CIA hacking tools used to target 40 groups globally, research finds
The CIA hacking tools exposed last month by WikiLeaks were used in recent operations to target at least 40 organisations across 16 countries, according to research.
Companies, universities, and government departments were all subject to attacks, according to the report by Symantec, a leading cyber security group, using a trove of tools that included malware that could turn Samsung televisions into spying devices. The Middle East was the primary target for attacks, it said, with institutions in Europe and Asia also targeted.
Any link between the WikiLeaks revelations and active espionage campaigns would be a further embarrassment for the US intelligence community. The fact that European organisations were allegedly targeted also raises difficult questions for the US and its spy agencies over their targeting of allies.
While much of the so-called Vault 7 material released by WikiLeaks was initially played down as of historical significance only, the Symantec report indicates otherwise. “We quickly realised that some of the tools and techniques described in the Vault 7 documents almost exactly matched the tools being used by a group we call ‘Longhorn’,” said Dick O’Brien, a researcher at Symantec. “There is enough evidence to form a definite link between the two.”
Symantec said Longhorn, which it had tracked for several years, was using tools from the Vault 7 documents until very recently. Although it declined to identify the CIA by name — as WikiLeaks did — Mr O’Brien said Symantec had a “very high degree” of confidence in its assessment of the group.
It said its research showed the developer of the tools to be state-backed, anglophone North American, with significant resources, and techniques and tradecraft of a highly advanced nature. Symantec declined to disclose the names of the specific institutions it said had been hacked by the CIA.
Code words and naming conventions used by the hackers in the tools they developed also hint at a US origin. Symantec said it had compiled more than 40 examples, mostly drawn from US popular culture, such as SCOOBYSNACK — a reference to the Scooby Doo cartoon series. Some code words followed patterns: ROXANNE and REDLIGHT, for example, were clearly references to the music of British band, The Police.
The report on the Vault 7 material follows a further dump of malware allegedly stolen from US intelligence agencies over the weekend. A group known as the Shadowbrokers, which sprung to prominence with the release of files last year it claimed were stolen from the National Security Agency, on Saturday made public a fresh set of hacking tools it said had been developed by US spies.
It is unclear how serious the impact on US espionage activities from the exposure will be. Many in the western intelligence community, however, have little doubt that the damage is long-lasting and serious.
The hand of Russia was detected as behind the disclosures. US intelligence officials believe WikiLeaks is being manipulated as a convenient publicity platform by the Kremlin for material it has exfiltrated from the US. The Shadow Brokers, and other similar groups, have even more dubious — and direct — connections to Russian intelligence.
The Shadow Broker’s latest disclosures, western intelligence officials have said, appear to be made in direct reprisal for US actions against the Kremlin’s interests.
The August release of NSA files followed US condemnation of Russia for hacking the US Democratic National Committee to disadvantage the presidential candidacy of Hillary Clinton. The latest release comes only days after US strikes against Syria last week.
Gloss