WikiLeaks’ Vault 7: CIA Gives a Free Lesson in Personal Cyber Security

Posted on 8th March 2017

CIA Hacking Tools are the Biggest “So What” of 2017: WikiLeaks’ newly released Vault 7 trove is a tantalizing study in how one of the world’s premiere intelligence agencies hacks devices. Analysts and experts have signaled that this leak appears authentic based on some clues in the content. But while it may ultimately be comparable in size to the Snowden or Manning leaks, it lacks the “wow” factor that made those landmark whistleblowing cases so important. What lessons are to be learned from the leaks, and how should we apply them to our personal digital lives?

Whodunit? the identity of the person who leaked these documents will be one of the more interesting elements of the story, but for now it is still unclear who provided these files to the WikiLeaks organization. It has been alleged that these documents left CIA control and were handled by a variety of people within the US Government, increasing the pool of potential suspects. The motivation for these leaks remain unclear as well. WikiLeaks alleges that the CIA’s cyber capabilities amounts to an even more covert NSA that had little accountability. But while programs like those revealed by Snowden were never really well-kept secrets due to their size, there’s nothing in the Vault 7 leaks that indicates something of the scope or scale of the NSA’s programs. And nothing at all that leads readers to believe these were ever used against US persons.

Nothing new under the Cyber Sun: Only a few hours after the leak, observers have had a chance to look through only a small amount of the take, but a few trends emerge, none of which should shock cybersecurity professionals:

“I Spy” some policy challenges for the US administration: these new leaks are unlikely to be such a shock to the system and have such wide-ranging consequences of high profile breaches that have preceded it. However, a leak of this magnitude will reverberate and have consequences for government policy.

Weakening American cyber power: Instead of revealing a program which may be damaging to America’s democracy or its alliances, as Snowden and Manning believed they were doing, this leaker appears to be motivated primarily to reduce America’s cyber firepower and potentially arm its adversaries and criminal groups. There are two key ways this will happen:

Securing your personal cyber space: That these tools exist to take advantage of our increasingly connected world and digital selves should come as no surprise. Undoubtedly, vendors are combing through this as well, to issue patches and secure their users. But what can the individual users from the West Wing to the West Bank do today to keep themselves from falling victim to the use of these tools by criminal groups?

Back to document archive