CIA Silent About Wikileaks Agency Files

In what appears to be the largest leak of CIA documents in history, WikiLeaks has recently released thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected televisions.

The documents amount to a detailed, highly technical catalog of tools. They include instructions for compromising a wide range of common computer tools for use in spying: the online calling service Skype; Wi-Fi networks; documents in PDF format; and even commercial antivirus programs of the kind used by millions of people to protect their computers.

A program called Wrecking Crew explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer.

Other programs were called CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.

This is a trove of information on alleged CIA hacking tools released by Julian Assange’s WikiLeaks organisation, which reveals that the agency maintains the capability to hack consumer devices, will raise many questions for users and technology companies alike.

Everyday consumer devices including smartphones running iOS and Android operating systems, Windows and Mac computers, and even smart TVs made by manufacturers such as Samsung have all been targeted by the CIA.

The CIA had no comment about Wikileaks claim of the existence and function of key hacking tools in a document dump that Wikileaks calls “the largest intelligence publication in history.”


The thousands of leaked documents focus mainly on techniques for hacking and reveal how the CIA cooperated with British intelligence to engineer a way to compromise smart televisions and turn them into improvised surveillance devices.

The leak, named “Vault 7” by WikiLeaks, will once again raise questions about the inability of US spy agencies to protect secret documents in the digital age.

It follows disclosures about Afghanistan and Iraq by army intelligence analyst Chelsea Manning in 2010 and about the National Security Agency and Britain’s GCHQ by Edward Snowden in 2013.

Wikileaks officials claimed to have obtained and posted, “8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.”

Wikileaks said, “Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, Trojans, weaponised "zero day" exploits, malware remote control systems and associated documentation.

“This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive.

"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of US and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones”.

Some cyber-security researchers immediately called the claims uncorroborated and misleading. It has long been the case that hackers who gain physical access to a phone, for example, may be able to read text written in various messaging apps. It’s hard to tell whether the tools described in the dump would allow a spy to enter your phone from anywhere.

They urged users to remain calm, and not to take the Wikileaks post as a reason to abandon the use of encrypted messaging apps.

Among other purported revelations, Wikileaks said, the documents show that the CIA and British intelligence outfit MI5 developed malware to listen in on the microphones in Samsung smart TVs; and that the US consulate in Frankfurt, Germany, has become a hub for US signals intelligence agents and engineers traveling under diplomatic passports.

The German government said it took the publication of thousands of pages of internal CIA discussions by anti-secrecy group Wikileaks seriously, but could not verify the authenticity of the documents.

German media have seized on documents in the latest Wikileaks documents which show that the CIA used the US consulate in Frankfurt as a major remote hacking base.

A spokesman for the foreign ministry said the German government was in close touch with US authorities about the issue.

In their post, Wikileaks said they had redacted some of the posted emails and communications to avoid “the ‘distribution of ‘armed’ cyber-weapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analysed, disarmed and published.”

The group also hinted that the documents were leaked by a source inside the agency. “The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber-weapons,” they wrote.

“The source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.”

Asked for comment, CIA spokesperson Jonathan Liu said, “We do not comment on the authenticity or content of purported intelligence documents.”

In an interview the National Counter Intelligence Executive, William Evanina, described how hard it remains to thwart insiders who want to leak data.

“To no extent are we capable of stopping someone from doing damage who wants to. It’s not possible,” said Evanina.

“The same way you can’t stop someone from starting a fire who wants to be an arsonist.”

Still, there is plenty of reason to be skeptical about documents published by Wikileaks, about their veracity, whether they might have been tampered with, who provided them, and so on.

Independent research and the intelligence community have determined that Wikileaks has routinely published documents and data given to it by Kremlin-linked intelligence agencies.

If the new Wikileaks dump proves valid, and the source does turn out to be a mole inside the CIA, then it will be the second release of information about critical intelligence tools in a year by an insider.

On Aug. 27, NSA contractor Harold Martin III was arrested for hoarding agency documents. He is suspected of offering NSA tools for sale.

The group claims that its revelations are just scratching the surface.

“Wikileaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts,” they write.

Russia

To attribute the document-drop to pure altruism on the part of Wikileaks would probably be a mistake. In fact, it seems to be setting the stage for an organized communications campaign to discredit the intelligence community assessment on the DNC hack, which would suggest the source could have been the Kremlin (at very least, they were quick to capitalise on the development.)

Both the intelligence community and private cyber security researchers have determined that Russian actors stole both the DNC and John Podesta emails published to Wikileaks.

A portion of the Wikileaks statement released today reads: “The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation…With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.”

Pro-Russian information sites and trolls were quick to notice the claim.

NYT:     Guardian:      DefenseOne:      Wikileaks:    Ein News:    Guardian:

 

« Increasing Healthcare Cybersecurity Risks
US Defense Intelligence Agency Upgrades Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Oppida

Oppida

Oppida provides tailored IT security services to help you identify security gaps and assist in finding the most effective remediation.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

TwoThreeFour

TwoThreeFour

ThreeTwoFour provide tailored cyber security solutions, delivered by highly-skilled, experienced consultants who respond to the real needs of you and your business.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

Vernetzen

Vernetzen

Vernetzen is an industrial network and cybersecurity innovator focused on delivering practical solutions to connect and secure industry across the globe.

Issue53

Issue53

We empower organizations to thrive in the digital landscape. Strengthen your defenses, enhance resilience – Choose Issue53 for a secure and future-ready IT environment.