Vault 7 leak – Year 0 release

A new leak from wikileaks expose CIA usage of tools and techniques to spy on citizens.

What I will be writing about in these article speaks about Year 0 release (March 2017).

You can access it here: https://wikileaks.org/ciav7p1/

Please note that all source code were removed from the release to avoid massive tool proliferation.

Wikileaks speaks about CIA losing control over the “majority of its hacking arsenal “, I hope for them it is not the case (or at least not in what was disclosed here) because most of the exploits are already patched (and for some of them since many years).

Let’s have a deeper look at what is inside this release and link to what interested me (work still in progress, volume is huge).

Smartphone targeting

Android 4.4.4 max, but does it means you are safe with a newer version? nope, I’m sure they have newer tools that have not leaked yet.

All android details: https://wikileaks.org/ciav7p1/cms/space_11763721.html

iPhone

https://wikileaks.org/ciav7p1/cms/space_2359301.html

SmartTV targeting

Samsung smart TV were targetted by an attack called “Weeping angels” co-developped with british MI5.

Require physical access to the device and create a new mode: “TV seems in standy but micro is recording and sending every data to a CIA server”

https://wikileaks.org/ciav7p1/cms/page_12353643.html

OS targeting

Windows

Simple DLL injection: https://wikileaks.org/ciav7p1/cms/page_2621760.html It shows that windows UAC might be of some use  despite its annoying popup 🙂

Other DLL inkection: https://wikileaks.org/ciav7p1/cms/page_3375332.html PSP (antivirus) might detect it

Skip win8 activation: https://wikileaks.org/ciav7p1/cms/page_3375301.html

Others

List of shellcode exploit they have in stock: https://wikileaks.org/ciav7p1/cms/page_11628669.html

Most exploit code are now available on websites such as: https://www.exploit-db.com

Hardware

Apple airport and time capsule: https://wikileaks.org/ciav7p1/cms/page_14588150.html

Development

CIA even has its own Visual Studio wizard: EDG project wizard  https://wikileaks.org/ciav7p1/cms/page_11629039.html

Other

The were interested in lots of other topics, you can browse and read freely.

Hacking team leak: https://wikileaks.org/ciav7p1/cms/page_22642800.html

Posted in News Tagged with: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*