The WikiLeaks Vault7 leak has revealed thousands of confidential documents that are purportedly from the Center for Cyber Intelligence at the CIA, and this is only the first edition of the new series. The organization is known for dramatic document dumps aimed at uncovering the inner workings of the world’s spy agencies. This leak looks to be in the league of the Panama Papers leak, although that wasn’t WikiLeaks. Leaking sensitive documents is getting trendy these days.
WikiLeaks Vault7 series begins
WikiLeaks announced on its website that it’s starting a new series of document dumps about cyber-espionage efforts in the U.S. The series has been code-named Vault7, and the first full part of it is called “Year Zero.” In total, the WikiLeaks Vault7 series is “the largest ever publication of confidential documents” on the U.S. Central Intelligence Agency, the organization claims.
Year Zero consists of more than 8,799 documents and files from the Center for Cyber Intelligence, which is part of the CIA and operates out of Langley, Virginia. WikiLeaks is beginning the series after its “introductory disclosure” last month about the U.S. spy agency targeting political parties and candidates in France leading up to the presidential election in 2012.
CIA loses control of its “hacking arsenal”
The documents allege that the CIA has “lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation.” All of that data amounts to “several hundred million lines of code,” according to WikiLeaks, which obtained it after the archive was reportedly leaked or “circulated among former U.S. government hackers and contractors in an unauthorized manner.”
One of those who received the data reportedly shared parts of it with WikiLeaks, which is releasing the documents under the Vault 7 code-name. The part entitled “Year Zero” focuses on the hacking weapons used by the CIA to spy on pretty much anyone.
CIA said to be able to use your tech against you
The WikiLeaks Vault7 documents allege that the CIA is able to turn pretty much every form of technology into a sort of listening device to surveil anyone it wants to. The agency can supposedly use the microphones in smartphones, computers and smart TVs to listen in whenever it wants to, even when these devices are shut off.
Among the devices named specifically in the WikiLeaks Vault7 leak are Apple’s iPhone, Google’s Android devices, Microsoft’s Windows devices, and Samsung TVs. The agency reportedly is able to turn any one of these devices into “covert microphones.” For those who don’t believe smart TVs can be used to spy on them, this isn’t the first time we’re hearing of it, as some manufacturers have gotten in trouble for spying (but on a much lower level than what the CIA is accused of doing) on those who use their TVs.
The organization also claims that the CIA has bypassed the encryption on popular messaging platforms like WhatsApp, Telegram and Signal. If accurate, it means that these services aren’t nearly as secure as they would have you believe. There is an important distinction here though, which is that the CIA isn’t able to break encryption once data has been encrypted. Instead, the agency is said to be catching audio and video data before it is encrypted and stealing it.
WikiLeaks editor Julian Assange warned about an “extreme proliferation risk in the development of cyber ‘weapons'” because all it takes is seconds for these weapons to spread around the world after they’re leaked, meaning hackers of all calibers can exploit them. The organization said it redacted all names and other sensitive information before releasing the documents.
Expert says the WikiLeaks Vault7 documents look real
Business Insider spoke with an expert who examined the WikiLeaks Vault7 documents and feels that they are legitimate. Jake Williams, founder of Rendition Infosec, said it looked like multiple writers had contributed to the documents because they include more than one writing style. He also described the types of the details included in the documents as suggesting “a well resourced [sic] development, not some kids in a garage.”
Another cyber-security expert, Alex McGeorge of Immunity Inc., found no errors in the language and lots of consistency among the documents. Further, he said it looked pretty clear that the documents came from a spy agency in the U.S. and that it was probably either the CIA or National Security Agency. However, given that the NSA was referred to repeatedly as the “other” group within the leak.
The WikiLeaks Vault7 leak so far appears to be about on par with the massive breach that came a few years ago courtesy former NSA contractor Edward Snowden.