CIA Silent About Wikileaks Agency Files

In what appears to be the largest leak of CIA documents in history, WikiLeaks has recently released thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected televisions.

The documents amount to a detailed, highly technical catalog of tools. They include instructions for compromising a wide range of common computer tools for use in spying: the online calling service Skype; Wi-Fi networks; documents in PDF format; and even commercial antivirus programs of the kind used by millions of people to protect their computers.

A program called Wrecking Crew explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer.

Other programs were called CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.

This is a trove of information on alleged CIA hacking tools released by Julian Assange’s WikiLeaks organisation, which reveals that the agency maintains the capability to hack consumer devices, will raise many questions for users and technology companies alike.

Everyday consumer devices including smartphones running iOS and Android operating systems, Windows and Mac computers, and even smart TVs made by manufacturers such as Samsung have all been targeted by the CIA.

The CIA had no comment about Wikileaks claim of the existence and function of key hacking tools in a document dump that Wikileaks calls “the largest intelligence publication in history.”


The thousands of leaked documents focus mainly on techniques for hacking and reveal how the CIA cooperated with British intelligence to engineer a way to compromise smart televisions and turn them into improvised surveillance devices.

The leak, named “Vault 7” by WikiLeaks, will once again raise questions about the inability of US spy agencies to protect secret documents in the digital age.

It follows disclosures about Afghanistan and Iraq by army intelligence analyst Chelsea Manning in 2010 and about the National Security Agency and Britain’s GCHQ by Edward Snowden in 2013.

Wikileaks officials claimed to have obtained and posted, “8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.”

Wikileaks said, “Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, Trojans, weaponised "zero day" exploits, malware remote control systems and associated documentation.

“This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive.

"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of US and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones”.

Some cyber-security researchers immediately called the claims uncorroborated and misleading. It has long been the case that hackers who gain physical access to a phone, for example, may be able to read text written in various messaging apps. It’s hard to tell whether the tools described in the dump would allow a spy to enter your phone from anywhere.

They urged users to remain calm, and not to take the Wikileaks post as a reason to abandon the use of encrypted messaging apps.

Among other purported revelations, Wikileaks said, the documents show that the CIA and British intelligence outfit MI5 developed malware to listen in on the microphones in Samsung smart TVs; and that the US consulate in Frankfurt, Germany, has become a hub for US signals intelligence agents and engineers traveling under diplomatic passports.

The German government said it took the publication of thousands of pages of internal CIA discussions by anti-secrecy group Wikileaks seriously, but could not verify the authenticity of the documents.

German media have seized on documents in the latest Wikileaks documents which show that the CIA used the US consulate in Frankfurt as a major remote hacking base.

A spokesman for the foreign ministry said the German government was in close touch with US authorities about the issue.

In their post, Wikileaks said they had redacted some of the posted emails and communications to avoid “the ‘distribution of ‘armed’ cyber-weapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analysed, disarmed and published.”

The group also hinted that the documents were leaked by a source inside the agency. “The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber-weapons,” they wrote.

“The source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.”

Asked for comment, CIA spokesperson Jonathan Liu said, “We do not comment on the authenticity or content of purported intelligence documents.”

In an interview the National Counter Intelligence Executive, William Evanina, described how hard it remains to thwart insiders who want to leak data.

“To no extent are we capable of stopping someone from doing damage who wants to. It’s not possible,” said Evanina.

“The same way you can’t stop someone from starting a fire who wants to be an arsonist.”

Still, there is plenty of reason to be skeptical about documents published by Wikileaks, about their veracity, whether they might have been tampered with, who provided them, and so on.

Independent research and the intelligence community have determined that Wikileaks has routinely published documents and data given to it by Kremlin-linked intelligence agencies.

If the new Wikileaks dump proves valid, and the source does turn out to be a mole inside the CIA, then it will be the second release of information about critical intelligence tools in a year by an insider.

On Aug. 27, NSA contractor Harold Martin III was arrested for hoarding agency documents. He is suspected of offering NSA tools for sale.

The group claims that its revelations are just scratching the surface.

“Wikileaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts,” they write.

Russia

To attribute the document-drop to pure altruism on the part of Wikileaks would probably be a mistake. In fact, it seems to be setting the stage for an organized communications campaign to discredit the intelligence community assessment on the DNC hack, which would suggest the source could have been the Kremlin (at very least, they were quick to capitalise on the development.)

Both the intelligence community and private cyber security researchers have determined that Russian actors stole both the DNC and John Podesta emails published to Wikileaks.

A portion of the Wikileaks statement released today reads: “The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation…With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.”

Pro-Russian information sites and trolls were quick to notice the claim.

NYT:     Guardian:      DefenseOne:      Wikileaks:    Ein News:    Guardian:

 

« Increasing Healthcare Cybersecurity Risks
US Defense Intelligence Agency Upgrades Cybersecurity »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

CERT.at

CERT.at

CERT.at is the Austrian national Computer Emergency Response Team.

Cyber Security Malta

Cyber Security Malta

Cyber Security Malta is part of Malta's National Cyber Security Strategy which aims to combat cybercrime, strengthen national cyber defence and provide cyber security awareness and education.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

Verifi

Verifi

Verifi is an award-winning provider of end-to-end payment protection and risk management solutions.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

1Password

1Password

1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

CI-ISAC Australia

CI-ISAC Australia

CI-ISAC has been designed to support and promote existing legislation and Government initiatives that are working to uplift cyber resilience across critical infrastructure sectors.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

LT Harper

LT Harper

LT Harper specialise in cyber security recruitment. We believe in providing an individualised service to our customers whether they are looking for a new opportunity or to hire talent.