WikiLeaks’ campaign against the U.S. Central Intelligence Agency has continued with the release of source codes used by the agency to establish communication with the servers where it had implanted its hacking tools and malware.
The organizations’ latest leak is called “Vault 8,” the sequence to an earlier series of CIA hacking-related leaks it began publishing in March called Vault 7.
According to a press release accompanying the first Vault 8 leak, WikiLeaks stated that the series is aimed to offer insight into the CIA’s hacking practices and infrastructure by publishing the agency’s software source codes.
This move has naturally evoked interest among internet security experts and other since the source codes and analysis are embedded in the new release without zero-days vulnerabilities that hackers could exploit to their own advantage.
The ostensible reasons why WikiLeaks decided to do this could have been twofold.
One is it wanted to possibly re-establish its credibility among the public at large that it was not shooting in the dark when it released the details of hacking tools and malware that it claimed the CIA used while snooping on any establishment.
The other reason that’s being described by experts is to help forensic analysts come up with their own assessment of how the intelligence agency worked while using hacking tools like Hive to extract information from whoever the agency suspected.
Hacking Tools Very Cleverly Camouflaged
The interesting component of this hacking arrangement that the CIA is alleged to have used is that the victim of such cyber surveillance would not know that he or she is being watched by a third entity.
According to the information disclosed by the organization, the CIA used fake identities for digital authentication to avoid the server from locating the implant.
One such identity is that of the Russian internet security company Kaspersky. And Kaspersky also reacted to these revelations—Chairman and CEO Eugene Kaspersky confirmed on Twitter that these certificates were indeed fake and that their customers do not have to worry about their systems’ securities.
WikiLeaks goes on to describe how even if someone stumbles upon the malware and tries to find out what it has passed on or communicated back to the operators at the agency, nothing can be deciphered.
Not Much Can Happen with These Codes
There is, however, a kind of consensus among experts in the field that the details and codes being placed in the public domain cannot cause much harm to the agency’s security.
It would also be difficult for third parties to launch a cyberattack using these hacking tools, since they are only designed to be used on the CIA’s systems alone.
The CIA might simply repurpose or refactor the codes and carry on.
There is still the possibility that Julian Assange and his team at WikiLeaks are holding on to more information that they can release in the future, and that could be more embarrassing for the intelligence agency.
There have been reports that the organization is wanting to offer a lot of this information to the affected institutions, but the talks did not yield any results.
Controversy Never Ends
Julian Assange and his whistleblowing activities mainly targeted against the government—particularly the U.S. federal government—continues to evoke mixed responses from the public at large.
There are those who speak for state secrecy and feel there is a limit to what the government agencies, especially the intelligence agencies, can share publicly.
And there are others who are staunch supporters of Assange’s cause and feel the government misuses its powers to snoop on its own citizens and allied nations.
Interestingly, there are also those who might have changed their stance or may do so now.
The example cited is the U.S. President Donald Trump, who expressed support for Assange and his organization in the past after the organization released the email servers of his political rival Hillary Clinton.
But earlier this year, there were reports that the U.S. Department of Justice could frame charges and even seek the arrest of Assange.
One has to wait until such developments take place. There is also the Russian angle to the WikiLeaks story. Again, that may make the subject of another article.
The latest release of Vault 8 will be spoken about for some time. As in the past, the CIA has refrained from issuing any official statement on the leaks except to say they cannot comment on its authenticity.
As briefly mentioned, more leaks could be in the offing. In particular, there are two hacking tools: Pandemic and Brutal Kangaroo, the codes for which could prove to be more damaging to the CIA’s reputation, so say experts.