Hacking, Spying, and Today’s High Tech
On March 7th, WikiLeaks published extensive documentation that indicated secret Central Intelligence Agency capabilities to spy and hack. The files published were codenamed “Vault 7,” and contained some 8,761 documents that via press release WikiLeaks claimed represents “the majority of [the CIA] hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation.”
“From what I can tell, this seems to be legitimate,” said David Kennedy, CEO of TrustedSec. Kennedy formerly worked at the NSA and with the Marine Corps’ signals intelligence unit, and categorized the information as showing “expansive capabilities of the CIA and divulges NSA tools as well.”
How Your Smart Devices Can Be Used to Spy on You
Internet-connected ‘smart’ devices continue to be in more and more homes. Smartphone penetration is over 72% in the United States. And computers are literally everywhere.
The Vault 7 leaks demonstrates how easily smart devices can be used to spy on us. The documents include details about how to exploit bugs in Windows, the ability to turn Samsung smart TVs into spying devices (even when turned off!) and how intelligence agencies’ abilities to turn almost any kind of computer into a remote eavesdropping tool may make people think twice—or more—before running out to get the latest and greatest technology.
But before deciding to pull yourself or your business off the grid, consider some additional details. It’s true that WikiLeaks editor Julian Assange called the revelations “exceptional from a political, legal and forensic perspective,” but you should realize that many within the security industry believe there is nothing particularly surprising about an intelligence agency like the CIA being involved in surveillance tactics like this. The bigger question might be: who hacked the CIA?
“The actual headline here is that someone apparently managed to compromise a Top Secret CIA development environment, (and) exfiltrate a whole host of material…,” said Nicholas Weaver, security researcher at the International Computer Science Institute in Berkeley. “Now the world wants to know who, and how, and why.”
Security experts and government officials have suggested the source could be a CIA insider. One official speaking anonymously suggested that contractors were more likely to be the culprit, and that there were no signs Russia had tried to use the information.
Whomever the source, the affair is already being dubbed Snowden 2.0—a reference to whistleblower Edward Snowden and his revelations about the NSA in 2013.
The CIA has not yet confirmed the leaks, with a spokesperson saying in a statement that it does “not comment on the authenticity or content of purported intelligence documents.” The New York Times also reported that there was “no evidence that CIA hacking tools have been used against Americans.”
Furthermore, large portions of the documents were redacted, making it even tougher to determine just how comprehensive the leaked information actually is.
“I don’t think that this is everything,” said Jake Williams, founder of the threat intelligence firm Rendition Infosec. “It likely represents a very limited view of the overall network exploitation program.” Williams also noted that “…honestly, I don’t think you or I have any risk of being spied on by the CIA. I think there are far more interesting people out there for them to spy on.”
How to Protect Yourself and Your Business
For those still concerned, Newsweek published a list of ways businesses and individuals can protect themselves from spying eyes:
- Update your devices to the latest version of firmware — especially if the update lists security fixes.
- Do not root or jailbreak your phone — that is to say, don’t remove software restrictions that the manufacturer puts into the operating system.
- Download apps only from legitimate stores such as iTunes or Google Play.
- Be leery of attachments or clicking on links in an email message
- Make sure your business has solid email security solutions. More than 90 percent of attacks start with email.
- Don’t browse websites with which you are not familiar, and look for the security icon padlock / green bar in the browser.
The idea of the CIA being able to spy on average Americans and American businesses makes for big headlines, but perhaps the more worrisome (and probable) risk to your business might be competitors or malicious individual hackers gaining access to your information. They may want to use your data for profit—or for generally wreaking havoc.
In this day and age, any company, and every government entity, needs a serious protection strategy for their data. Technology that keeps prying eyes out is critical, but the challenge is that the same data that needs to be carefully and thoroughly secured also needs to be accessed and used in order to keep your business running.
That’s where 5i Solutions can help.
5i Solutions takes your security seriously. Your data is protected and stored in the 5i Cloud Vault, with encryption, network security, access logs, penetration testing, key management— you get total access control paired with total security. Active threat management, penetration testing, monitoring, logging, and on-demand reports all help ensure the continued integrity of your data.
5i can customize a solution where your vital data is secure and available 24/7 from anywhere in the world, but available only to those authorized to have access to it.
Today’s encryption systems are strong, and can protect your vital data from virtually any attack. And 5i Solutions can build a custom solution for you for less than you might think. So secure your data today – you never know who (or what device) may be watching.
5i Solutions. One single, secure point of intake, access, and storage. One singular solution.
5i Solutions, Inc.
Learn more at http://5iSolutionsInc.com