In an age of nation-state level cyberwarfare, countries with the best hacking tools are the new military powers. The US has been aggressive in efforts to find new and powerful vulnerabilities to exploit, and slow in disclosing them to vendors. But it has also not been effective in keeping those secrets from falling into the hands of hackers such as the Shadow Brokers and whistle-blower sites such as and the Intercept.

Which raises the question: how much damage can such leaks do, and should the likes of WikiLeaks be disclosing them in the first place?

Vault 7 showed capabilities, Vault 8 shows actual

With Vault 7, WikiLeaks documented many of the ’s activities and capabilities. Though it led to revelations about how the intelligence agency could hack all manner of devices and systems – from cars and smart TVs to web browsers and Operating Systems, it never outlined explicitly how these attacks were done.

The Vault 8 disclosures, however, sees the whistle-blower site take a different approach. The leaks will release source code for those CIA software projects. So far, only one project—a back-end infrastructure project called Hive—has been released. But more are due to follow. And this could potentially have major repercussions.

NSA-based exploits published by the Shadow Brokers hacker group led to both the and NotPetya attacks, while some suggest that many of the publicised methodologies used by the NSA have also been adopted by criminals. WikiLeaks claims all the material published in Vault 8 will not contain the material published by zero-days or other vulnerabilities which could be repurposed by others. However, some remain unconvinced.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here