Electric Eyes

Electric Eyes

Vault 7: the CIA’s hacking arsenal and you

8:35. Wake up. Check Reddit, Facebook, Twitter, Instagram, Snapchat, emails, and texts. Sing your lungs out in the shower (you’re never too good for Adele). Send nudes to bae. Get dressed and pocket your phone. Head to lectures. More lectures. Lunch. Lectures. Get home and make dinner. Drink with friends. Take photos you’ll be ashamed of tomorrow. 02:47, put your phone on charge and go to bed… fall down the porn rabbit hole. 03:22, close tabs and go to sleep with a sense of shame and satisfaction. Your phone is with you more than any person in your life: it’s seen some shit, you’re brothers in arms – no phone gets left behind.

On March 7, WikiLeaks began publishing Vault 7, the largest ever archive of confidential documents on the CIA. ‘Year Zero’ is the first instalment, covering 2013 to 2016, and contains 8,761 documents and files, “from an isolated, high-security network situated inside the CIA’s Centre for Cyber Intelligence in Langley, Virginia.” These documents were given to WikiLeaks by a U.S. government hacker or contractor after they were circulated around a network of former hackers and contractors without CIA authorization.

WikiLeaks claims that the CIA has lost control of most its hacking arsenal.  This arsenal includes, amongst malware and viruses, weaponised ‘zero day’ exploits. These ‘zero day’ exploits primarily try to access US and European consumer electronics, including iPhones, Android devices, Windows phones, and Samsung smart TVs – all of which can now be turned into covert microphones. 

The Samsung smart TV exploit was developed in cooperation with the UK’s MI5. The targeted TV no longer turns off, but instead will enter a faked off state and remain operational as a recording device, relaying conversations back to the CIA - a literal manifestation of 1984’s Telescreens. Infected phones are even worse, they provide the controller with access to microphones and cameras as well as the user’s location information, phone calls and texts.

Apple’s iPhones make up less than 15% of the global market share of smartphones, yet they are heavily favoured by politicians, diplomats, and top figures in business. WikiLeaks confirms that a “specialized unit in the CIA’s Mobile Developments Branch produces malware to infest, control, and exfiltrate data from iPhones and other Apple products running iOS.” A similar unit targets Android phones. Your phone, which never leaves your side, doesn’t work for just you anymore.

The CIA has also developed tools that target various internet infrastructure and webservers, along with “very substantial efforts” to infect and control Windows users. Part of that effort includes ‘air-gap’ jumping viruses hidden on USBs, CDs, DVDs and other removable media. This infects the machine of anybody who has kept their machine forever free from connecting to the internet, thus being ‘air-gapped’. Air-gapping is one strategy used by government officials, whistle-blowers and journalists to keep information safe from remote attack. But air-gapping also extends to ordinary databases, including police records, medical records, and insurance records. Any database that was never connected to the internet is now almost as vulnerable as it would be if it was connected. In October 2014, the CIA began looking into infecting the vehicle control systems of cars and trucks. Gaining control of someone’s vehicle allows for an almost perfectly undetectable assassination. But don’t worry, this will almost only ever be used by terrorists and foreign governments targeting other government officials, diplomats, or industry leaders.

Since Edward Snowden’s NSA leaks in 2013 people have largely been aware that these sorts of programmes existed. While in 2013 there was significant public outcry at these activities, this has since died away, allowing the CIA to become the next hub for surveillance activity. This leak has also confirmed that there are other foreign agencies who are willing to cooperate with the CIA in developing their tools, which is to say that these agencies (and, to an extent, the corresponding government) agrees with their use and see no significant moral harm in them. Most importantly, the CIA has lost control of its arsenal. This is precisely the sort of situation that has been predicted for years and is perfect evidence that the people were right to ask, “even if we trust you with these tools, why on Earth would we risk them falling into the wrong hands?” Now we stand at a point in history where these tools are falling into the wrong hands.But why do we care if the government is listening in on our conversations? Why do we care if every country in the world is listening in our conversations? We have nothing to hide. We didn’t do anything wrong. We don’t care if some government official knows that we prefer milk chocolate to dark chocolate, or tea to coffee, if we hate one university paper or another, or how frustrating it is that our grandfather still can’t come to terms with the fact that “the gays” can legally marry.

In many instances, we don’t care. These are the sort of innocuous facts about our lives that don’t reveal very much at all. Even in aggregate this is usually harmless information for an ordinary person to know. Beyond some indignation that our rights have been violated, we’re likely to brush this off as another unsurprising fact of the world we live in: we’re always being watched. Yet, the principle does matter. We are supposed to protect out rights when they’re violated. It’s our responsibility to stand up to tyranny. 

We’ve embraced surveillance like a meme: we self-censor, we joke about “being watched” or that we are “on a list” now, and if we aren’t busy demonising those who want to maintain their privacy then we socially exclude them by placing so many obstacles in the path of anybody who wants to live a life free of Facebook. We are internalising our own oppression. Tyranny didn’t come into our homes using violence and force; tyranny piggy-backed into our minds riding on changing social norms, consumerism, and a growing culture of fear. Even if the government doesn’t have a reason to watch you, because you don’t want to rock the boat, can you be comfortable knowing that any attempt to make significant political change could result in a loss of your basic rights?

Though government attention may mean that some authority is going to ‘get’ you, likely it just means that you’re being monitored. There are two problems with that. Firstly, the more people being watched the harder it is to detect actual threats to national security. Every additional person makes the haystack larger and the needles more difficult to find. It’s like trying to find Wally while more and more people are always being added to the page – good luck. The Paris attacks were planned in the open, without encryption, and nobody caught onto it. It’s why the Boston Marathon Bombing happened even though Russian intelligence specifically alerted the FBI. It’s why 9/11 happened despite repeated advance warnings. There’s just too much information on too many people to effectively monitor for security threats. Not only do our taxes pay for this inefficiency, we also pay in lives lost. 

Secondly, the people who watch are grossly violating your privacy. In 2014 the Government Communications Headquarter (GCHQ) programme ‘Optic Nerve’ watched unselected Yahoo users just to test its facial recognition algorithm. Unselected meant that the users were watched at random. Worst of all, the GCHQ admits that anywhere between 3% and 11% of all the communications it monitored were explicit and the webcam feeds were pornographic. I don’t know about you, but I don’t want some 22-year-old intern fapping to Skype calls between my partner and me (unless they want to pay, maybe… Those student loans won’t pay themselves). Fast-forward to 2017 and the technology is more sophisticated and about to be available to whichever nefarious people are in the know or want to pay the highest price.

This isn’t even the first time that the CIA has royally fucked up. The CIA is one of the most reckless and careless government institutions on the planet. From training and supplying the Mujahedeen (Operation Cyclone, if you don’t know the Mujahedeen you’ll know one of their members, the poster-boy for America’s fuck ups in the Middle East, Osama bin Laden, co-founder of Al-Qaeda), to taking one of the world’s finest mathematical minds and drugging him up to the point of becoming the Unabomber (Project MKUltra), to selling weapons to countries under an arms embargo in order to fuel political tensions (Iran-Contra Affair).

Once the CIA loses control of its arsenal, the results are catastrophic for the American people and whoever gets dragged in to help them out. But this time the stakes are much higher and the costs are paid globally, by everybody. Eventually this arsenal will extend beyond those who are willing to pay the highest price, because code isn’t a finite resource. Weapons are physical; they must be manufactured, transported, and stored. When someone sells weapons on the black market, they exchange those weapons for cash. When someone sells malicious code on the black market to some script-kiddies (amateur wannabe hackers who don’t write their own code but use other people’s code), they can do so at a greatly reduced cost because they’re only ever selling copies. The very act of selling this code is proliferation. In 2011, the 11 hackers of LulzSec organised themselves well enough to engage in the ‘AntiSec Operations’, operations that involved collecting and dumping data from corporate and government sources including the Arizona Department of Public Safety, the president of Brazil, and AT&T. If 11 guys in England can manage all of that on their own merit, how much more damage could be done with CIA grade cyber weaponry? We’re looking at anything from major crime to the wild vigilantism of Black Mirror’s ‘Shut up and Dance’ episode. 

If traditional print media can already report on Bill and Monica, on a British MP railing coke off a prostitute’s ass, Anthony Weiner’s dick pics, and a never-ending shit show of political scandals, then just how much worse is that going to become? Blackmailing political figures just got easier for everyone and we all lose because of it. How can a president or prime minister stand up to the TPPA, or defend net neutrality, or represent their nation’s interests at all, if the cost of doing so is that their partner or kids know they’ve had affair? Few are brave enough to do the right thing when faced with such a steep personal cost.

They are watching you, but “they” could be anybody. Your phone isn’t your bastion anymore. Your home isn’t your castle. When the digital world came to you, you welcomed it with open arms. With each passing day, your sources of freedom become your invisible cage. They know what you like, they know what you think, they know how you think, they have every intimate image you’ve sent, secret you’ve shared, and shameful Google search you’ve made. In a world of selfies and social media, everyone carries a set of electric eyes with them. 

Don’t give up your freedom so readily simply because you’re privileged enough to have never directly experienced what it’s like to live without it. I’m optimistic that we’ll get through this relatively OK, but damage will be done, a price will be paid, and this cat doesn’t have any lives left.

This article first appeared in Issue 6, 2017.
Posted 12:52pm Sunday 26th March 2017 by Kirio Birks.