WikiLeaks has issued a blockbuster press release today along with a tranche of documents that were leaked to it that describe the CIA’s efforts to infiltrate people’s communications systems. The documents reveal that the CIA targeted smartphones and computers and turned so-called Smart TVs into eavesdropping devices. The documents allege that the CIA then lost control of this spying arsenal which means that others may now possess these same capabilities, which would constitute a massive breach in its security systems.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.
WikiLeaks has been working with the German publication Der Spiegel and the Italian publication La Repubblica to disseminate this information. The Der Spiegel report says:
According to a WikiLeaks press release, the cache of documents, christened “Vault 7” by organization, provides an overview of the CIA’s secret hacking arsenal, including malware, viruses, Trojans and the targeted exploitation of systemic weaknesses, referred to as “Zero Day Exploits” in the parlance. The documents indicate that the tools enable the CIA to breach Apple iPhones, Android devices from Google, Windows computers and even televisions.
The material published by WikiLeaks is from an anonymous source. According to the platform, the material has been circulating among former U.S. government hackers and contractors, which is how it found its way to the whistleblowing platform. According to a WikiLeaks statement, the source hopes the publication of the documents will trigger a debate on how the use of cyberweapons can be democratically legitimized and controlled.
WikiLeaks claims to have spent several months reviewing the documents. In contrast to past data dumps, WikiLeaks edited and redacted parts of the documents prior to publication.
Edward Snowden has commented on the latest leaks.
Edward Snowden, who is in exile in Russia, said in a series of tweets the documents seemed genuine and that only an insider could know this kind of detail. “Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.”
He added: “If you’re writing about the CIA/@Wikileaks story, here’s the big deal: first public evidence USG(US government) secretly paying to keep US software unsafe.” He described this as “reckless beyond words”.
The La Repubblica report describes the kinds of things the CIA did.
Last year, speaking to the US Senate the head of the US intelligence community, James Clapper, declared: “In the future, intelligence services might use (the internet of things) for identification, surveillance, monitoring, location tracking”. Clapper was certainly not an oracle predicting the future: according to the WikiLeaks’ files, the CIA has been able since 2014 to implant malware on on a well-known model of smart TV to capture conversations inside the room where the TV is connected to the Internet. The programme is called “Weeping Angel” and it was developed by the Embedded Development Branch in collaboration with the British intelligence services.
This report also says that the source explained to WikiLeaks why s/he decided to release the documents.
Many of these documents are classified and contain even the identities of CIA’s personnel, which WikiLeaks has not published but it has rather redacted. According to the organisation, these files have been available in “an isolated, high-security network situated inside the Cia’s Center for Cyber Intelligence in Langley, Virginia”, but recently the Cia “lost control of the majority of its hacking arsenal”: this archive “appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive”.
WikiLeaks claims that the source for these documents made a statement to the organisation, explaining his rationale for providing these files: “The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons”.
After Chelsea Manning and Edward Snowden, I expressed the hope that other courageous individuals would follow their example and release information that the public had a right to know. This latest leak shows the evolving nature of such releases. In the case of Manning, WikiLeaks did an indiscriminate data dump of all the files they received. With Snowden, the release was more measured with him releasing the documents to selected journalists with the understanding that only material in the public interest would be vetted and released. The latest leak follows that second pattern.
More revelations from the documents are promised. You can be sure that there will be a massive search for the leaker.