WikiLeaks, the non-profit whistleblower and information leaking organisation, has started to release the source code behind a series of tools that are or were allegedly used by the Central Intelligence Agency to spy and gather information on end users. The series, called Vault 8, will release the code behind the tools and programmed that the CIA allegedly use for surveillance that were released in Vault 7, according to founder Julian Assange.
WikiLeaks the source code from a tool called Hive yesterday. Hive reportedly allows its operators to control malware installed on different devices from a singular central utility. While WikiLeaks previously released documentation related to the tool, this is the first time such extensive source code for any CIA spying tool has come out into the open.
Assange states that the publication will "...enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components." Hive pertains to a cache of documents and hacking tools that WikiLeaks obtained earlier this year, which was largely revealed in large spills over the course of a few weeks. However, Assange and his colleagues decided not to publish code that might reveal unpatched bugs or vulnerabilities, so that these could be patched and so that people "can be secure." WikiLeaks contacted companies regarding these vulnerabilities first, and negotiated with them accordingly, leading eventually to a mixed position where some where published and others where patched instantly, such as a few which were quickly patched by Cisco.
"(the code) might help forensics professionals and cause CIA to refactor code, but has nothing that will enable a cyberattack.
Jake Williams, a former NSA hacker who now works at the security firm Rendition InfoSec, told Motherboard that the code WikiLeaks released on Thursday doesn't seem that dangerous, because it will just "help forensics professionals and cause CIA to refactor code, but nothing that will enable a cyberattack."
But, he added "releasing code for other tools described in Vault 7 could give attackers the ability to exploit and implant new machines." In its press release, WikiLeaks said that materials published as part of Vault 8 will "not contain zero-days or similar security vulnerabilities which could be repurposed by others.", however the impacts of these tools and their source code remains to be seen. We're bound to find out more over the coming few weeks; but until then, stay tuned.
What do you guys think? Will this make more waves than Vault 7 did earlier this year? How do you protect your privacy? Let us know in the comments, or post over in the forums with your thoughts.