WikiLeaks has done it yet again. On Tuesday, March 3, WikiLeaks published a ground-breaking trove of classified CIA documents drawn from a sub-organization called the Center for Cyber-Intelligence. This collection of information, codenamed “Vault 7,” which the CIA has neither confirmed nor denied, had a mark of authenticity, according to intelligence agency whistleblowers Edward Snowden and William Binney.
Vault 7 caused a great deal of commotion and discussion on social media by shedding light on the recent activities of CIA cyber branches, particularly its controversial hacking-related operations. It revealed that the CIA had been surreptitiously developing its hacking branch, brainstorming and finding vulnerabilities and exploits that allow them to monitor many of the electronic devices people have in their homes.
The data leak contains information ranging from instructive tutorials on how CIA hackers can familiarize themselves with the European base of operations in Frankfurt and pass off as employees of the State Department, to plans involving research in the remote disruption of vehicle control systems. Although conspiracy theorists have theorized that the government clandestinely assassinates political opponents riding in motor vehicles, WikiLeaks provided no evidence of the research’s actual usage. In addition to these serious matters, many bits of miscellaneous information exist inside of the WikiLeaks collection. One of the more humorous projects revealed in Vault 7 is a collection of various Internet emoticons, including a long list of “Japanese-style” emoji faces used on the Internet.
However amusing some of the leaked information may be, the hacking, cracking, and sleuthing of internet-capable devices is worrying to many. Of the revealed cyber-technologies, one of the most publicized is codenamed “Weeping Angel,” an eerie, and particularly fitting, reference to the creatures of the Doctor Who series. This surveillance tool allows hackers to take control of a household smart television and use it as a microphone, picking up sound and discretely relaying it back to the hacker. Worse yet, if a smart TV is being tapped, it will not display any visible signs of being activated. To the user, it will appear dormant and shut off.
From this data dump, people have also observed that the CIA is hoarding a variety of hacking tools, including “zero day” exploits, which are weaknesses in software that have escaped the notice of developers. If the collection and secret storage of exploits is actually taking place, that is troubling: President George W. Bush created a program called the vulnerability equities process (VEP), which is a lengthy process designed to disclose exploits deemed dangerous. In 2014, Michael Daniel, Cybersecurity Coordinator of the White House, released a list of criteria used to determine whether an exploit should be disclosed or kept private, including the amount of harm the exploit could cause, how widespread the vulnerable software is, and the likelihood of the vulnerability being discovered by outsiders.
So what does all this ruckus have to do with life as a high-school student? The fact of the matter is, this should concern all students, including those in high school. Everyone uses a computer and nearly everyone uses a smartphone. If it is possible to remotely monitor iPhones , other iOS devices (and Vault 7 tends to confirm this) and Android devices, there is reason for concern. It is also worth being wary of the potential vulnerabilities that Chromebooks may carry.
Meanwhile, the Internet giants will be working overtime to patch up the vulnerabilities revealed in Vault 7. So the next time you receive one of those annoying security update prompts, it is probably better not to ignore it.