CIA-made malware? Now antivirus vendors can find out

Security researchers are concerned that WikiLeaks may have mislead the public with the CIA document dump

Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA.

On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs.

WikiLeaks has redacted the actual source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump -- if real -- still exposes some of the techniques that the CIA has allegedly been using.

Among those techniques are ways to bypass antivirus software from vendors including Avira, Bitdefender and Comodo, according to some of the leaked documents.

The CIA's playbook out in the open

The documents even include some snippets of code that antivirus vendors can use to detect whether a hacking attempt may have come from the CIA, said Jake Williams, founder of security company Rendition InfoSec.

“In the documents, they (the CIA) mention specific code snippets used in operational tools,” Williams said. Antivirus vendors can use this to look at their customers’ networks for any traces of past intrusions.

That might be a big blow to the CIA’s surveillance operations. Now anyone, including foreign governments, can use the WikiLeaks dump to figure out if the CIA ever targeted them, according to Williams.

“I would bet my bank account that the hackers of the CIA have spent all day trying to remove their tools from high value networks,” he said.

WikiLeaks hasn’t said who supplied the secret documents. But the anonymous source is hoping to spark debate over whether the CIA abused its authority by developing so many hacking tools without public oversight, WikiLeaks said.  

"There is an extreme proliferation risk in the development of cyber 'weapons',” WikiLeaks founder Julian Assange added in a statement.

But some security researchers believe WikiLeaks is trying to mislead the public by exaggerating the CIA's hacking capabilities. “The press is getting taken for a ride today,” said Will Strafach, CEO of Sudo Security Group who studies vulnerabilities in Apple’s iOS.

How real are the risks?

Although WikiLeaks has said the CIA documents show the agency can hack iPhones and Android smartphones for spying purposes, consumers shouldn’t necessarily be concerned, he said.

That’s because the dumped documents mostly mention exploits for iOS that appear to already be publicly known and have been patched.

“I have not found anything here that could be a danger to anyone running iOS 10 or above,” Strafach said.

Earlier news headlines and a tweet from WikiLeaks on Tuesday also suggested that the CIA hacking tools can bypass the encryption on messaging apps such as WhatsApp and Signal. But there’s no evidence that the CIA ever cracked the encryption, only that the agency developed exploits and malware to take over devices.

“The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption,” tweeted Open Whisper Systems, which developed the encryption used in the apps.

Journalists and security researchers are still looking over the dumped documents. But it doesn’t appear the hacking tools equate to mass surveillance, said Robert Graham, CEO of security firm Errata Security.  

One hacking tool, code-named Weeping Angel, allegedly involves turning a Samsung smart TV into a monitoring device. But the tool seems to only work if a CIA agent can physically install it on the TV.  

“When we look at the tools, they really give off the impression that they are used locally,” Graham said. “That some CIA agent has to walk in. It’s not remote hacking.”

Questions over vulnerabilities

Still, some privacy advocates are worried by the WikiLeaks document dump. They say it confirms that the U.S. government has known about key vulnerabilities in tech products, but decides to develop hacking tools around them, rather than help vendors patch them.

A document in the dump shows that CIA exploits for Apple’s iOS were allegedly purchased from the U.S. National Security Agency, British intelligence or bought from third-party providers. 

The key danger is that malicious groups, such as foreign government hackers, might discover the vulnerabilities too -- putting everyday users in harm's way.

“As these leaks show, we're all made less safe by the CIA's decision to keep -- rather than ensure the patching of -- vulnerabilities,” wrote Cindy Cohn, executive director of privacy advocate, the Electronic Frontier Foundation.

"Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans," she said.

But others aren't so sure the document dump really shows that the CIA has been stockpiling information about vulnerabilities.

"It is difficult to tell this from the info we have at this point," Ari Schwartz, a former White House senior director for cybersecurity, said in an email. "Questions that I would have are:  Are they really previously unknown?"

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Bitdefender 2018

Roam freely in the digital world. Critically acclaimed performance and security at your fingertips.

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?