CIA Silent About Wikileaks Agency Files

In what appears to be the largest leak of CIA documents in history, WikiLeaks has recently released thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected televisions.

The documents amount to a detailed, highly technical catalog of tools. They include instructions for compromising a wide range of common computer tools for use in spying: the online calling service Skype; Wi-Fi networks; documents in PDF format; and even commercial antivirus programs of the kind used by millions of people to protect their computers.

A program called Wrecking Crew explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer.

Other programs were called CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.

This is a trove of information on alleged CIA hacking tools released by Julian Assange’s WikiLeaks organisation, which reveals that the agency maintains the capability to hack consumer devices, will raise many questions for users and technology companies alike.

Everyday consumer devices including smartphones running iOS and Android operating systems, Windows and Mac computers, and even smart TVs made by manufacturers such as Samsung have all been targeted by the CIA.

The CIA had no comment about Wikileaks claim of the existence and function of key hacking tools in a document dump that Wikileaks calls “the largest intelligence publication in history.”


The thousands of leaked documents focus mainly on techniques for hacking and reveal how the CIA cooperated with British intelligence to engineer a way to compromise smart televisions and turn them into improvised surveillance devices.

The leak, named “Vault 7” by WikiLeaks, will once again raise questions about the inability of US spy agencies to protect secret documents in the digital age.

It follows disclosures about Afghanistan and Iraq by army intelligence analyst Chelsea Manning in 2010 and about the National Security Agency and Britain’s GCHQ by Edward Snowden in 2013.

Wikileaks officials claimed to have obtained and posted, “8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.”

Wikileaks said, “Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, Trojans, weaponised "zero day" exploits, malware remote control systems and associated documentation.

“This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive.

"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of US and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones”.

Some cyber-security researchers immediately called the claims uncorroborated and misleading. It has long been the case that hackers who gain physical access to a phone, for example, may be able to read text written in various messaging apps. It’s hard to tell whether the tools described in the dump would allow a spy to enter your phone from anywhere.

They urged users to remain calm, and not to take the Wikileaks post as a reason to abandon the use of encrypted messaging apps.

Among other purported revelations, Wikileaks said, the documents show that the CIA and British intelligence outfit MI5 developed malware to listen in on the microphones in Samsung smart TVs; and that the US consulate in Frankfurt, Germany, has become a hub for US signals intelligence agents and engineers traveling under diplomatic passports.

The German government said it took the publication of thousands of pages of internal CIA discussions by anti-secrecy group Wikileaks seriously, but could not verify the authenticity of the documents.

German media have seized on documents in the latest Wikileaks documents which show that the CIA used the US consulate in Frankfurt as a major remote hacking base.

A spokesman for the foreign ministry said the German government was in close touch with US authorities about the issue.

In their post, Wikileaks said they had redacted some of the posted emails and communications to avoid “the ‘distribution of ‘armed’ cyber-weapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analysed, disarmed and published.”

The group also hinted that the documents were leaked by a source inside the agency. “The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber-weapons,” they wrote.

“The source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.”

Asked for comment, CIA spokesperson Jonathan Liu said, “We do not comment on the authenticity or content of purported intelligence documents.”

In an interview the National Counter Intelligence Executive, William Evanina, described how hard it remains to thwart insiders who want to leak data.

“To no extent are we capable of stopping someone from doing damage who wants to. It’s not possible,” said Evanina.

“The same way you can’t stop someone from starting a fire who wants to be an arsonist.”

Still, there is plenty of reason to be skeptical about documents published by Wikileaks, about their veracity, whether they might have been tampered with, who provided them, and so on.

Independent research and the intelligence community have determined that Wikileaks has routinely published documents and data given to it by Kremlin-linked intelligence agencies.

If the new Wikileaks dump proves valid, and the source does turn out to be a mole inside the CIA, then it will be the second release of information about critical intelligence tools in a year by an insider.

On Aug. 27, NSA contractor Harold Martin III was arrested for hoarding agency documents. He is suspected of offering NSA tools for sale.

The group claims that its revelations are just scratching the surface.

“Wikileaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts,” they write.

Russia

To attribute the document-drop to pure altruism on the part of Wikileaks would probably be a mistake. In fact, it seems to be setting the stage for an organized communications campaign to discredit the intelligence community assessment on the DNC hack, which would suggest the source could have been the Kremlin (at very least, they were quick to capitalise on the development.)

Both the intelligence community and private cyber security researchers have determined that Russian actors stole both the DNC and John Podesta emails published to Wikileaks.

A portion of the Wikileaks statement released today reads: “The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation…With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.”

Pro-Russian information sites and trolls were quick to notice the claim.

NYT:     Guardian:      DefenseOne:      Wikileaks:    Ein News:    Guardian:

 

« Increasing Healthcare Cybersecurity Risks
US Defense Intelligence Agency Upgrades Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SolarWinds

SolarWinds

SolarWinds as a worldwide leader in solutions for network and IT service management, application performance, and managed services.

International Conference on Information Systems Security & Privacy (ICISSP)

International Conference on Information Systems Security & Privacy (ICISSP)

The ICISSP event is a meeting point for researchers and practitioners to address security and privacy challenges concerning information systems.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Andreessen Horowitz (a16z)

Andreessen Horowitz (a16z)

Andreessen Horowitz (known as "a16z") is a venture capital firm in Silicon Valley, California that backs bold entrepreneurs building the future through technology.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Nu Quantum

Nu Quantum

Nu Quantum is developing quantum photonics hardware to power the quantum revolution in communications, sensing and computing.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.

Port-IT

Port-IT

Port-IT is a leading partner in cybersecurity solutions tailored for the maritime industry.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.