CIA hacking shows need for cyber rules

By Yang Sheng Source:Global Times Published: 2017/3/9 0:03:40

WikiLeaks exposes US double standard

The international community should set rules to better regulate the activities of countries in cyberspace, Chinese experts said, after WikiLeaks exposed the CIA's mass hacking of electronic devices.

The scandal shows the double standard of the US on cyber attacks, experts noted.

WikiLeaks on Tuesday released thousands of pieces of documents that it said revealed the secret tools the CIA has used to hack people's smartphones, computer operating systems and even smart TVs. A statement from WikiLeaks said that the 8,761 documents were obtained from "an isolated, high-security network" situated inside the CIA's hacking division, the Center for Cyber Intelligence, in Langley, Virginia.

"Code-named 'Vault 7' by WikiLeaks, it is the largest ever revelation of confidential documents on the agency," the statement said, noting the leaks detailed "the scope and direction of the CIA's global covert hacking program."

The leaks shocked the international community for the scale of hacking on gadgets people use everyday. However, it is not surprising as many Western intelligence agencies, especially those in the US, have engaged in such activities before, said Zuo Xiaodong, vice president of the China Information Security Research Institute.

According to WikiLeaks, by the end of 2016, the CIA's Center for Cyber Intelligence had over 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware.

According to a Guardian report, "Everyday consumer devices including smartphones running iOS and Android operating systems, Windows and Mac computers, and even smart TVs made by manufacturers such as Samsung have all been targeted by the CIA."

For smart TVs, the leaks said "Weeping Angel," a malware developed by the CIA's Embedded Devices Branch (EDB), "infests smart TVs, transforming them into covert microphones."

The CIA attack against Samsung smart TVs was developed in cooperation with the UK intelligence agency MI5. Weeping Angel puts the target TV in a "Fake-Off" mode, so that the owner falsely believes the TV is off when it is actually on. In "Fake-Off" mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

The CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from both iOS and Android smart phones. 

"These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo [thought to refer to China's Weibo], Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied."

Additionally, the CIA can also use its technologies to frame other countries. Reuters reported that Stuart McClure, CEO of Cylance, a cyber security firm based in Irvine, California, said that "one of the most significant disclosures" from the leaks "shows how CIA hackers cover their tracks by leaving electronic trails suggesting they are from Russia, China and Iran rather than the US." 

Need for regulation

An expert working for Chinese cyber security agencies who requested anonymity said this kind of technology is not new. "China, of course, has the capability to defend national interest in cyberspace," he said.

However, "There is no perfect plan which can completely prevent cyber attacks. Even the US, which is home to iOS, Android and Windows systems, can't entirely avoid cyber attacks, not to mention China," he added. "Currently we are still heavily relying on foreign IT products, but even if we become an IT superpower like the US one day, we still can't fully prevent cyber attacks."

Everyone in the international community could be or has already been a victim of a cyber attack, Zuo said, so China has been urging the UN to set international rules to regulate countries' behavior in cyberspace.

"China doesn't legitimize any kind of cyber attack, compared with the US which believes that cyber attacks should be legitimized as long as it doesn't hurt non-governmental sectors like companies and social organizations," Zuo said.

The US has overwhelming superiority over any other country on hacking, so it wants "a rule for the stronger," which in other words, is a double standard, Zuo said.


blog comments powered by Disqus