CIA-made malware? Now antivirus vendors can find out

Security researchers are concerned that WikiLeaks may have mislead the public with the CIA document dump

Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA.

On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs.

WikiLeaks has redacted the actual source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump -- if real -- still exposes some of the techniques that the CIA has allegedly been using.

Among those techniques are ways to bypass antivirus software from vendors including Avira, Bitdefender and Comodo, according to some of the leaked documents.

The CIA's playbook out in the open

The documents even include some snippets of code that antivirus vendors can use to detect whether a hacking attempt may have come from the CIA, said Jake Williams, founder of security company Rendition InfoSec.

“In the documents, they (the CIA) mention specific code snippets used in operational tools,” Williams said. Antivirus vendors can use this to look at their customers’ networks for any traces of past intrusions.

That might be a big blow to the CIA’s surveillance operations. Now anyone, including foreign governments, can use the WikiLeaks dump to figure out if the CIA ever targeted them, according to Williams.

“I would bet my bank account that the hackers of the CIA have spent all day trying to remove their tools from high value networks,” he said.

WikiLeaks hasn’t said who supplied the secret documents. But the anonymous source is hoping to spark debate over whether the CIA abused its authority by developing so many hacking tools without public oversight, WikiLeaks said.  

"There is an extreme proliferation risk in the development of cyber 'weapons',” WikiLeaks founder Julian Assange added in a statement.

But some security researchers believe WikiLeaks is trying to mislead the public by exaggerating the CIA's hacking capabilities. “The press is getting taken for a ride today,” said Will Strafach, CEO of Sudo Security Group who studies vulnerabilities in Apple’s iOS.

How real are the risks?

Although WikiLeaks has said the CIA documents show the agency can hack iPhones and Android smartphones for spying purposes, consumers shouldn’t necessarily be concerned, he said.

That’s because the dumped documents mostly mention exploits for iOS that appear to already be publicly known and have been patched.

“I have not found anything here that could be a danger to anyone running iOS 10 or above,” Strafach said.

Earlier news headlines and a tweet from WikiLeaks on Tuesday also suggested that the CIA hacking tools can bypass the encryption on messaging apps such as WhatsApp and Signal. But there’s no evidence that the CIA ever cracked the encryption, only that the agency developed exploits and malware to take over devices.

“The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption,” tweeted Open Whisper Systems, which developed the encryption used in the apps.

Journalists and security researchers are still looking over the dumped documents. But it doesn’t appear the hacking tools equate to mass surveillance, said Robert Graham, CEO of security firm Errata Security.  

One hacking tool, code-named Weeping Angel, allegedly involves turning a Samsung smart TV into a monitoring device. But the tool seems to only work if a CIA agent can physically install it on the TV.  

“When we look at the tools, they really give off the impression that they are used locally,” Graham said. “That some CIA agent has to walk in. It’s not remote hacking.”

Questions over vulnerabilities

Still, some privacy advocates are worried by the WikiLeaks document dump. They say it confirms that the U.S. government has known about key vulnerabilities in tech products, but decides to develop hacking tools around them, rather than help vendors patch them.

A document in the dump shows that CIA exploits for Apple’s iOS were allegedly purchased from the U.S. National Security Agency, British intelligence or bought from third-party providers. 

The key danger is that malicious groups, such as foreign government hackers, might discover the vulnerabilities too -- putting everyday users in harm's way.

“As these leaks show, we're all made less safe by the CIA's decision to keep -- rather than ensure the patching of -- vulnerabilities,” wrote Cindy Cohn, executive director of privacy advocate, the Electronic Frontier Foundation.

"Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans," she said.

But others aren't so sure the document dump really shows that the CIA has been stockpiling information about vulnerabilities.

"It is difficult to tell this from the info we have at this point," Ari Schwartz, a former White House senior director for cybersecurity, said in an email. "Questions that I would have are:  Are they really previously unknown?"

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?