CIA linked to malware used in 40 cyber-attacks, security researchers report

A cache of documents named ‘Vault7’ appears to show internal CIA discussions of various tools for hacking into phones, computers and other devices, and code that had been written for this purpose. The documents were released by Wikileaks, which first announced its possession of the documents in early March. The organisation claiming that they were passed on by a government contractor.

The hacking tools were developed at least as far back as 2011 and possibly as far back as 2007.

Eric Chien, a Symantec research, said that the documents released by WikiLeaks were so comprehensive that they likely comprise the CIA’s entire hacking toolkit, including taking advantage of previously unknown flaws.

Symantec’s report claims that four different types of malware were used. These did not involve mass surveillance, but targeted government entities, or had legitimate national security value for other reasons. Rather than being destructive, the malware was used to open back doors, and collect and remove copies of files.

According to the report, before deploying malware to a target, the malware was assigned target-specific code words, which often seem to be themed around films, food, or music.

The malware appears to be built specifically for espionage, with detailed system fingerprinting, discovery and exfiltration capabilities. Measures were taken to retain a low profile during attacks, such by randomising the time intervals between intrusions.

These secret tools were used to carry out 40 attacks in 16 different countries. According to Symentec, some of the targets were US allies in Europe. Other targets were located in the Middle East, Asia and Africa, and covered financial, telecommunications, energy, aerospace, IT, education and natural resources sectors.

“There are organisations there that people would be surprised were targets,” said Chien.

Symantec has not explicitly accused the CIA or CIA contractors of carrying out the attack, instead referring to the group behind the cyber attacks as ‘Longhorn’. Longhorn, they report, is an English-speaking, well-resourced intelligence gathering organisation based in North America.

Reuters has reported that sources familiar with the malware have said the leaked documents are linked to the CIA.

CIA spokesperson Heather Fritz Horniak stated that any leak aimed at damaging the intelligence community “not only jeopardises US personnel and operations, but also equip our adversaries with tools and information to do us harm.”

“It is important to note that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and the CIA does not do so.”

The CIA has not confirmed that the documents are genuine.

The leak is the latest in a series of hostile gestures against the American intelligence community. Last weekend, a group calling itself the ‘Shadow Brokers’ released a cache of National Security Agency hacking tools, accompanied by a blog post criticising US President Donald Trump for moving away from his conservative political base by attacking Syria.