top of page
  • Mike McCormick

Declassify CIA Vault 7

As you probably know, a trove of documents about classified CIA hacking tools code-named “Vault 7” was recently published by WikiLeaks. It’s likely those tools are already falling into the hands of criminals, foreign governments, and others, although WikiLeaks hasn’t decided whether to publicly release them into the wild yet.

There are things you can do to protect yourself – more about that in a moment. But first, a plea to the US government:

Declassify the leaked CIA materials!

WikiLeaks offered to share everything they have with tech companies such as Apple, Google, and Microsoft so they can fix vulnerabilities the CIA hackers exploited. But since the material is still classified secret, tech companies face a legal dilemma. Working with secret documents without proper clearance is illegal, as press secretary Sean Spicer reminded us recently. Security researchers face a similar dilemma. Those with security clearance risk losing it if they discuss contents of classified material.

It’s silly to maintain secret classification of material that is now in the public domain. The federal government should immediately declassify the files WikiLeaks published so tech companies, security researchers, and others can work with them. Additionally, “read in” key trustworthy people to legally access material not yet published by WikiLeaks. Otherwise Julian Assange may feel forced to leak even more CIA material simply to deliver it to the tech community.

Okay, as promised, here are fifteen simple things you can do to protect yourself:

  1. Run most current iOS on all your iPhone & iPad devices, and apply next update immediately

  2. Apply the next Android update immediately

  3. Set PCs to automatically download and apply Windows updates from Microsoft

  4. Set Macs to automatically download and apply OS/X updates from Apple

  5. Don’t let Internet Explorer web browser remember passwords for you

  6. Consider changing your anti-virus program if you use AVG, Avira, Comodo, or F-Secure

  7. Consider replacing your network router if it’s made by MicroTik or RouterBoard

  8. Avoid Huawei brand modems, especially HG-510 and MT660a models

  9. Avoid Rikomagic model MK802 mini PCs

  10. Do not use VLC Player media player software

  11. Don’t discuss confidential matters on “encrypted” mobile messaging apps WhatsApp, Signal, Telegram, Wiebo, Confide, or Cloakman

  12. Cover webcam lens on laptops and PCs when not in use

  13. Don’t discuss confidential matters within range of an Amazon Echo or Google Home device

  14. Don’t discuss confidential matters on a Siemens Openstage model land line telephone

  15. Update your TV firmware if you have a Samsung model UNES7550F, UNES8000F, or UNF7000/UNF7500/UNF8000 series unit; or a E8000GF/F8500 plasma set


UPDATE 6/19/2018: A former CIA employee was charged with stealing the Vault 7 files and giving them to WikiLeaks.


Michael McCormick is an information security consultant, researcher, and founder of Taproot Security.

bottom of page