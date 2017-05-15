The WikiLeaks publication of hacking tools and malware the CIA has allegedly used continues to stir the ire and fear of those concerned about the possible risk of the US government’s backdoor access to private data. But WikiLeaks’ publication of alleged CIA-created malware instructions, which the CIA has not confirmed as authentic, diverts attention away from how numerous other state-sponsored agents are aggressively seeking to steal intellectual property and other data, security experts say.

In this way, WikiLeaks’ publication of the data trove, called Vault 7, serves less as an example of possible CIA hacking methods than it does as proof of an even greater menace security experts have known for a long time: there are many government-sponsored threats originating beyond the US borders that likely pose a bigger collective peril than malware the CIA, NSA, or other US governmental agencies might develop.

In addition to intellectual property-related theft associated with how cyber thieves can extract sensitive data, companies are vulnerable on a number of fronts. These include how third parties can gain access to the overall network, laterally compromise electronics devices, disrupt daily operations of an organisation, alter stored data, and other risks, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), told Intellectual Property Watch.

In the case of the Vault 7 data, electronics devices have become that much more at risk in the wake of the disclosure.

“OEMs [original equipment manufacturers] have been shipping flawed and vulnerable devices for years, and thereby burdening consumers with unrequested security risk, because manufacturers lack accountability and incentives to incorporate security-by-design,” Scott said. “Individuals and industries that use these devices were vulnerable before Vault 7 and are left even more vulnerable afterward.”