By now you’ve probably seen the WikiLeak/CIA headlines:
WikiLeaks not only sought to demonstrate that the CIA lost control of the majority of its hacking arsenal, but proved it. By the largest release of CIA intelligence documents in history, it was proven that the CIA lost control of its malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation.
The release of some 7,818 web pages and 943 attachments, called the “Vault 7,” constitutes a broad cyber arsenal. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.
Not surprisingly, anonymous “cyber security experts” sympathetic to the surveillance state immediately played down the leaks claiming that “much of what was described in the documents was aimed at older devices that have known security flaws.”
But not everyone is so quick to dismiss the damage.
Joel Brenner, former U.S. top counterintelligence official, admitted the leak was “a big deal.” This release, described by WikiLeaks as only “an introductory disclosure,” would greatly assist rival states, cyber criminals and hackers trying to catch up to the more advanced cyber capabilities of countries like the U.S., Russia, China and Israel.
As with the NSA revelations by whistleblower Edward Snowden, the largest technology companies are once again embarrassed by revelations about the level of their cooperation with intelligence agencies against their own consumers.
And, with no end of irony, they are angered to see evidence of additional government attacks on their products despite their support.
Equally angered are the U.S. and international companies dismayed to find out that the CIA did not disclose to the manufacturers their findings. Instead they deliberately left identified vulnerabilities and malware and placed huge swathes of the U.S. population and critical infrastructure at risk to foreign intelligence or cyber criminals.
Whether or not we are watching a mini civil war among competing factions of the Deep State, one of the more explosive claims has already had major political ramifications in the U.S.
The political attacks on the Trump administration by Democrats and their allies in the media and intelligence community relied on “anonymous CIA sources.” Those sources claimed to see Russian fingerprints in the phishing attack of John Podesta’s email.
However, that evidence-free narrative was greatly undercut last week by leaked CIA documents describing a false flag program called “UMBRAGE.” It was designed to allow the CIA to routinely appear as if they were hackers operating out of Russia.
After a steady drumbeat of breathless reporting about the Russians “hacking” the U.S. election, the CIA’s UMBRAGE leak is drawing some attention. Commentator Bill Mitchell captured many people’s reaction to the news of the CIA’s false flag cyber program with this tweet:
Do you remember the disclosure of a quarter million diplomatic cables by Army Intelligence analyst Bradley Manning in 2010?
Or the hundreds of thousands of documents released by the National Security Agency’s Edward Snowden in 2013?
Well, the WikiLeaks Vault 7 release has once again highlighted the inability of U.S. spy agencies to protect secrets in the digital age.
But this rise in releasing what is supposed to be confidential information is not going to stop any time soon.
In the last 30 years we’ve gone from photocopying and moving paper to the ease of downloading, storing and moving millions of documents in seconds. The surveillance state simply cannot prevent whistleblowers and WikiLeaks for releasing stolen material.
Neither governments nor companies can trust the people within their organizations to safeguard classified, sensitive or proprietary material in the digital age.
This is good news for liberty. Joel Brenner has it right:
“Anybody who thinks that the Manning and Snowden problems were one-offs is just dead wrong… If secrets are shared on systems in which thousands of people have access to them, that may really not be a secret anymore. This problem is not going away, and it’s a condition of our existence.”
The World Economic Forum (WEF) recently published its annual Global risk report. The report highlights the risks emanating from cyber espionage. It focuses on the rise of cyber dependency due to increasing digital interconnection of people, things and organizations.
The WEF has ranked cyberattacks as just behind terror attacks in both their impact and likelihood. This is because of the increasing complexity and interdependencies among systems of global communications and computing, information and economic flows that power the global economy.
The Cyber Research Databank recently summarized the WEF report and concluded that “As demonstrated by the DNC hack (which by now is blamed on Russia), and the recent Ukraine power outage due to cyber-attack show how cyber-attacks can be used for political and diplomatic means.
“It is not unlikely that the severity and frequency of such attacks will intensify in the coming years, and that additional actors (such as terror and hacktivist groups) will also partake in these activities. It is also possible that such actors will utilize the vulnerabilities… to exaggerate the impact of attacks.”
Now, we know the Trump administration is finalizing their executive order on the cybersecurity sector. We know that he will be spending defense money in the cybersecurity sector.
But now, we have worldwide attention being focused on cyber vulnerabilities in the aftermath of the WikiLeaks and the CIA’s failure to maintain control of their cyber arsenal.
These circumstances make this as timely an investment recommendation as they can get.
OK, so we have our thesis that has been playing out in the very headlines of the world’s papers.
Every company and government agency have teams reviewing the Vault 7 information and rethinking their vulnerability and their options.
We know that tech companies are scrambling to plug the gaps identified in the WikiLeaks release…
So that told Jim and I that we needed to find our readers a company that fit our D.R.O.N.E. system requirements.
We wanted to find a company that not only had all the right cyber security capabilities, but that has a demonstrable track record of winning big cyber security business. We also wanted it to be small enough that new contracts could really increase its value rapidly.
After evaluating over a hundred companies, we think we found the right company…
It provides information technology (IT) consulting, managed services and technology integration services in some of the most advanced security environments, in both the commercial and defense sectors.
And it should do very well in this upcoming environment (click here to learn how to access information about this firm).