WikiLeaks has published documents that it claims reveal the extent of the CIA’s hacking and cyber espionage tools.
The trove, called Vault 7, is the “largest ever publication of confidential documents” on the CIA and covers activity between 2013 and 2016. WikiLeaks said it published the release as soon as possible.
It details hacking tools believed to include malware that infects Windows, OSX, Linux, Android, and iOS as well as routers and smart TVs. The New York Times reports that the data dump is made up of 7,818 web pages, 943 attachments, and several hundred million lines of code, which “gives its possessor the entire hacking capacity of the CIA,” according to WikiLeaks. Some names, email addresses, and external IP addresses were redacted from the leak.
“Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation,” explained WikiLeaks in its announcement on how the data was revealed.
The CIA has not confirmed the authenticity of the leaks. The U.K. Home Office, which is implicated in the dump for allegedly creating malware that targets smart TVs, has also declined to comment.
As people begin to pour over the data dump, some particular hacking tools and techniques are coming to light. The targeting of smart TVs has garnered attention. In a document code named “Weeping Angel,” there is a method referred to as “fake-off mode,” which affects Samsung TVs and causes the screen to appear as if it has been turned off. Instead, it is surreptitiously recording audio in the room. The document even includes a to-do list of ways to improve the malware, including video capture and disabling auto upgrade.
Furthermore, the leaks show that the CIA has “weaponized” 24 Android zero-days that WikiLeaks claims would allow for the bypassing of encryption on messaging apps. However this claim has been challenged and corrected since the release by numerous experts and cryptographers, as well as by Edward Snowden.
Another document details CIA efforts to compromise computer control systems in connected cars.
WikiLeaks is questioning the reason for the extent of the CIA’s ability to develop such hacking tools and whether its capabilities go beyond its mandate.
“There is an extreme proliferation risk in the development of cyber ‘weapons’,” said Julian Assange. “Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them, combined with their high market value, and the global arms trade.”
Since the release was published earlier today, Edward Snowden has chimed in to say that he was still working through the publication but it is “genuinely a big deal” and “looks authentic.”
- The demand for hacking tools and malware is greater than the current supply
- Earn up to $10,000 by squashing printer-based bugs in HP’s bounty program
- Just when you thought spam was dead, it’s back and worse than ever
- Pay-n-pray cybersecurity isn’t working. What if we just paid when it works?
- U.S. set to charge North Korean spy with Sony hack and WannaCry cyberattack