WikiLeaks published a trove of documents it called, "Vault 7," which was represented to be some of the U.S. Central Intelligence Agency's "hacking tools."
By LOUIS FLORES
The transparency Web site WikiLeaks on Tuesday published documents it alleged showed some of the hacking tools used by the U.S. Central Intelligence Agency.
WikiLeaks alleged that the documents showed that the CIA has utilized malware to target smartphones using the iOS and Android operating systems and computers using the Windows, Mac OS X, and Linux operating systems, amongst other electronic devices. WikiLeaks also published other allegations, including that the CIA violated a commitment of the Obama administration to disclose vulnerabilities in technologies, or "zero day" bugs, in the devices or software of U.S.-based manufacturers, such as Apple, Google, Microsoft, and others.
During a telephone conversation, a spokesperson for the CIA declined to provide a response on behalf of the agency to the publication of documents by WikiLeaks. The spokesperson said that the agency would only provide an "on the record" response if a request was sent to an unclassified e-mail address. Therefore, the documents published by WikiLeaks have not been confirmed to be true copies by the CIA. However, other news media were able to receive confirmation that the documents were authentic.
In a press release announcing the publication, associates of WikiLeaks revealed that the security of the CIA's hacking tools had become compromised and that the CIA's failure to secure its hacking tools was responsible for WikiLeaks being able to obtain the documents and information : "Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized 'zero day' exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."
Because the CIA harnessed dangerous hacking technology that it failed to secure, WikiLeaks alleged that the CIA's failures and violations have triggered a "serious proliferation risk," writing, in part, that, "Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike."
U.S. Consulate in Frankfurt, Germany, is a "covert CIA hacker base"
In the initial press release announcing the publication of the Vault 7 documents, WikiLeaks also revealed that the agents of the CIA operate out of the U.S. Consulate in Frankfurt, Germany. The German operation acts as a base for hackers, who cover sites in Europe, the Middle East, and Africa, according to the WikiLeaks press release. The German operation possesses the capability to target police records databases, which are otherwise disconnected from the Internet, according to WikiLeaks.
According to an analysis performed by WikiLeaks of the CIA's hacking tools, the CIA also has the capability to mimic the digital fingerprints of hackers of other states, including the Russian Federation, by virtue of having stolen the hacking tools used by other states. The code name for this CIA program is "UMBRAGE." According to WikiLeaks, "With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the 'fingerprints' of the groups that the attack techniques were stolen from."
On online community bulletin boards, the reaction to the publication by WikiLeaks of documents said to show some of the CIA's hacking tools included the invocation of skepticism that the results of the 2016 U.S. presidential election was somehow the product of hacking by the Russian Federation, as has been widely reported. On the /pol/ community bulletin board of 4chan, one bulletin board user triggered a sidebar discussion about how the CIA's ability to mimic the digital fingerprints of Russian hackers would make it difficult to verify the origin and actors of any hacking that took place during the 2016 election. In the time leading up to the 2016 U.S. presidential election, hacks or attempts at hacks were made on the computers or servers of the Democratic National Committee and the Clinton Foundation, as well as on the e-mail account of former First Lady Hillary Rodham Clinton's campaign manager, John Podesta.
Other allegations made by WikiLeaks in its initial press release included that the CIA's hacking tools permitted the agency to circumvent the smartphone communications applications sometimes relied upon by journalists, such as WhatsApp and Signal.
- Vault 7 : CIA Hacking Tools Revealed [WikiLeaks]