By now you may have read that whistleblowers WikiLeaks have released a cache of documents code-named ‘Vault 7’, which contain details of hacking tools claimed to be used by the CIA. One of the highlighted documents details bypass techniques for 21 security software products and ways in which they could be exploited to invade the privacy of their customers.
Note: Given the severity of these revelations, and the importance we place on customer privacy, we have scanned the Vault 7 documents and could not find any evidence that the CIA was able to exploit Emsisoft products. We will continue to monitor the situation and update customers should this change.
What is in Vault 7?
WikiLeaks claims 7,818 web pages and 943 attachments have been published and are only the first part of much more material to be revealed. WikiLeaks says it has an entire archive of data consisting of several million lines of computer code though did not say when they planned to release the rest of the documents.
The files outline CIA plans with descriptions of types of malware and other tools that may be used to gain access into some of the world’s most popular technology platforms. Developers plan to be able to inject these tools into targeted computers without the owners’ awareness. Specific targets were not listed but it was clear that these tools and masses of other information were being exchanged between the CIA, the National Security Agency and other US federal intelligence agencies, as well as intelligence services of close allies Australia, Canada, New Zealand and the United Kingdom.
One specific document, labeled “Personal Security Products (PSPs)” contains descriptions of various exploits and methods that could be used to bypass the named security products, which includes a variety of popular anti-virus solutions as well as smaller security vendors. As we mentioned in the opening paragraph, we could not find any mention that Emsisoft has been targeted or that exploits were available for our products.
Who’s responsible for the leak?
WikiLeaks claims the material was sourced from “an isolated, high-security network” inside the CIA’s Center for Cyber Intelligence, the spy agency’s internal arm that conducts cyber offence and defense. It is said that documents were “circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive”.
The Guardian reports “A spokesman for the CIA said the agency would not comment ‘on the authenticity or content of purported intelligence documents’. Trump administration spokesman Sean Spicer declined comment as well.”
What can you do to keep your data private?
While there are no guarantees, as with any kind of outbreak, ensuring your defenses are intact is the first step. So make sure you:
- Keep your software and operating systems up to date.
- Do not install applications from unfamiliar sources or untrusted websites.
- Read permissions closely when requested by programs or apps.
- Back up data and devices frequently.
Have a nice (hack-free) day!