Technobabble: Wikileaks Vault 7 Leaks: How worried should you be?

The WikiLeaks logo. / Photo courtesy wikileaks-wiki, Creative Commons

By Joshua Stair, political columnist

Wikileaks is at it again. The infamous website has released a new, sprawling set of government documents detailing surveillance technology used by the Central Intelligence Agency. Because Wikileaks does not lack a sense of theatricality, these leaks have been dubbed Year Zero and are the first wave in a series of leaks, which of course got their own codename: Vault 7. But the released documents aren’t as revolutionary as Wikileaks would like you to think.

I’ve seen many a sensationalist headline comparing this leak to the Snowden leaks of 2013. While it is true that the Year Zero leaks are bigger in terms of the number of documents, they don’t come close to Snowden’s NSA leaks. That’s not to say that Year Zero doesn’t contain juicy information that the government would rather the world not know. It definitely does.

We’ll get to the details, but first, some clarification. One of the biggest headlines to arise from Year Zero is that of Samsung smart TVs spying on consumers. It isn’t quite as bad as it sounds, though. The program, codenamed Weeping Angel (because even government hackers are huge nerds) was developed by the CIA’s Embedded Devices Branch (EDB), one in an alphabet soup of agencies within the CIA. While it is true that Weeping Angel can turn a smart television into a covert listening device, it can’t simply be turned with the flip of a switch. According to the documentation from the leaks, Weeping Angel is installed via USB drive, meaning that an agent would have to gain physical access in order execute the hack. And if you have a CIA agent breaking into your home, your problems are likely bigger than a hacked TV.

Another aspect which has been somewhat blown out of proportion is the CIA looking into the ability to hack cars, a revelation which shocked exactly zero people who are familiar with computers. Hackers have been trying to find ways to hack into cars for years, so the it makes perfect sense that the CIA would be doing the same. Not that you should be worried yet. Hacking a car is incredibly difficult, as the Scientific American points out. Furthermore, the leaked documents give no indication that such efforts by the CIA were successful, or any real details, other than that they were looking into the possibility.

Even though Weeping Angel and the car hacking leaks aren’t as worrying as they first seem, there are other programs which are quite alarming. The leaked documents revealed that the CIA had developed and maintained a large arsenal of hacking tools, many of which involve vulnerabilities in both iPhone and Android operating systems. Such vulnerabilities could cause massive harm if discovered by hackers. But rather than inform Apple and Google of the flaws in their security, the CIA decided to hoard the exploits, allowing the phones and their owners to remain vulnerable.

To the tech industry’s credit, manufacturers have been quick to respond. Apple and Google have already patched the security flaws detailed in the leaked documents, so as long their phones are updated, consumers don’t have much to worry about.

Perhaps the most surprising detail of the leak is that none of the data is classified. The leaked data is primarily conversational and does not contain any actual code from the CIA’s technology. But the leaks indicate that both the leaked documents and the hacking tools themselves are not classified, due to the fact that such programs and communications would invariably be shared over the internet, an act which would be treasonous, were the material classified. So fear not in reading or possessing any of the Year Zero documentation.

So what does this first round of Vault 7 leaks mean for the average Joe? Not much, really. Unlike the Snowden leaks, which uncovered the mass surveillance of American citizens by the NSA, Year Zero only seems to show specific tools that the CIA use and are developing to monitor specific targets, not mass populations. So unless the CIA deems you specifically a threat, you have nothing to worry about.

Leave a Reply