Analysis of Vault 7, CIA Hacking, FAQ P4

Analysis of Vault 7, CIA Hacking, FAQ P4
0 comments, 13/03/2017, by , in Technology

For those of you so inclined to visit the WikiLeaks Vault 7 website to examine documents so you can patch vulnerabilities the CIA exploits without cause or warrant, this FAQ written by WikiLeaks will help.

Why Now?

WikiLeaks published as soon as its verification and analysis were ready.

In February the Trump administration has issued an Executive Order calling for a “Cyberwar” review to be prepared within 30 days. While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.

Redactions

Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete.

  1. Over-Redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.
  2. Identity vs. Person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.
  3. Archive Attachments (zip, tar.gz, …): are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.
  4. Attachments with Other Binary Content: are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.
  5. The Tens of Thousands of Routable IP Addresses References: includes more than 22 thousand within the United States that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.
  6. Binary Files of Non-Public Origin: are only available as dumps to prevent accidental invocation of CIA malware infected binaries.

Organizational Chart

The Organizational Chart corresponds to the material published by WikiLeaks so far.

Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.

Wiki Pages

“Year Zero” contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, proprietary software from Atlassian. Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions.

The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page).

What Time Period Is Covered?

The years 2013 to 2016: The sort order of the pages within each level is determined by date (oldest first).

WikiLeaks has obtained the CIA’s creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order. If it is critical to know the exact time/date then contact WikiLeaks.

What is “Vault 7”

“Vault 7” is a substantial collection of material about CIA activities obtained by WikiLeaks.

When Was Each Part Of “Vault 7” Obtained?

Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.

Is Each Part Of “Vault 7” From A Different Source?

Details on the other parts will be available at the time of publication.

What Is The Total Size Of “Vault 7”?

The series is the largest intelligence publication in history.

How Did Wikileaks Obtain Each Part Of “Vault 7”?

Sources trust WikiLeaks to not reveal information that might help identify them.

Isn’t Wikileaks Worried That The CIA Will Act Against Its Staff To Stop The Series?

No. That would be certainly counter-productive.

Has Wikileaks Already ‘Mined’ All The Best Stories?

No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.

Won’t Other Journalists Find All The Best Stories Before Me?

Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.

This article is part 4 of 4 concerning the WikiLeaks CIA spy dump. The actual documents may be found at the WikiLeaks Website and will not be disclosed here due to sheer volume.

About admin

Any article submitted to NHN from a freelance author or news wire service is published on the NHN website by a staff writer/editor. Author by-line and profiles are included in the article if provided by author.