Wikileaks Says its "Vault 7" Series Reveals CIA Hacking Techniques and Tools

The Central Intelligence Agency might have allowed vulnerabilities and exploits to remain present in software and hardware devices designed by U.S. companies, according to documents leaked by Wikileaks, in its recent series titled, “Vault 7: CIA Hacking Tools Revealed.”  If true, any attorney using the compromised software or hardware devices should be aware of the possibility that confidential attorney-client information contained on a susceptible device might be vulnerable.  

On Tuesday, March 7, 2017, Wikileaks began its series code named “Vault 7”.  The series includes leaks detailing the alleged actions of the U.S. Central Intelligence Agency.  Wikileaks leaked 8,761 documents and files in the first part of its Vault 7 series, subtitled “Year Zero”.  According the Wikileaks’ press release, the files originate “from an isolated high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.”  

The CIA allegedly produced and maintained a “hacking arsenal" that allowed the CIA access to Apple’s iPhone, Google’s Android and Microsoft’s Windows software, according to Wikileaks.  This arsenal included millions of lines of code for malware, viruses, trojans, “zero day” exploits, malware remote control systems and associated documents, says Wikileaks.  

The CIA allegedly maintained this arsenal as part of its hacking division, according to Wikileaks.  This division allegedly utilized more code than is used to run Facebook as part of the CIA’s alleged effort to produce and maintain “more than a thousand hacking systems, trojans, viruses, and other ‘weaponized’ malware,” according to the Wikileaks’ press release.

Recently, the CIA allegedly lost control of this arsenal, says Wikileaks.  The tools allegedly used by the CIA were archived and the archive was circulated among former U.S. government hackers and contractors outside of the control of the CIA.  Wikileaks says the Vault 7 series represents a portion of this archive.

This leak constitutes the first public evidence that the United States government allegedly “secretly [paid] to keep U.S. software unsafe,” says Edward Snowden, in a tweet discussing the significance of the leaks.  The Vault 7 series shows the U.S. Government developed vulnerabilities in U.S. software products, but did not report the vulnerabilities, thereby allowing the vulnerabilities to remain an active threat, according to Snowden.  Snowden describes these alleged actions as “reckless,” and claims, “any hacker can use the security hole the CIA left open to break into any iPhone in the world.”

This is highly important information, and it is information attorney should be aware of.  Attorneys have an obligation to understand the technology they use. 

Using iPhones, Android phones and Microsoft Windows has become ubiquitous in the legal profession.  As attorneys we must keep in mind that these devices and software solutions are not 100% secure, and any confidential attorney-client communications contained on these devices might be accessed by a nefarious individual with access to the right tools.  Unfortunately, the tools available to a would-be-hacker might now be the same tools and techniques used by one of the pre-eminent intelligence agencies in the world.

Follow Attorney Nessler to receive notifications for new articles, because it is important to stay up-to-date on technology in the context of the law.