Whistleblowing organization WikiLeaks released over 8,000 documents on the CIA Tuesday. It's the largest-ever leak of documents on the U.S. intelligence organization, and it gives insight into U.S. cyber spying amid concerns that the agency has become too powerful.
Dubbed “Vault 7,” the drop of 8,761 documents dated from 2013 to 2016 details the “entire hacking capacity” of the agency and how it had “lost control of the majority of its hacking arsenal.”
The leak explained how the agency’s Mobile Devices Branch, MDB, developed malware attacks so that smartphones could be remotely hacked and controlled, where “infected phones can be instructed to send the CIA the user’s geolocation, audio and text communication as well as covertly activate the phone’s camera and microphone.”
Techniques developed by the CIA also allowed the collection of data before encryption was applied to popular smartphone messenger applications including WhatsApp, Signal, Telegram, Weibo and Confide.
The agency also hid its ability to hack into smartphones and televisions from manufacturers, which could be turned into “covert microphones.” One example included Samsung Smart TVs. After being infected with the “Weeping Angel,” a TV could be placed in a “Fake-Off mode” where the owner believes that the device off, but can instead record nearby conversations and send them to a covert CIA server via the internet.
The WikiLeaks drop also revealed a catalog of examples where the CIA was targeting users of other platforms including Microsoft Windows, Mac OS X, Linux, Solaris and Android.
“CIA hackers developed successful attacks against most well known anti-virus programs,” WikiLeaks said.
The U.S. consulate in Frankfurt, Germany, is also used by the CIA “as a covert base for its hackers covering Europe, the Middle East and Africa,” the report continued.
While WikiLeaks said that it would not reveal information that would identify their source, the whistleblower group did say that “the source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber weapons” and was concerned about “whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight in the agency.”
The leak explained that if certain parts of its spying program were classified, “CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the internet,” and so the agency has made most of its cyber spying unclassified to avoid legal liability.
Edward Snowden tweeted out, "If you're writing about the CIA/@Wikileaks story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe."
The CIA has declined to comment on the leak.
“We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu told the Associated Press.
Tuesday’s leak comes as U.S. President Donald Trump has earlier issued an Executive Order to review the so-called “cyberwar,” but WikiLeaks said that the administration's move “did not play a role in setting the publication date.”