On Tuesday, Wikileaks published “Vault 7,” 8,761 documents purportedly originating with the CIA that show the agency can hack into Android and iPhone smart phones, operating systems like Microsoft Windows and Linux, Smart TVs, self-driving cars, Amazon Echo and Google Home, USBs and DVD/CD-Roms, and basically anything and everything that transmits information via the Internet. They can also leave a digital footprint to make it look like a foreign country – say, I don’t know, Russia – was behind the attack.
Consisting of millions of lines of code, the documents in “Vault 7” show the CIA’s hacking division had “over 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other malware by 2016, utilizing more code than it takes to run Facebook.”
But, according to Wikileaks, the CIA “lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation.” The information seems to have circulated among former U.S. government hackers and contractors “in an unauthorized manner.” One of those with access later provided WikiLeaks with portions of the archive.
One of the many surveillance techniques WikiLeaks reveals is something called “Weeping Angel,” which can place targeted smart TVs into a fake “off” mode, turning them into covert microphones and sending recorded conversations to a CIA server. Supposedly the CIA similarly targeted many other consumer products and even obtained information through Windows updates.
The CIA has neither confirmed nor denied the accuracy of the documents.
So what’s the most surprising part of this data dump? Well, nothing really. After Edward Snowden’s revelations of mass warrantless surveillance by the NSA, none of this should come as a big surprise.
It’s long been known that Smart TVs collect data and send it back to the manufacturer. Amazon Echo and Google Home record what you say, and if you have Facebook installed on your phone, it sets the audio record function to “on” automatically.
In fact, one of the reasons technology is called “smart” is because it learns from user input. It does this by tracking that input and comparing it with millions of other users. Companies like Amazon, Google, and Facebook have used that data to design and sell better products.
No less a figure than FBI Director James Comey publicly admitted that he puts a piece of tape over the webcam of his personal computer. After all, placing malware on computer cameras is a technique the FBI itself has used.
After what the FBI and the NSA have already done, it’s hard to see this Wikileaks revelation as anything but more of the same.
And that’s why there’s been so little outrage: all of this is expected now. We live in an age where Internet-connected teddy bears are hacked. Millions of consumers willingly hand over massive amounts of personal data to companies like Amazon, Facebook, and Google in exchange for products and services they rely on. We have reached a point where people automatically assume that businesses—or the government—can and will infiltrate their Internet-connected devices.
Yet even though it isn’t surprising that U.S. intelligence agencies continue to spy on us, we should demand a full and honest accounting from the government. There are serious Fourth Amendment questions that have been raised about the legality of hacking personal devices to act as transmitters for the deep state, even with a warrant, and it’s unclear whether the necessary permissions were obtained in the cases Wikileaks outlines.
Congress needs to investigate this. Our legislative branch has been woefully weak in its oversight role over the intelligence agencies, and has refused to add adequate protection for whistleblowers. Is this sort of hacking legal? Where are the checks and balances? Who is watching the watchers? These questions need to be answered.