When Will We Learn Almost Everything Is Potentially Hackable?


When Will We Learn Almost Everything Is Potentially Hackable?

This week’s WikiLeaks release of what is apparently a trove of Central Intelligence Agency information related to its computer hacking should surprise no one: Despite its complaints of being targeted by cyberattackers from other countries, the U.S. does a fair amount of its own hacking. Multiple federal agencies are involved, including the CIA and the National Security Agency, and even friendly nations. These latest disclosures also remind us of the cybersecurity truism that any electronic device connected to a network can be hacked. The Conversation

As cybersecurity researchers conducting a preliminary review of the data released in what WikiLeaks calls “Vault 7,” we find the documents mostly confirm existing knowledge about how common hacking is and how many potential targets there are in the world.

This round of leaks, of documents dating from 2013 to 2016, also reinforces perhaps the most troubling piece of information we already knew: Individuals and the government itself must step up cyberdefense efforts to protect sensitive information.

Almost everything is hackable

For years, security experts and researchers have warned that if something is connected to the internet it is vulnerable to attack. And spies around the world routinely gather intelligence electronically for diplomatic, economic and national security purposes.

As a result, we and others in the cybersecurity community were not surprised by the 2013 revelations from former NSA contractor Edward Snowden. We knew that the spying programs he disclosed were possible if not likely. By contrast, the general public and many politicians were astounded and worried by the Snowden documents, just as many citizens are surprised by this week’s WikiLeaks disclosure.

One element of the new WikiLeaks “Vault 7” release provides more insight into the scope of government spying. In a project called “Weeping Angel,” CIA hackers and their U.K. counterparts worked to turn Samsung F8000 smart television sets into remote surveillance tools. Hacked TV’s could record what their owners said nearby, even when they appeared to be turned off.

The fact that the CIA specifically targeted smart televisions should serve as yet another a wake-up call to the general public and technology manufacturers about cybersecurity issues inherent in modern devices. Specifically, “smart home” and Internet of Things devices represent a massive vulnerability. They are open to attack not only by government organizations seeking intelligence on national security information, but terrorists, criminals or other adversaries.

It’s not necessarily a good idea to have always-on and network-enabled microphones or cameras in every room of the house. Despite many of these devices being sold with insecure default settings, the market is growing very rapidly. More and more people are buying Google Home or Amazon Echo devices, Wi-Fi enabled baby monitors and even internet-connected home-security equipment.

These have already caused problems for families whose devices overheard a TV newscaster and ordered dollhouses or whose kids were tracked by a teddy bear. And large parts of the internet were disrupted when many “smart” devices were hijacked and used to attack other networked systems.

Phones were a key target

The CIA also explored ways to take control of smartphone operating systems, allowing the agency to monitor everything a phone’s user did, said or typed on the device. Doing so would provide a way around post-Snowden encrypted communications apps like WhatsApp and Signal. However, some of the CIA’s methods of attack have already been blocked by technology vendors’ security updates.

The CIA’s apparent ability to hack smartphones casts doubt on the need for officials’ repeated calls to weaken mobile phone encryption features. It also weakens the government’s claim that it must strengthen surveillance by not telling tech companies when it learns of security weaknesses in everyday products. Just like the door to your house, technological vulnerabilities work equally well in providing access to both “good guys” and “bad guys.”

Ultimately, as a society, we must continue to debate the trade-offs between the conveniences of modern technologies and security/privacy. There are definite benefits and conveniences from pervasive and wearable computing, smart cars and televisions, internet-enabled refrigerators and thermostats, and the like. But there are very real security and privacy concerns associated with installing and using them in our personal environments and private spaces. Additional problems can come from how our governments address these issues while respecting popular opinion and acknowledging the capabilities of modern technology.

As citizens, we must decide what level of risk we – as a nation, a society and as individuals – are willing to face when using internet-connected products.

We’re frequent attackers – but bad defenders

The WikiLeaks release also reconfirms a reality the U.S. might prefer to keep quiet: While the government objects to others’ offensive cyberattacks against the United States, we launch them too. This isn’t news, but it hurts America’s reputation as a fair and aboveboard player on the international stage. It also also reduces American officials’ credibility when they object to other countries’ electronic activities.

Leaks like this reveal America’s methods to the world, providing plenty of direction for adversaries who want to replicate what government agents do – or even potentially launch attacks that appear to come from American agencies to conceal their own involvement or deflect attribution.

But perhaps the most disturbing message the WikiLeaks disclosure represents is in the leak itself: It’s another high-profile, high-volume breach of information from a major U.S. government agency – and at least the third significant one from the secretive intelligence community.

Perhaps the largest U.S. government data loss incident was the 2014 Office of Personnel Management breach that affected more than 20 million current and former federal workers and their families (including this article’s authors). But the U.S. has never truly secured its digital data against cyberattackers. In the 1990s there was Moonlight Maze; in the 2000s there was Titan Rain. And that’s just for starters.

Our government needs to focus more on the mundane tasks of cyberdefense. Keeping others out of key systems is crucial to American national security, and to the proper function of our government, military and civilian systems.

Achieving this is no easy task. In the wake of this latest WikiLeaks release, it’s certain that the CIA and other agencies will further step up their insider-threat protections and other defenses. But part of the problem is the amount of data the country is trying to keep secret in the first place.

We recommend the federal government review its classification policies to determine, frankly, if too much information is needlessly declared secret. Reportedly, as many as 4.2 million people – federal employees and contractors – have security clearances. If so many people need or are given access to handle classified material, is there just too much of it to begin with? In any case, the information our government declares secret is available to a very large group of people.

If the U.S. is going to be successful at securing its crucial government information, it must do a better job managing the volume of information generated and controlling access to it, both authorized and otherwise. Granted, neither is an easy task. However, absent fundamental changes that fix the proverbial cult of classification, there likely will be many more WikiLeaks-type disclosures in the future.

About The Author

Richard Forno, Senior Lecturer, Cybersecurity & Internet Researcher, University of Maryland, Baltimore County and Anupam Joshi, Oros Family Professor and Chair, Department of Computer Science & Electrical Engineering, University of Maryland, Baltimore County

This article was originally published on The Conversation. Read the original article.

Related Books

Cunningly Smart Phones: Deceit, Manipulation, and Private Thoughts Revealed

justiceAuthor: Jack M. Wedam
Binding: Paperback
Studio: Xlibris
Label: Xlibris
Publisher: Xlibris
Manufacturer: Xlibris

Buy Now
Editorial Review: Corporations are spying on you more than government spies ever could. Just follow the money to find out how and why. Corporations can often predict what you will do next, detect subtle changes in your mood, and essentially know what you're thinking about. Development of behavioral biometrics accelerated after 9/11. Some of the research and development was funded by the government to identify potential terrorists and protect the public. However, these technologies are now used by corporations to trample your privacy, practically read your mind, and manipulate you to enhance their profits. Verify the facts yourself. This book contains over two hundred references, including court documents, patents, official government documents, and many other sources. You can do many things to protect yourself. With your help, this book can do for Internet privacy what Ralph Nader's Unsafe at Any Speed did for automobile safety.

WiFi Snoopers Hacking via msPY + FLEXISPY SMARTPHONE: Person to Person - Hacking with Smartphones

Binding: Kindle Edition
Format: Kindle eBook

Buy Now
Editorial Review: A Mini E-Book explaining the NEW DANGERS of WiFi Hackers using Smartphones with HACKER SOFTWARE like mSpy or FlexiSpy to READ YOUR DATA + FILES on your SMARTPHONE
by Research Computer Scientist - John J. McMonagle of Silicon - Wall Street - R+D Groups in the 1980s and 1990s.

How To Control Your Smartphone Privacy: Smartphone Living Without Stress, Fear And Anxiety Because Peace Is Priceless!

justiceAuthor: Michael Shaw
Binding: Kindle Edition
Format: Kindle eBook
Studio: CallmeEvo, LLC
Label: CallmeEvo, LLC
Publisher: CallmeEvo, LLC
Manufacturer: CallmeEvo, LLC

Buy Now
Editorial Review: Today, we breathe in a world where all of our communications are based upon mobile networking systems. Our smartphones is the best equipment to live freely in the arena of established software technology through which the world is expanding swiftly. There are numerous applications which you download every day, to play or compose your favorite melody, enjoy enlivening gaming on your mobile phone and fulfill infinite other purposes. We are also living emotionally and financially on our phones. For example, we make bank transactions, work or business transactions and social media has taken over our society. Our predilections are grossly evident by messaging, phone calls and the photo applications we use and download.

We consider that whatever we do on our smartphones is vitally private and nobody can access our personal data and connections. Contrary to that thinking, all of our information is accessible to malevolent and selfish people, which they craftily use tactics to achieve their goals either through vengeance, money making, stalking or mere treachery. These people either are the mobile phone hackers called phreakers or the SDK developers. If you have ever said " I wonder if this message, photo or private info is safe to send", you are not alone.

The main point to grasp is that the social networking applications can access all your mobile personal data. All your text messages, bank transactions made online, the amount of salary earned, camera pictures and applications of your interest are all at great risk of getting leaked to some data brokers. Therefore, whatever you do on your smartphone or iPhone is highly insecure as far as privacy is concerned. Let us share with you tips and action steps to take control of your private information.


follow InnerSelf on


 Get The Latest By Email


follow InnerSelf on


 Get The Latest By Email