WikiLeaks exposes CIA’s global covert hacking program

The international non-profit organisation has unveiled how the CIA has been busy hacking the entire world with spy tools allowing it to infect a target computer bypassing PSPs (Personal Security Product).

The leaked files show how the US spy agency exploited vulnerabilities in well-known software and hardware platforms in order to take control over them, but also revealed details of the CIA’s ability to hide its own hacking fingerprint and attribute it to others.

One of the files, entitled “Kaspersky ‘heapgrd’ DLL Inject,” describes such vulnerabilities of the Russian cybersecurity provider Kaspersky Lab.

“The Kaspersky AVP.EXE process references a DLL called WHEAPGRD.DLL. This DLL is supposed to be located in one of the Kaspersky directories (which are protected by the PSP). Due to a UNICODE/ASCII processing mistake, the DLL name is prepended with the Windows installation drive letter, rather than the full path to the DLL. For typical installations, this causes Kaspersky to look for the DLL ‘CWHEAPGRD.DLL’ by following the standard DLL search path order. Loading our own DLL into the AVP process enables us to bypass Kaspersky’s protections,” the document reads, adding that “this vulnerability is limited to some of Kaspersky’s previous releases.”

Another document reveals a screenshot of a “selected number of DLL misses from Kaspersky TDSS Killer Portable”.

A Kaspersky Lab spokesperson the media the problem had been fixed in 2009 and that all new company products are subject to mandatory testing before release.

Earlier Kaspersky Lab issued an official statement saying it was currently studying the latest leaks. “Kaspersky Lab is thoroughly studying the report published on WikiLeaks on March 7, 2017 in order to make sure that our clients are out of danger. The company pays special attention to such reports and statements.”

Apple and Google rushed to dispel the mounting doubts about their products. “As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses,” Google’s Director of Information Security and Privacy told Recode.net.

The leaks span the period between 2013 and 2016 and presents just the tip of the iceberg. “The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers,” the WikiLeaks press release noted.

“In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons,” WikiLeaks said.

In a move that will likely spark further outrage, BuzzFeed reported that Nigel Farage visited the Wikileaks founder hiding in the Ecuadorian embassy in west London on Thursday. Julian Assange has been living there since he was granted asylum in 2012.

Ecuador’s decision prevented Assange from being deported to Sweden to be questioned over sexual assault allegations and eventually turned over to the USA. The Wikileaks founder has been stranded there ever since, with British police keeping the building under 24/7 close surveillance.

The former UKIP leader spent around 40 minutes in the building and left around midday accompanied by an aide. When questioned by BuzzFeed News, Farage said he couldn’t remember what he was doing in the building. Asked specifically if he had gone to the Knightsbridge building to meet with Assange, Farage said: “I never discuss where I go or who I see”.

The allegations of “digital fingerprints” left behind by Russian hackers at any rate must now be dismissed as either fake or completely meaningless.

The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques “borrowed” from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were “borrowed” from.

UMBRAGE components not only covers anti-virus (PSP) avoidance and survey techniques, but also keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation and stealth.

One other document discusses hacking vehicle systems, appearing to indicate the CIA’s interest in hacking recent-model cars with sophisticated onboard computer systems.

In a Facebook livestream, Assange confirmed that the information was obtained from an isolated computer at the CIA headquarters in Virginia. He described the loss as an “historic act of devastating incompetence” for the spy agency.

He also suggested that former US President Barack Obama and current president Donald Trump might not even have known about it. He also questioned if the loss had been shared with companies such as Apple and Google, which were both made vulnerable by it.

“WikiLeaks has a lot more information,” Assange said. “Once this material is effectively disarmed we will publish additional details about what has been occurring,” he added.

WikiLeaks said 7 818 web pages and 943 attachments were published, but were just the first part of more material to come containing details of hacking tools used by the CIA. The organisation has also suggested that some of the data redacted from the initial release, such as all of the actual computer code, might be released in the near future.

Ahead of the press conference today, the organisation asked people to tweet their questions about the leaks using the hashtag #AskWLwikileaks.

The Chinese Foreign Ministry urged the US to stop “stop listening in, monitoring, stealing secrets and internet hacking”.

The German government is examining the leaked data as well. In a statement, the German Foreign Ministry said that it was attempting to authenticate the documents.

“We will initiate an investigation if we see evidence of concrete criminal acts or specific perpetrators,” said the German consulate’s office in the US. “We’re looking at it very carefully.”