WikiLeaks releases hacking tool details of CIA

Washington DC (USA): WikiLeaks today released what it termed as the biggest-ever leak of confidential documents from the CIA, claiming the America’s premier spy agency partnered with foreign intelligence agencies to turn TVs and smartphones into weapons for surveillance. It alleges that CIA infested and collected intelligence through smart TVs, and phone. Code-named “Vault 7” by WikiLeaks, it is the largest-ever publication of confidential documents on the agency. It is a substantial collection of material about CIA activities obtained by WikiLeaks.

Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication, it said. In a statement, WikiLeaks said the first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential elections.

WikiLeaks said recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. “This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.

“The archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive,” it said in a statement. “There is an extreme proliferation risk in the development of cyber ‘weapons’. Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade.

“But the significance of ‘Year Zero’ goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective,” said Julian Assange, editor of WikiLeaks. In its analysis of the document, WikiLeaks said CIA malware and hacking tools are built by Engineering Development Group, a software development group within Center for Cyber Intelligence, a department belonging to the CIA’s Directorate for Digital Innovation – one of the five major directorates of the CIA. 

WikiLeaks alleged that as of October 2014, the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. “The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations,” it said. Further, CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone, it claimed.

CIA also developed malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites. WikiLeaks alleged that ‘Year Zero’ documents show that the CIA breached the Obama administration’s commitments.

Many of the vulnerabilities used in the CIA’s cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals. In addition to its operations in Langley, Virginia the CIA also uses the US consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa, it alleged. WikiLeaks alleged that “Weeping Angel”, developed by the CIA’s Embedded Devices Branch (EDB), infests smart TVs, transforming them into covert microphones.

The attack against Samsung smart TVs was developed in cooperation with the UK’s MI5/BTSS. After infestation, “Weeping Angel” places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode, the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server. In October, CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations, WikiLeaks added.