Security researcher, Symantec Corp (SYMC.O) said on Monday (April 11) that a series of computer viruses targeting companies and organizations closely resembles the Vault 7 hacking tools that was disclosed by web publisher, WikiLeaks alleging the U.S. Central Intelligence Agency’s snooping tools have been tied to scores of cyberattacks. Valut 7 data dump was linked to a rash of trojans and zero-day vulnerabilities that have infected computers since 2011.
The files posted by WikiLeaks appear to show internal CIA discussions of various tools for hacking into phones, computers and other electronic gear including televisions, along with programming code for some of them, and multiple people familiar with the matter have told Reuters that the documents came from the CIA or its contractors.
The attacks lumped together into a single virus code named as ‘Longhorn’ may have been involved in at least 40 attacks in 16 countries in the Middle East, Europe, Asia, and Africa. The victims include companies in the financial, telecom, energy, aerospace, IT, education, and natural resources sectors, as well as governments and international NGOs.
Symantec made the link between Longhorn and the WikiLeaks CIA hacking trove using changelog data, which shows that new features were added to the CIA tools at the same time as updates to some of Longhorn's tools. Other similarities exist, too, including cryptographic practices and the methods that both sets of tools use to cover their tracks on the systems they infect.
Symantec said it first became aware of Longhorn in 2014, and that its anti-virus products provide protection against the malware. The company hasn't identified any domestic targets; although it observed one computer in the US infected with Longhorn, the virus uninstalled itself within hours, suggesting that the infection was inadvertent.
The CIA has not confirmed the Wikileaks documents are genuine. But agency spokeswoman Heather Fritz Horniak said that any WikiLeaks disclosures aimed at damaging the intelligence community "not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm.” Horniak added that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home.
Symantec didn't directly blame the CIA for the hacks, which occurred at unspecified dates, according to Reuters. The company also told Reuters that the targets were all government entities or had legitimate national security value, and were based in Europe, Asia, Africa and the Middle East.
The CIA tools described by Wikileaks do not involve mass surveillance and all of the targets were government entities or had legitimate national security value for other reasons, Symantec researcher Eric Chien said.
WikiLeaks first announced its possession of the Vault 7 hacking tools in early March, claiming that they were widely circulated among government contractors, one of whom leaked them to the organisation.
The CIA is best-known for its human intelligence sources and analysis, not vast electronic operations. For that reason, being forced to build new tools is a setback but not a catastrophe.
The WikiLeaks disclosures have added to widespread anxiety about online snooping and the erosion of digital privacy. Those fears stretch back beyond Edward Snowden's revelations four years ago about NSA surveillance, and they hit a new high point in early 2016 when Apple battled the US government over access to iPhones. Hacked emails, meanwhile, became a hot-button issue in last year's presidential election.
