Did WikiLeaks just unmask CIA cyberoperations?
The antisecrecy site released a trove of alleged CIA hacking tools to break into iPhones, Android devices, and connected TV sets to carry out espionage operations.
The lobby of the CIA Headquarters Building in Langley, Virginia, U.S. on August 14, 2008.
Larry Downing/REUTERS
Nearly four years after Edward Snowden leaked top-secret details exposingÌýNational Security Agency surveillance programs, the US intelligence community is facing another crisis that couldÌýchangeÌýthe face of modern espionage.
On Tuesday, the antisecrecy site WikiLeaks began posting what it claims to be "the largest ever publication of confidential documents" on the CIA. The documents appear to revealÌýthe agency'sÌývast and technically sophisticated methods forÌýexploiting security vulnerabilities in iPhones, Android devices, Samsung TV sets, and Microsoft systems to carry out covert cyberoperations.
"If this is what it pretends to be, it looks like a very extensive file of the tactics, techniques, procedures, targets, and political rules under which the Central Intelligence Agency conducts its computer network exploitation and other activities,"ÌýMichael Hayden,Ìýformer head of the CIA and National Security Agency, told NBC News on Tuesday.
For its part, a CIA spokesperson said, "We do not comment on the authenticity or content of purported intelligence documents."
WikiLeaks says its first batch from the CIA tranche includes 8,761 documents obtained from inside the agency's Center for Cyber Intelligence and "the majority of its hacking arsenal."
While many experts say it's too early to say for certain that all of the leaked computer programs are genuine, there's a growing consensus among cybersecurity experts that the leak has indeed exposed critical agency hacking tools.Ìý
Leaking the computer code and methods, many experts say, could have far-reaching and potentially devastatingÌýramifications not just for agency operations, but for companies and consumers because of the number of digital flaws revealed in the leaks, which WikiLeaks has dubbed Vault 7.
"I liken it to people handing out Kalashnikovs and grenades on the street," says Tom Kellermann, chief executive officer at Strategic Cyber Ventures. "It's not only about undermining confidence. These weapons can now be turned against US corporations and civilians."
The Vault 7 dumpÌýalso appears to show the considerable efforts the agency has gone to compromise cybersecurityÌýand antivirus software with high-grade software tools. For instance, previously unknown software flaws revealed in the leak – known as zero-day vulnerabilities – indicate the agency could intercept private chats by compromising iPhones and Android-enabled devices, nabbing messages that would be secured byÌýapps such asÌýSignal, WhatsApp, and TelegramÌýbefore they are encrypted.
Other tools revealed in the dump provided various techniques for the agency to infect systems and swipe sensitive documents.ÌýOne tool, referred to asÌý"HammerDrill," could apparently let CIA operatives break into "air gapped" facilities that are physically isolated from insecure networks.
Another flaw in Samsung smart TVs, called "Weeping Angel," purportedly developed in tandem with British intelligence,Ìýcould allow snoopers to listen in on conversations by appearing to power off the device while secretly uploading recordings to a remote server.
The documents, that WikiLeaks says originate from 2013 to 2016, indicate that the CIA allowed agents to use the US consulate in Frankfurt as a base for digital espionage efforts around the globe, including in Europe, the Middle East, and Africa, providing a diplomatic cover and guises to get past customs.
"The stuff that's represented in the documents – there's even source code – these are things that are effectively burned,"Ìýsays Jake Williams, a former Pentagon software analyst who currently works at the cybersecurity firmÌýRendition Infosec.
Now that the vulnerabilities have been revealed, tech companies will begin updating their systems to repair their vulnerabilities. "People will start pushing out antivirus signatures by tomorrow," he says.Ìý
The intelligence community has long relied on faulty software in consumer and corporate networks to carry out espionage operations.ÌýYet it remains unclear how much the WikiLeaks dump – if legitimate – will impact the agency'sÌýsecret stockpile of zero days.
In 2015, NSA Director Adm. Michael Rogers said his agency disclosed more than 90 percent of the software vulnerabilities it found to software vendors and developers. A Columbia University study last summer estimated that the NSA's vulnerability stockpile was "in the dozens," though it didn't offer a figure for the CIA. The White House has its own process by which it can disclose or retain software vulnerabilities usedÌýby intelligence and law enforcement agencies – but it is not required to make those decisions public.Ìý
"The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open," Mr. Snowden tweeted Tuesday. "Reckless beyond words."ÌýÌý
Snowden's leaks in 2013 exposed a variety of top-secret NSA digital surveillance efforts, including the PRISMÌýprogram that allowed agents to search internet data from around the world. As a result of those disclosures, President Obama signed the USA Freedom Act that limited intelligence agencies' ability to obtain data from communications providers.Ìý
WikiLeaks has not revealed the source of the Vault 7 leaks but appeared to indicate the leaks came from an agency insider, raising new questions aboutÌýquestions about the security of sensitive cyberintelligence efforts.
Earlier this year, former NSA contractor Harold Martin was charged with forÌýwalking out of the agency with an extensiveÌýtrove of top-secret documents.Ìý
"After Snowden, there was a huge effort to lock down this kind of information,"Ìýsays James Lewis, a senior fellow at the Center for Strategic and International Studies, a Washington think tank. "If it failed, they're going to want to know why."