WikiLeaks, the site responsible for the Afghan War Diary and DNC email leak, has released the largest ever dump of confidential files and documents from the Central Intelligence Agency - and they appear to be largely legitimate.
The files are nicknamed "Vault 7" and contain 8,761 separate documents from a highly secured CIA stronghold in Langely, Virginia.
Vault 7 is supposedly the first in a full series of leaks, dubbed "Year Zero", a spin-off of a zero-day attack. The 'project' gives insight into the CIA's worldwide hacking program and a cache of malware and zero-day exploits targeting products from Apple, Google, Microsoft, and Samsung.
This collection encompasses millions of lines of code, and gives its owner the "the entire hacking capacity of the CIA," according to a WikiLeaks press release.
The
It's an issue of whether the CIA should even have this level of hacking capabilities in the first place, and the consequences that would follow should these powers fall into the wrong hands.
Julian Assange, WikiLeaks founder says, "There is an extreme proliferation risk in the development of cyber 'weapons'. Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of "Year Zero" goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."
If adopted, these files would allow hackers to access smartphones, computers, and internet-connected TVs. And if you think encryption will help you, these files allow encryption to be by-passed in certain cases, or in Android devices, intercepted before it's even applied.
The threat of surveillance looms large, especially during a period of political unrest.
Vikram Kapoor, co-founder and Chief Technology Officer at Lacework, says, “The most recent dump by WikiLeaks establishes conflicting challenges faced by the security developers community. There are certainly terrifying implications for individual privacy rights and it demonstrates how extensively some of the systems can be hacked. Additionally, it reveals how hard it is to manage security for insider risk and cloud workloads today for businesses.”