On 07 Mar 17, WikiLeaks released yet another series of documents belonging to the US Intelligence Agency, CIA; codenamed ‘Vault 7’. It is reportedly the largest-ever publication of confidential documents, belonging to the agency.
Should there be global consensus on Cyber protocols?
On 07 Mar 17, WikiLeaks released yet another series of documents belonging to the US Intelligence Agency, CIA; codenamed ‘Vault 7’. It is reportedly the largest-ever publication of confidential documents, belonging to the agency. The first part of the serial release is called ‘Year Zero’ and comprises 8,761 documents.
What was Revealed?
The documents reveal details of CIA’s hacking arsenal, to include malware, viruses, Trojans and ‘Zero-day’ exploits. ‘Zero-day’ is the name given to bugs or technology that the OEM (Original Equipment Manufacturer) is unaware and can be exploited through malware or viruses to behave in a certain manner. A program called Weeping Angel was designed for the Samsung F-8000, smart TV; so that while it appears switched off, it could still be used for monitoring. Many smart TVs, include voice-activated microphones (for controlling volume or switching channels); these can theoretically be remote-operated by someone, with access to the TVs operational code.
The documents reveal many CIA attack methods, including those to penetrate high-security networks, physically disconnected from the Internet, such as police databases. In one method, the CIA operative infiltrates the target workplace and inserts a USB stick, which infects the system and extracts data. Another method is called ‘Fine Dining’, which provides a range of decoy applications for the operative to use. Thus, while the operative may appear to be running a program, presenting slides, playing a game or even running a virus scan, the system is actually being infected and ransacked.
Why are Intelligence Agencies Embarrassed?
For US intelligence agencies, this is a fresh embarrassment; after earlier WikiLeaks revelations of the cyber tools and methods, the agency employed. These documents also revealed that CIA cooperated with British Intelligence MI-5, to engineer the tools to compromise smart TVs and convert them into improvised surveillance devices. The leaks raise substantial questions about the ability of spy agencies, to protect secret documents, in the digital age. Understandably, the CIA spokesperson refused to comment on the issue.
On one hand, cyber vulnerability of even intelligence agencies, reinforces the urgent need to secure the Internet. The challenge for national investigating agencies is, their jurisdiction ends with their nation’s borders. Since the Internet is a world-wide system, it may be challenging for any single nation (even the US), to secure the system, without the cooperation of other nations.
On the other hand, the Internet is governed by the Internet Society, whose vision is, ‘Internet is for Everyone’. The Internet revolutionized the world by proliferating information. Is there a paradox between ‘transparency’ and ‘security’? Given a choice between transparency and security, from the Society’s point of view, ‘transparency’ should far outweigh ‘security’. In the Digital Age, is there really a need for secrets within an egalitarian global community? Perhaps, national intelligence agencies, instead of working against one another, should work together, to eliminate cyber-crime? Intelligence agencies, with their expertise should take a lead in negotiating international cyber protocols, for the future.