WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents

The lobby of the CIA’s headquarters is shown in Langley, Va. (Larry Downing/Reuters)
The lobby of the CIA’s headquarters is shown in Langley, Va. (Larry Downing/Reuters)

In what appears to be the largest leak of C.I.A documents in history, WikiLeaks released on Tuesday thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected televisions.

The documents amount to a detailed, highly technical catalog of tools. They include instructions for compromising a wide range of common computer tools for use in spying: the online calling service Skype; Wi-Fi networks; documents in PDF format; and even commercial antivirus programs of the kind used by millions of people to protect their computers.

A program called Wrecking Crew explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer. Other programs were called CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.

The document dump was the latest coup for the antisecrecy organization and a serious blow to the C.I.A., which uses its hacking abilities to carry out espionage against foreign targets.

The initial release, which WikiLeaks said was only the first installment in a larger collection of secret C.I.A. material, included 7,818 web pages with 943 attachments, many of them partly redacted by WikiLeaks editors to avoid disclosing the actual code for cyberweapons. The entire archive of C.I.A. material consists of several hundred million lines of computer code, the group claimed.

In one revelation that may especially trouble the tech world if confirmed, WikiLeaks said that the C.I.A. and allied intelligence services have managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram. According to WikiLeaks, government hackers can penetrate smartphones and collect “audio and message traffic before encryption is applied.”

Unlike the National Security Agency documents Edward J. Snowden gave to journalists in 2013, they do not include examples of how the tools have been used against actual foreign targets. That could limit the damage of the leak to national security. But the breach was highly embarrassing for an agency that depends on secrecy.

Robert M. Chesney, a specialist in national security law at the University of Texas at Austin, likened the C.I.A. trove to National Security Agency hacking tools disclosed last year by a group calling itself the Shadow Brokers.

“If this is true, it says that N.S.A. isn’t the only one with an advanced, persistent problem with operational security for these tools,” Mr. Chesney said. “We’re getting bit time and again.”

There was no public confirmation of the authenticity of the documents, which were produced by the C.I.A.’s Center for Cyber Intelligence and are mostly dated from 2013 to 2016. But one government official said the documents were real, and a former intelligence officer said some of the code names for C.I.A. programs, an organization chart and the description of a C.I.A. hacking base appeared to be genuine.

The agency appeared to be taken by surprise by the document dump on Tuesday morning. A C.I.A. spokesman, Dean Boyd, said, “We do not comment on the authenticity or content of purported intelligence documents.”

In some regard, the C.I.A. documents confirmed and filled in the details on abilities that have long been suspected in technical circles.

“The people who know a lot about security and hacking assumed that the C.I.A. was at least investing in these capabilities, and if they weren’t, then somebody else was — China, Iran, Russia, as well as a lot of other private actors,” said Beau Woods, the deputy director of the Cyber Statecraft Initiative at the Atlantic Council in Washington. He said the disclosures may raise concerns in the United States and abroad about “the trustworthiness of technology where cybersecurity can impact human life and public safety.”

There is no evidence that the C.I.A. hacking tools have been used against Americans. But Ben Wizner, the director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project, said the documents suggest that the government has deliberately allowed vulnerabilities in phones and other devices to persist to make spying easier.

“Those vulnerabilities will be exploited not just by our security agencies, but by hackers and governments around the world,” Mr. Wizner said. “Patching security holes immediately, not stockpiling them, is the best way to make everyone’s digital life safer.”

WikiLeaks did not identify the source of the documents, which it called Vault 7, but said they had been “circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

WikiLeaks said the source, in a statement, set out policy questions that “urgently need to be debated in public, including whether the C.I.A.’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.” The source, the group said, “wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.”

But James Lewis, an expert on cybersecurity at the Center for Strategic and International Studies in Washington, raised another possibility: that a foreign state, most likely Russia, stole the documents by hacking or other means and delivered them to WikiLeaks, which may not know how they were obtained. Mr. Lewis noted that, according to American intelligence agencies, Russia hacked Democratic targets during the presidential campaign and gave thousands of emails to WikiLeaks for publication.

“I think a foreign power is much more likely the source of these documents than a conscience-stricken C.I.A. whistle-blower,” Mr. Lewis said.

At a time of increasing concern about the privacy of calls and messages, the revelations did not suggest that the C.I.A. can actually break the encryption used by popular messaging apps. Instead, by penetrating the user’s phone, the agency can make the encryption irrelevant by intercepting messages and calls before their content is encrypted, or, on the other end, after messages are decrypted.

WikiLeaks, which has sometimes been accused of recklessly leaking information that could do harm, said it had redacted names and other identifying information from the collection. It said it was not releasing the computer code for actual, usable weapons “until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analyzed, disarmed and published.”

The codes names used for projects revealed in the WikiLeaks documents appear to reflect the likely demographic of the cyberexperts employed by the C.I.A. — that is, young and male. There are numerous references to “Harry Potter,” Pokémon and Adderall, the drug used to treat hyperactivity.

A number of projects were named after whiskey brands. Some were high-end single malt scotches, such as Laphroaig and Ardbeg. Others were from more pedestrian labels, such as Wild Turkey, which was described by its programmers, in mock dictionary style, as “(n.) A animal of the avian variety that has not been domesticated. Also a type of alcohol with a high proof (151).”

Some of the details of the C.I.A. programs might have come from the plot of a spy novel for the cyberage, revealing numerous highly classified — and, in some cases, exotic — hacking programs. One program, code-named Weeping Angel, uses Samsung “smart” televisions as covert listening devices. According to the WikiLeaks news release, even when it appears to be turned off, the television “operates as a bug, recording conversations in the room and sending them over the internet to a covert C.I.A. server.”

The release said the program was developed in cooperation with British intelligence.

If C.I.A. agents did manage to hack the smart TVs, they would not be the only ones. Since their release, internet-connected televisions have been a focus for hackers and cybersecurity experts, many of whom see the sets’ ability to record and transmit conversations as a potentially dangerous vulnerability.

In early 2015, Samsung started to include in the fine print terms of service for its smart TVs a warning that the television sets could capture background conversations. “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition,” the warning said.

Another program described in the documents, named Umbrage, is a voluminous library of cyberattack techniques that the C.I.A. has collected from malware produced by other countries, including Russia. According to the WikiLeaks release, the large number of techniques allows the C.I.A. to mask the origin of some of its attacks and confuse forensic investigators.

The WikiLeaks material includes lists of software tools that the C.I.A. uses to create exploits and malware to carrying out hacking. Many of the tools are those used by developers around the world: coding languages, such as Python, and tools like Sublime Text, a program used to write code, and Git, a tool that helps developers collaborate.

But the agency also appears to rely on software designed specifically for spies, such as Ghidra, which in one of the documents is described as “a reverse engineering environment created by the N.S.A.”

The Vault 7 release marks the latest in a series of huge leaks that have changed the landscape for government and corporate secrecy.

In scale, the Vault 7 archive appears to fall into the same category as the biggest leaks of classified information in recent years, including the quarter-million diplomatic cables taken by Chelsea Manning, the former Army intelligence analyst, and given to WikiLeaks in 2010, and the hundreds of thousands of National Security Agency documents taken by Mr. Snowden in 2013.

In the business world, the so-called Panama Papers and several other large-volume leaks have laid bare the details of secret offshore companies used by wealthy and corrupt people to hide their assets.

Both government and corporate leaks have been made possible by the ease of downloading, storing and transferring millions of documents in seconds or minutes, a sea change from the use of slow photocopying for some earlier leaks, including the Pentagon Papers in 1971.



24 responses to “WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents”

  1. (off topic) A young couple detained in the UOE for extramarital sex

    1. HebAlba Avatar

      Funy you come on this thread for off topic polution

      1. thank you are not ignoring me
        The prosecutor’s office of the UOE will not initiate a case against a couple who are “guilty” of intimate contact

  2. Caption contest: What are Tim Cook and Sundar Pichai discussing in this image?

    1. wargame1 Avatar

      Trump Hotel Deal Tied to Iranian Terrorist Group IRGC. Shit has hit the fan. Here is a video analysis

      1. HebAlba Avatar

        Your Zionist cousin’s sites now?
        “The Banu Qaynuqa (Arabic: بنو قينقاع‎‎; Hebrew: בני קינקאע‎‎; also spelled Banu Kainuka, Banu Kaynuka, Banu Qainuqa, Banu Qaynuqa) was one of the three main Jewish tribes living in the 7th century of Medina, now in Saudi Arabia. In 624, the great-grandfather of Banu Qaynuqa tribe is Qaynuqa ibn Amchel ibn Munshi ibn Yohanan ibn Benjamin ibn Saron ibn Naphtali ibn Hayy ibn Moses and they are descendant of Manasseh ibn Joseph ibn Jacob ibn Isaac son of Abraham.[1] They were expelled during the Invasion of Banu Qaynuqa, after breaking the treaty known as the Constitution of Medina.[2][3]”

  3. (off topic) On Saturday,
    March 11, the number of deaths as a result of clashes between
    demonstrators and police in Seoul increased to three: one more person
    who was seriously injured died in hospital

  4. (off topic) In Samaria, “stone-throwers” mistakenly threw stones at the Orabs

  5. (off topic) In Ethiopia, 46 people died under a landslide of debris

  6. Pamela Anderson about the founder of WikiLeaks: “Very sexy and smart”

  7. (off topic) Exit polls: the elections in the Netherlands won the party of Prime Minister Mark Rutte

  8. (off topic) On Thursday, March 16,
    Israeli Defense Minister Avigdor Lieberman, using his powers, declared
    the Falestinian National Fund a terrorist organization.
    comments of the press service of the defense ministry indicate that the
    reason for this decision was the activities of the fund to support
    individuals involved in terrorist activities against Israel

    1. Hannibal Avatar

      Palestinians and the world knows Israel to be an apartheid racist terrorist organization.

      1. So called Falestinians are in agressive FA (mostly Gaza). Apartheid are falsetinians in Orabic “states” In Israel 20% Orabs are equal citizens, please visit Israel to see yourself, don’t listen corrupted world

      2. The barrage,
        which costs 5.5 million shekels, will protect Beit El on the west
        side, where the refugee camp Jelazun, which is the source of the
        terrorist threat in the area

      3. reply deleted

  9. (off topic) The
    court of Abu Dhabi sentenced to three years in prison the Jordanian
    journalist Taysir al-Najar, found guilty of insulting the United Orab
    Emirates. He will also have to pay a fine of half a million dirhams ($ 136,000).
    journalist was arrested in 2014, after he wrote on the social network
    Facebook angry post, in which he accused the UOE authorities of
    inaction. He was outraged that the Orab countries do not come to the aid of the
    Gaza Strip and do not help the Hamas administration to resist “Israeli
    Thus, he violated the 29th article of the law on cybersecurity. According
    to this article, statements whose purpose – to damage the state,
    ridiculing it and its symbolism on the Internet – is a criminal offense.
    The law also requires the confiscation of equipment used in criminal activities.
    Human rights organizations such as Amnesty International and Human Rights Watch found al-Najar a prisoner of conscience. They demanded that the authorities of the UOE release the journalist. These appeals were ignored

Leave a Reply