Records show agency able to spy on smartphones, internet TVs
By Shane Harris and Paul SonneUpdated March 7, 2017
WASHINGTON—WikiLeaks released a massive trove of documents and files Tuesday that it says exposes how the Central Intelligence Agency hacks smartphones, computer operating systems, message applications and internet-connected televisions, in what would be one of the biggest breaches in the spy agency’s history.
The group, which was behind the leak of emails stolen from the Democratic National Committee during last year’s presidential campaign, said the release consists of 8,761 documents and files from the CIA’s Center for Cyber Intelligence. It called the unauthorized disclosure, which it dubbed Vault 7, the “largest ever publication of confidential documents on the agency,” laying bare some of the CIA’s most sensitive secrets.
An agency spokesman declined to comment “on the authenticity or content of purported intelligence documents.” A spokesman for the White House also declined to comment.
The revelations are certain to fuel a continuing debate over whether intelligence agencies that discover security flaws in popular technology should disclose them, so that the users can defend themselves from hackers, or to keep that information secret for use in intelligence operations.
If the leak is deemed authentic, as several experts said it initially appeared to be, it also will pose questions over the extent to which U.S. national security may have been compromised, given the exposure of the CIA’s toolbox for conducting cyberespionage.
Typically, U.S. investigators begin a leak probe by focusing on individuals who would have had access to the stolen information. The CIA can conduct its own internal investigation, just as the National Security Agency did following leaks by former contractor Edward Snowden in 2013. The Federal Bureau of Investigation would be responsible for conducting any criminal investigation.
Rep. Devin Nunes (R., Calif.), chairman of the House Intelligence Committee, said the U.S. was “early on” in an investigation into the matter and described the leaks as “very, very serious.”
“We are extremely concerned,” Mr. Nunes said.
One intelligence source said some of the information WikiLeaks released pertains to tools that the CIA uses to hack computers and other devices. This person said disclosing the information would jeopardize ongoing intelligence-gathering operations.
The revelations were considered by many experts to be potentially more significant than the leaks by Mr. Snowden.
Mr. Snowden’s leaks revealed names of programs, companies that assist the NSA in surveillance and in some cases the targets of American spying. But the recent leak purports to contain highly technical details about how surveillance is carried out. That would make them far more revealing and useful to an adversary, one person said.
In one sense, Mr. Snowden provided a briefing book on U.S. surveillance, but the CIA leaks could provide the blueprints.
WikiLeaks said in its statement that it wasn’t publishing such information as computer source code that could be used to replicate the tools it claims to have exposed. But the group left open the possibility of publishing those crucial details if “a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should [sic] analyzed, disarmed and published.”
Mr. Snowden said in a tweet Tuesday, “Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.”
WikiLeaks said the CIA had “lost control of the majority of its hacking arsenal” and characterized the archive as “an extraordinary collection” of more than several hundred million lines of code.
The exposure, if genuine, is likely to disrupt or halt many ongoing intelligence operations, said a former intelligence officer who has worked on cyberespionage, and could implicate the CIA in past operations, including some that might be under investigation in foreign countries where the agency was spying.
One CIA group revealed in the documents, known as Umbrage, maintains a library of malicious software components taken from commercial and foreign sources found “in-the-wild.” So far, security experts have found evidence in this trove that the CIA collected malware components believed to have been used by foreign countries.
This library appears to give the CIA the ability to deploy hacking tools and techniques that have been known to work in operations by other countries overseas, said one former Western intelligence official.
The Umbrage library would also provide a useful reference for identifying foreign hackers trying to penetrate U.S. systems, said a former U.S. intelligence officer. And it could also be used to mask a U.S. operation and make it appear that it was carried out by another country, the former officer said. That could be accomplished by inserting malware components from, say, a known Chinese, Russian or Iranian hacking operation into a U.S. one.
“When they get caught, nobody thinks it’s the U.S.,” said Stuart McClure, CEO and co-founder of the cybersecurity company Cylance.
Among other documents posted on WikiLeaks, one gives instructions for employees going on temporary assignments to a facility at the U.S. consulate in Frankfurt that appears in the leaked material to be a base for cyberespionage operations.
Perhaps the biggest unanswered question Tuesday was how detailed information on such sensitive CIA tools made its way into the public domain.
Most of the documents appear to come from an internal local network that agency coders use for testing and development, raising questions about whether a mole leaked the information or someone penetrated the network from outside.
WikiLeaks said the archive appeared to have been circulating among former U.S. government hackers and contractors, one of whom the site said provided WikiLeaks with portions of the material.
The CIA likely will turn immediately to the question of how the information was stolen and by whom. “I think it would have to be a disgruntled employee or a contractor,” the former intelligence officer said, suggesting a foreign country would have been more likely to keep the information for its own use than release it publicly.
WikiLeaks posted on its website Tuesday what it called the first installment in a series of planned leaks, calling it “Year Zero.” The first installment “introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits against a wide range of U.S. and European company products,” WikiLeaks said.
WikiLeaks said the information on CIA hacking came from an unidentified source who believes the spy agency’s hacking authorities “urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.”
—Rob Barry and Christopher S. Stewart contributed to this article.