While not as sexy as the initial “Vault 7” leak, WikiLeaks’ newest CIA dump shows that the spy agency was working on hacking iPhones just months after they first launched in 2007 and that the CIA had even hacked Apple dongles and adapters. Named “Dark Matter,” the new WikiLeaks release includes information on the CIA’s efforts to infiltrate smart devices, specifically those made by Apple, as early as 2008.
The documents released in the latest dump show that the CIA had plans to intercept shipments of iPhones and infect them with a piece of software named “NightSkies v1.2.” The software would log your text messages, contacts, and call logs and upload them directly to the CIA’s servers. While the software is old, it was shown to be a powerful tool to skim information from the early versions of the iPhone.
Another older hack “DarkSeaSkies” was comprised of three different pieces of software and was meant to hack into the hard drive of older MacBook Airs and other Mac computers. It was a simple way to allow the CIA to remotely access someone’s computer, run commands, and gather data.
Other newer tools were also revealed in the leak. The most unique is the “Sonic Screwdriver,” a tactic that would infect an internet adapter with software that would automatically install and run, without the end user ever knowing. This hack was rendered ineffective in 2015 by Apple software fixes.
Also detailed were “Triton” & “Der Starke.” Triton could be installed on your Mac from a network and would provide access to all of your files and folders. Whereas “Der Starke is another beast altogether,” according to TechCrunch,
“you won’t be able to find it on your hard drive. […] Like Triton, the CIA can get data from your computer, but it remains as silent as possible. When it uploads data, it mimics a browser process so that it looks like you’re just uploading a photo to Facebook.”
These tactics were first talked about in general terms in information leaked by Edward Snowden, seeing the specifics laid out in “Dark Matter” only confirm his accounts. The leaks show that the CIA likely intercepted devices straight out of the factory and installed their malware on them, before reintroducing them to the supply chain.
These exploits were developed and deployed as President Bush called for a “Vulnerabilities Equities Process,” which called for government agencies to share software exploits with manufacturers in order to build a stronger network of nationwide cyber security. Hoarding techniques like these and the “zero day” exploits named in the previous round of Vault 7 leaks was discouraged by the government.
The release shows that the CIA was working to operate independently from the NSA earlier than we saw in the original Vault 7 leaks. The CIA has not directly verified the authenticity of the leaks, but the agency has tried to have the leaks blocked from being used in court, due to their classified content. That effort is a strong indicator that the leaks are genuine.