacked us” narrative out of the water, if it hasn’t already. Umbrage involves the CIA meticulously studying the hacking methods of foreign powers and then copying them, leaving digital “fingerprints” that enable it and other US agencies (who may or may not be in the loop) to blame a cyber attack on, say, Russia or China. The possibility for going after Russia is spectacularly relevant given the regular insistences of Hillary Clinton and almost every other Democrat that Kremlin-funded computer hackers handed Donald Trump the 2016 election. Other than mostly unconfirmed and extremely vague reports from the CIA, FBI, and NSA, precious little evidence has been proffered to prove any of these allegations.
Thanks to the Vault 7 leaks, false flag incidents involving sophisticated hacking attempts have gone from theoretical brain exercises to a genuine means of forcing the US into war. Breaking with at least half of his party in December 2016, former Republican Presidential nominee and Senator John McCain called the alleged “Russian” hackings before the recent election “an act of war.” Chillingly, an Umbrage-style doctoring of a hacking attempt could easily lead to another situation where multiple senior politicians call for immediate military action against a foreign, nuclear-armed power. And because the relationship between cyber attacks and acts of war are so vague, a future President might inadvertently use an Umbrage-inspired cyber attack as a pretext for a most catastrophic war.
Telegram, WhatsApp and other “encrypted” messaging applications are worthless if the CIA has access to your phone or computer
Much has been made in recent times about the relative cyber safety of different messaging applications. Skype, like Facebook’s Messenger service, is widely acknowledged as one of the least secure major platforms. Attention has consequently turned to alternatives like Telegram and WhatsApp. But the Vault 7 leaks conclusively disprove the notion that they are “safe.” The issue is not with the apps themselves but rather the CIA’s capability to intercept messages before they are encrypted. Custom-made malware for iOS (Apple) and Android operating systems, the latter of which runs Samsung devices, ensures that Langley and its operatives, or any other party with the same capabilities, can mine whatever you type and record.
Because the phone and computer markets are very oligopolistic in nature, with less than a dozen companies in each industry controlling 90+% of production, the CIA only needs the same number of basic procedures to keep almost the world’s entire digital population within its reach. A new iPhone or Samsung Galaxy may come out, yet the odds are that the hackers at Langley and elsewhere will only need to add a few tweaks to exercise the same pervasive surveillance powers that they had with previous models. So next time you feel the need to research “safer” applications, remember that the biggest problem will be with your phone and its operating system.
The CIA has sidestepped the US government’s promise to inform companies about security flaws
Particularly in a climate of corporate espionage, mostly perpetrated by Chinese firms, and rampant consumer concerns over privacy, Western companies stand to lose billions from security flaws in their products. To this end, the Obama Administration committed itself to approaching companies about these problems if they became known to arms of the US government. The CIA has clearly sidestepped this requirement, although the exact legal implications of this non-disclosure are contestable.
Going back to Samsung devices, the CIA used these “zero-day vulnerabilities” to turn the South Korean company’s smart TVs into spying devices–even when they were turned “off.” In a sign that these activities go far beyond one agency, British intelligence services were also intricately involved in creating the “Weeping Angel” technique. The owner of this kind of hacked television is unable to detect the outside interference and anything they do or say in the vicinity of the device can be picked up and transmitted back to the hacker.
Death by hacked car, anyone?
Leaks that date from 2014 show the CIA’s intense interest in learning to hijack the vehicle control systems of cars. The rise of smart cars and the impending rise of driverless cars means that the vast majority of vehicles on our roads are now exposed to some risk of third-party sabotage from afar. The interconnectedness of more sophisticated entertainment systems with the nuts-and-bolts components like brakes and suspensions means that a potential hacker may not even need to target the more essential elements of a vehicle to kill someone. For instance, just as Samsung phones were recently recalled after their batteries exploded, the CIA could exploit an otherwise unknown electrical flaw in a car entertainment system to drive it off the road.
This month’s dumping of files will do nothing but galvanize those who say that the CIA murders those who look into or try to expose its more secretive activities. One name you are likely to hear is that of Michael Hastings, who died in a car accident several years ago. I am sure that some people with a huge interest in the Wikileaks CIA files will start adding more names of those possibly killed in order to silence them. The specter of “undetectable assassinations” is a very real one and, whatever reservations you can have about whether a certain individual was killed off, it is now unfair to immediately call others “conspiracy theorists” for making such suggestions.
The CIA can indefinitely spy on you, but it can’t keep tabs on which of its operatives and contractors are leaking
Maybe the CIA will track down those responsible for the most damaging leaks in its history. Maybe not. But what cannot be refuted right now is that, for all its technological sophistication and massive insights into the lives of anyone it chooses to target, this agency is thoroughly unable to police its own workers. And that portends very badly for the security of both the United States and its citizens. A foreign government or criminal organization, for example, could offer a US government employee a tiny fraction of its wealth, perhaps $1 million, in return for secrets potentially endangering the lives of millions.
CIA computer and other experts, whether employed directly or as contractors, do earn very respectable incomes, but not enough to make them immune to the bribes of outside forces. There was some debate over just how much Edward Snowden was earning before he became America’s most wanted man, with the whistleblower himself saying $200,000 per annum and another source claiming a more moderate $122,000. Snowden, you will remember, worked as both a direct employee and contractor for the CIA and NSA respectively. Nevertheless, his unprecedented revelations about the American government’s surveillance capabilities might easily have come from another, paid-off colleague if they hadn’t come from him.
At this stage, it is hard to say whether the original leakers behind Vault 7 did the world a great service or a terrible injustice. What we know for sure, however, is that next to nothing in this world is truly private anymore.