The anti-secrecy website WikiLeaks released more than 8,000 webpages on Tuesday that appear to document numerous hacking tools developed and used by the Central Intelligence Agency. It may be the largest leak ever of data from the United States' foreign intelligence service.
The disclosure revealed that the CIA has its own division dedicated solely to computer hacking that rivals the National Security Agency’s online espionage operation. According to WikiLeaks, the code tracking system of the CIA’s Center for Cyber Intelligence has more than 5,000 registered users.
“Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook,” WikiLeaks said in an introductory statement accompanying the documents. “The CIA had created, in effect, its ‘own NSA’ with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”
Tuesday’s disclosure is only the first part of what WikiLeaks is calling its “Vault 7” series of documents obtained from what it said was an “isolated, high-security network” located within the CIA’s headquarters in Langley, Virginia. The documents, which appear to have been acquired at least several months ago, detail exploits (or techniques to expose vulnerabilities) for a wide variety of desktop and mobile operating systems, including Android, iOS, Windows, Linux and the server operating system Solaris.
The CIA also appears to have developed methods to hijack internet-enabled televisions from Samsung to use them to record audio such as conversations, through the use of a “Fake Off” mode so that the TV appears to be powered down but actually is not.
The stolen information indicates that the intelligence agency also appears to have the ability to gain access to messaging programs like Telegram, WhatsApp, Signal and iMessage that have been billed as secure because they encrypt all messages between participants. Instead of intercepting a messages en route, however, the exploits work at more basic level to intercept and capture audio and text before they are encrypted and transmitted.
The documents appear to have been extracted from an internal CIA wiki website that was established to provide authorized users download access to the malware programs and also to instruct users on how to deploy them.
WikiLeaks did not release any of the code behind the so-called cyber-weapons, but said that an archive of the software and its documentation had been circulating among former U.S. government hackers and contractors in an unauthorized manner for some time.
The site’s editor, Julian Assange, said there was an “extreme proliferation risk” in the development of malicious software by governments, which he compared to the global arms trade.
The Vault 7 documents also disclose that the CIA purchases software exploits from other intelligence agencies, including Britain’s MI5. The documents also indicate that the CIA has purchased exploits from shadowy private companies going by such names as Fangtooth, Anglerfish and SurfsUp. Instead of reporting security holes to software companies like Microsoft or Google, these companies peddle the vulnerability to the highest bidder.
If this information is accurate, the agency may be in violation of a policy put into place by former President Barack Obama in 2013 that was intended to prohibit the government from exploiting vulnerabilities that were unknown to software makers.
Besides speeding up the development time for malware for the CIA's use, the agency's use of outside-sourced malware also enables the CIA to make digital forensic investigators believe that an unknown outside party may have been behind an infiltration, rather than a government agency.
It is not known who provided the information to WikiLeaks. In the wake of the Democratic National Committee email hacks during the 2016 presidential campaign, the anti-secrecy organization has been accused of serving as an outlet for the Russian government.