Here we go again, gumshoes. WikiLeaks (read: Julian Assange) says it acquired a massive cache of CIA documents related to the agency’s cyberwar efforts. The information therein, WikiLeaks claims, reveals covert CIA hacking tools that can take over iPhones, Android phones, TVs and pretty much any type of computer. It’s scary stuff — if you believe what WikiLeaks is saying is true.
The Tuesday release, codenamed Vault 7, is apparently part of a larger series that WikiLeaks is calling “Year Zero”. The initial dump allegedly contains “8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina [sic],” according to a WikiLeaks press release. The release also claims that this disclosure is larger than three years’ worth of Snowden releases. WikiLeaks does not identify the source of the documents, other than claiming that an archive of leaked CIA data was “circulated among former U.S. government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive circulated”. Citing an anonymous source in the intelligence community, The New York Times reported that at least some of the information in the documents “appeared to be genuine”.
Regardless of their origin, the documents appear to describe some incredibly scary-sounding hacking tools. WikiLeaks highlighted a few of them in its release, including malware that can infest any smartphone on the planet, an app called “Weeping Angel” that turns Samsung Smart TVs into always-on microphones for CIA spying, and a program called “Fine Dining” that helps agents build customised cyber weapons for specific purposes. The documents also purportedly outline how the CIA builds these weapons, stockpiles zero-day exploits without telling the companies like Google who could fix them, and then fails to keep the malware from getting into the wrong hands. If this is true, WikiLeaks says that “rival states, cyber mafia and teenage hackers alike” could be using these weapons right now.
So that’s a scary thought. However, there are plenty of reasons to believe that WikiLeaks’ description of the documents — if not the documents themselves — is misleading. For instance, the organisation claims that techniques detailed in the Vault 7 documents describe a method “to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied”. It’s currently unclear exactly how these techniques work or whether they were designed to undermine trusted apps like Signal. Perhaps Assange and company are just throwing out the names of those apps for some narrative flair.
Some experts say that the documents look legit, regardless. “At first glance, [the release] is probably legitimate or contains a lot of legitimate stuff, which means somebody managed to extract a lot of data from a classified CIA system and is willing to let the world know that,” Nicholas Weaver, a security researcher at UC Berkeley, told The Washington Post. The CIA told the paper, “we do not comment on the authenticity or content of purported intelligence documents.”
Given the size of the dump, it will take time for reporters and researchers to comb through the data and identify the most shocking revelations. Nonetheless, the very notion that the CIA’s most secure servers leaked thousands of documents looks very bad for the intelligence community as well as the US government. It was just five weeks ago that a draft of President Donald Trump’s executive order on cybersecurity became available, and the WikiLeaks dump hit the web just hours after several outlets reported that Trump’s order would be released very soon. WikiLeaks claims that the timing of Trump’s cybersecurity order and the Vault 7 release are unrelated.
This is a developing story that we’ll be following closely. You can read the full WikiLeaks press release (typos and all) and find links to the alleged CIA documents here.