Tools revealed by Wikileaks’ Vault 7 release that are claimed to be used by the Central Intelligence Agency to hack computers have been linked to 40 spying operations in 16 countries, according to new research.
Security firm Symantec Corp. made the claim based on its own analysis of “Longhorn,” a group that has been active since 2011 and possibly as early as 2007.
“The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 [Wikileaks] documents, in addition to following leaked guidelines on tactics to avoid detection,” the company said in a blog post. “Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.”
Longhorn targeted governments as well as financial, telecommunications, energy, aerospace, information technology, education and natural resources companies across the world using zero-day (not previously discovered) and Trojan Horse malware. But the most favored targeted region was the Middle East. Despite the CIA not legally being able to operate within the United States, Symantec claims that on one occasion a computer within the United States was compromised using the tools. Strangely, an uninstaller was launched within hours, indicating that the CIA may have hacked the computer by accident.
Notably, Symantec itself never once stated that the CIA is behind the hacks. It said the tools revealed by Wikileaks match those used by the Longhorn group, but given that Vault 7 details CIA tools, there’s zero question as to the implications of the research.
The CIA has neither responded to the Symantec allegations nor confirmed the veracity of the Wikileaks dumps. It said only that any WikiLeaks disclosures aimed at damaging the intelligence community “not only jeopardize US personnel and operations but also equip our adversaries with tools and information to do us harm.”
“It is important to note that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so,” spokesman Heather Fritz Horniak told IT News.
Symantec noted that its security software has protected against the tools used by Longhorn for three years, implying that its users are safe from hacking attempts by the U.S. government.