Your Bitcoins Open to CIA and Criminals, Heed Wikileaks’ Warning

Wikileaks has exposed the CIA’s hacking tools and techniques in “the largest ever publication of confidential documents on the agency.” Some readers are probably compromised without knowing it – if not by the government, then by criminals who have acquired the non-secured tools. Here’s how to assess your vulnerability and what to do about it. 

Also read: Bitcoin Gamblers Have Wagered $4.5 Billion in BTC Since 2014

What is “Vault 7”?

Your Bitcoins Open to CIA and Criminals, Heed Wikileaks' Warning“Vault7” is Wikileaks’ codename for a series of massive document releases on the e-surveillance and cyber-warfare techniques of the CIA. It is not known how many releases will occur but four have so far.

  • March 7: “Year Zero” contains over 8,000 documents or “more than several hundred million lines of code” – that render the CIA’s entire hacking capacity.
  • March 23: “Dark Matter” documents several CIA projects to infect Apple Mac firmware and explains how the CIA gains “persistence” on “Apple Mac devices, including Macs and Iphones” and how it uses “EFI/UEFI and firmware malware.”
  • March 31: “Marble Framework” offers 676 source code files for the CIA’s program that aims “to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.”
  • April 7: “Grasshopper” contains 27 documents from the CIA regarding “a platform used to build customized malware payloads for Microsoft Windows operating systems.”

“Year Zero” is the most interesting to Bitcoin users because it documents proximate dangers. “Grasshopper” is also important to examine.

Which Devices are Vulnerable to CIA ‘Infection’?

Your Bitcoins Open to CIA and Criminals, Heed Wikileaks' WarningThis Wikileaks dump reiterated something we already knew; Our devices are fundamentally unsafe. No matter what kind of encryption we use, no matter which secure messaging apps we take care to run, no matter how careful we are to sign up for two-factor authentication, the CIA—and, we have to assume, other hackers—can infiltrate our operating systems, take control of our cameras and microphones, and bend our phones to their will. The same can be said of smart TVs, which could be made to surreptitiously record our living-room conversations.

Consider just three.


Reason magazine states the danger simply. “According to Wikileaks, the documents show the CIA has a specialized unit specifically for stealing data from Apple products like the Iphone and the Ipad, and another unit for Google’s Android mobile operating system. These units create malware based on ‘zero- day’ exploits that the companies that develop the compromised systems are not aware of.”

PC Backdoors

CIA can reputedly infect computers which run on Windows XP, Windows Vista and Windows 7. Mac OS or Linux – those are reported to be affected as well.

Weeping Angel

C/net reports that Weeping Angel is an “alleged spying tool, co-developed by the CIA and the UK’s MI5 security agency, which lets a Samsung Smart TV (specifically, the F8000 Smart TV) pretend to turn itself off — and record your conversations — when you’re not using the screen.” Although there is evidence of development since 2014, there is no hard evidence of completion. Note: Samsung drew sharp criticism in 2015 when its smart TVs were shown to be recording private conversations.

Weeping Angel may not affect Bitcoin use directly but it demonstrates the pervasive surveillance being pursued by the CIA.

A Truly Troublesome Wrinkle – Criminals

Your Bitcoins Open to CIA and Criminals, Heed Wikileaks' WarningMost people will not be targeted by the CIA or even by government agencies with which the hacking tools may have been shared, like the IRS. But the CIA seems to have lost control of their own tools including weaponized viruses, malware, and trojans. The tools, code, and strategies apparently circulated freely among former contractors and hackers for the U.S. government, who were not authorized to view them.

NBC News reported on an interview with Wikileaks founder Julian Assange. “Assange ridiculed the CIA for failing to guard information about its online arsenal, allowing it to be passed around within the intelligence community. That is how the material ended up in Wikileaks’ hands ─ and, possibly, criminals’, he said.” Wikileaks has “held off publishing viruses and other weapons”; it has delayed publication in order to first “disarm” the tools.

You should assume that weaponized hacking tools are in private hands. The CIA may not consider you “worthy” of targeting but criminals are less discriminating.

What to Do in Self-Protection?

  1. Avoid the specific companies, devices and operating systems mentioned in Vault 7. Wikileaks has compiled an impressive list of the “companies, products, tools, and terms that are mentioned in the Vault 7: CIA Hacking Tools Revealed publication to date.” The list is here.
  2. Some companies, like Mozilla, have vowed to fix the vulnerabilities, and Assange has provided incentive. A headline in the Washington Examiner (March 18) stated, “Wikileaks threatens to reveal tech companies that haven’t responded to help offer against CIA hacks.” But how will you know if the companies actually come through? If you are loyal to an operating system, as I am to Linux, then take further steps.
  3. Don’t abandon encryption. It still offers better security than “naked” transmissions.
  4. If your iOS and Android devices are compromised, so are your apps because input can be grabbed before encryption. Use open source software whenever possible. Richard Stallman of the GNU Project explained: “Proprietary software tends to have malicious features. The point is, with a proprietary program, when the users don’t have the source code, we can never tell. So you must consider every proprietary program as potential malware.” (Android’s core is open source but closed source has been added on top of it.)
  5. Keep strangers physically away from your devices, because some of the compromises revealed seem to require a physical interaction.
  6. Update your operating systems to the latest version. The company may have fixed security weaknesses and your current system may not accept security updates. Alternatively, consider switching to an older “dumb” phone.
  7. Use an antivirus program. If a backdoor was installed with the company’s cooperation, malware may not be detected, let alone fixed, by security updates.
  8. Don’t just turn devices off. One security advisor suggests treating microphones as if they were guns. Always assume they are loaded and unplug them.

Stay safe out there.

What do you think about the CIA’s hacking tools, and Vault 7? Let us know in the comments below. 

Images courtesy of Shutterstock, Pixabay, and Wikileaks. 

Bitcoin Games is a provably fair gaming site with 99% or better-expected returns. Try it out here.

  • Good Easter Friday to all. I will be dropping by the commentary section in order to chat and to answer questions. Enjoy your day.

    • concerndcitizen

      Thanks for sharing this, Wendy. Readers need to be aware there are three layers of potential vulns we are talking about here. 1) hardware, nearly everything made in China, most routers and mobile devices have things built into the hardware, some as tools for the original developers, others have been installed intentionally to create a back door. 2) OS vulnerabilities, Unix/Linux are the safest, but there are rumors about some things added to the kernal and Windows and now Mac for sure have backdoors. 3) Applications. Any one of these can open you up. As for encryption, it’s better than plain text, but keep in mind all publicly available encryption is broken by major security agencies. That’s not what’s as worrying, it’s when these things get leaked out to the public, the tools fall into the hands of cyber criminal gangs and that appears to be where we are today.

      Most of your experienced readers may know the following, but it’s worth repeating for new crypto users.
      Crypto is low hanging fruit on your computer, anyone who gets access will be looking through for data files and browser logs to identify where your coins might be stored. Never keep more than a minimal amount in any hot wallet, always use offline cold storage and do not keep hardware storage attached longer than necessary to do your transaction, then remove it and store safely. When generating keys, it’s best to use a machine not attached to any network (especially no wifi). Write down the keys on paper, away from any microphones/camera and never use a photocopier or scanner to make copies of your private keys or the seed used to generate the keys. Those scanners and copiers retain things in memory and they get hacked as well. Just a few tips.

      • Thank you! Very useful information. I will adopt immediately the one suggestion that I’m not already implementing. These people are making paranoia impossible because everything seems like a reasonable fear. And I agree. The most worrisome aspect of the Wikileaks report is the clear warning that these tools are now in the hands of the public, which is how Wikileaks itself received the CIA documents.

  • Iamthelizardking

    How difficult is Linux to learn, install, etc.? Have a good day too, Wendy

    • Hello Iamthelizardking. I have asked someone else to answer your question. He used to manage a site dedicated to helping people switch their operating system from Windows to Linux and, being a Linux guru, he is more knowledgeable than I am. Unfortunately his message is being held in moderation…but it should be released shortly. I just didn’t want you to think I was answering others and ignoring you.

      • Iamthelizardking

        Thank you, Wendy. Did a little research, anything is helpful.

        • Brad R

          Well, while I’m waiting for my longer reply to be released from purgatory, here’s the short answer: 1. Linux is as easy to use as Windows. 2. Linux is relatively easy to install (I’m told it’s easier to install than Windows, but no one installs their own Windows OS, they buy the computer with it pre-installed). 3. Not all add-on hardware is supported, so research before you buy printers/webcams/whatever. 4. Not all applications software is available in Linux versions, so you may need to research alternatives or (heaven forbid) run Windows software under emulation.

          I’m happy to answer any questions. What have you learned from your research?

          • Iamthelizardking

            I did a quick search of a few articles, Brad. Some suggested using a CD with Linux installed on it, if for some reason you don’t like Linux, then just reboot and the original OS is working again.

            And started watching a few tutorial vids on YT, seems fairly easy to install the Ubuntu, and there are Linux communities to help problem solve.
            Thanks, Brad.

          • Brad R

            Yes, those are called “live CDs” and many Linux distributions (“distros”) offer that as an option. They run entirely from CD and don’t use any hard disk at all. For that reason, they’re pretty slow. Mostly they’re used to try out Linux before committing to installing it on your hard disk. And yes, if you don’t like it, just eject the CD and reboot, and your old OS is there.

            Ubuntu is popular, easy to install, and has a large support community. I’m not fond of the latest “Unity” versions, which are trying to offer a Win7/Win10/tablet-like desktop. Very much not to my taste; I prefer the older 98/XP Windows style. Also, as I recall Ubuntu is somewhat purist about not using any closed-source software (like Adobe Flash), which can be an obstacle. I think well of Linux Mint, which is designed to “just work” out of the box, and in my experience mostly does. (I had an issue once with one sound card.) But Ubuntu is certainly an excellent choice if you don’t mind a “modern” (tablet-ish) desktop.

          • Iamthelizardking

            Thanks, Brad. I appreciate the answers and information. I will check out Linux Mint too.

          • Brad R

            Well, it looks like my first reply has been sent to the bit bucket. One thing I had included was the link to AlternativeTo (alternativeto dot net — including their URL directly seems to be what’s killing my posts). That’s a database of alternatives to popular programs. I find it helpful when searching for a Linux alternative to some Windows application. (You can also find Mac or Android alternatives, or even Windows open-source/freeware to replace commercial Windows software. Such as LibreOffice.)

  • Lost Tale

    Where’s the part about bitcoin security?

    • If you manage your bitcoins through a smart phone or a computer, then the concluding section of the article will help to safeguard bitcoins because that’s the vulnerability (the devices) being used by the CIA…but more probably by criminals. Perhaps I am misunderstanding your question?

  • Jett Nash

    Lol. Bitcoin tumbling is there for a reason.

  • Blaze Power

    Smells like disinformation to me. Windows XP, Windows Vista and Windows 7 are the OS’s that existed BEFORE the agreements with MS, Google etc to plant backdoors. Uncle Sam is messing with you. Imagination has run dry Win 8 is bad news & so is 10

    • Brad R

      You don’t need to have a deliberately planted backdoor in order to have a vulnerability. All of the Windows family of operating systems have been rife with vulnerabilities since day one. When they get publicly exploited, or discovered by a “white hat” hacker, they get fixed (patched). When they get discovered by some of the more sophisticated — or patient — “black hats”, they get saved for a rainy day, so to speak. Governments do this, as do private firms. (I vaguely recall that the notorious HBGary was one such firm.)

      • Blaze Power

        I speak from experience not academic perception the former usually reins supreme

    • What? You think Uncle asks for permission?

  • bob bush


    • Brad R

      How on earth did “Bitcoin” rob your money? “Bitcoin” is not a person or an organization, it’s a technology and an alternative currency (a cryptocurrency). You might just as well say that “dollars” or “rubles” had robbed your money. Or are you saying that you bought some bitcoins and have now lost access to them? Or that they were stolen by someone pretending to be you? That can happen, just as you can lose dollars, or have them stolen. One aspect of Bitcoin is that all the transactions are traceable, so you should at least be able to identify the point at which they were taken (though if truly stolen, they’ve doubtless been rendered untraceable by now, e.g. by passing through a tumbler).

    • R u paid troll or just ignorant fool?

  • bob bush


  • bob bush


    • Brad R

      Well, you’re using gmail, so contacting the CIA is easy. Just send an email to anyone, and include the words “ECHELON BITCOIN ISIS” in the body of the text. They’ll contact you soon enough. If you want to loop in the U.K. government, send it to a recipient with a .uk email address.

      • bob bush

        Isis???oh my God. My money is in Isis hands? Oh lord!!! Who sent us to this bitcoin business??? Oh lord. So for you no mention of Isis;no money back??? isis? Islamic State Bitcoin?

        • Jeff…give it up. Decades of harassment should be enough to satisfy you.

  • Fritz Knese

    Nice article Wendy. I laugh at how the liberals have turned on Assange. He may well be a jerk personally, but through Wikileaks he is a world class hero. I expect he will end up dead at the CIA’s hands eventually.

    It seems to me the best way to avoid most of these problems is to go low tech. Can one live without facebook?!!

    • Thanks Fritz. There was already an assassination attempt apparently that was thwarted by Ecuadorian police in the embassy. That’s the report in any case. It is so difficult to know which stories to credit and which to read as pure entertainment. Hope all is well with you, my friend.

    • I deleted myself out of Facebook a long time ago.

      There are ways to minimize exposure. Check ou Open Source two key encryption. There are also annual “teach-ins” on security. Check local meetups, ask a local security Tech, etc.

  • Brad R

    Released (from moderation) at last!

  • Anti_Govt_Rebel

    Pompeo has it backwards when he says Wikileaks is “a non-state hostile intelligence service” and threatened to crush Wikileaks.
    In fact it is the CIA, NSA and the rest of the national security spying complex that is the “hostile intelligence service” to whom the Constitution and the Bill of Rights is a laughable anachronism. To them, we are the enemy and the main focus of their devious, unethical, immoral, and illegal practices

  • Amplikov

    As a Russian diplomat recently pointed out, Pompeo was exultant when Wikileaks released DNC e-mails. His tweets prove this. “Busted!” is what he proclaimed in regard to the DNC. Now that he is head of the CIA, he is threatening Wikileaks with death and destruction. What happened to him? Does he have any self-awareness, or any integrity, at all?

    • The latest release from Vault 7 details the CIA’s hacking tool and practices, which is why Pompero is livid and attacking Assange. If the 1st 4 releases are an indication, then the next release should also deliver confidential CIA documents. Buy popcorn futures. And, no, he has no integrity or else he would not, could not head one of the most dishonest agencies in the world. Like the FBI, the CIA is proud of its disinformation and hastens to hide anything that is true about itself.

      • Amplikov

        I have your book “Rape Culture Hysteria.” I haven’t read it yet. But I usually buy any book recommended by Dr. Woods.

  • 200 Years Together

    use old technology. Linux is a step ahead of complacent spying found in windows and mac, but safe guards should still be taken.

    • I remember a news mention some twenty years shone now, that the CIA (NSA?) was asking for somebody to help “harden” the security on Linux.

      We can see now with this present leak how that worked out.

      That said, there are forks in Linux and there are a bunch of eyes on them.

      • Linux is the best, IMO, but you are quite correct. People who use Linux should also “harden” the security of their machines through other means.

      • Brad R

        You may be thinking of SELinux (Security Enhanced Linux). I haven’t tried that myself.

        If I should want to build an extra-secure system, I think I would use OpenBSD Unix. That is largely maintained outside the U.S., and security is their #1 goal.

  • Just a note: they were also getting into the bios,. That’s software embedded in your hardware systems.