‘Ottawa’ WikiLeaks Releases info on What it Says are a Trove of CIA Hacking Tools
WASHINGTON — The anti-secrecy organization WikiLeaks said Tuesday that it has obtained a vast portion of the CIA’s computer hacking arsenal, and began posting the files online in a breach that may expose some of the U.S. intelligence community’s most closely guarded cyber weapons.
WikiLeaks touted its trove as exceeding in scale and significance the massive collection of National Security Agency documents exposed by former U.S. intelligence contractor Edward Snowden.
A statement from WikiLeaks indicated that it planned to post nearly 9,000 files containing code developed in secret by the CIA to steal data from targets overseas and turn ordinary devices including cell phones, computers and even television sets into surveillance tools.
The authenticity of the trove could not immediately be determined. A CIA spokesman would say only that “we do not comment on the authenticity or content of purported intelligence documents.”
WikiLeaks indicated that it obtained the files from a current or former CIA contractor, saying that “the archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
“At first glance,” the data release “is probably legitimate or contains a lot of legitimate stuff, which means somebody managed to extract a lot of data from a classified CIA system and is willing to let the world know that,” said Nicholas Weaver, a computer security researcher at the University of California.
Faking a large quantity of data is difficult, but not impossible, he noted. He said he knows of one case of WikiLeaks deliberately neglecting to include a document in a data release and one case of WikiLeaks deliberately mislabeling stolen data, “but no cases yet of deliberately fraudulent information.”
U.S. officials also allege WikiLeaks has ties to Russian intelligence agencies. The Web site posted thousands of e-mails stolen from Democratic party computer networks during the 2016 presidential campaign, files that U.S. intelligence agencies concluded were obtained and turned over to WikiLeaks as part of a cyber campaign orchestrated by the Kremlin.
U.S. intelligence officials appeared to have been caught off-guard by Tuesday’s disclosure. One U.S. official said that investigators were only beginning to look at the files being posted online, and declined to say whether the CIA had anticipated the leak or warned other agencies.
“We’ll see what it is whenever they release the codes,” the official said.
WikiLeaks said the trove was comprised of tools – including malware, viruses, trojans and weaponized “zero day” exploits – developed by a CIA entity known as the Engineering Development Group, part of a sprawling cyber directorate created in recent years as the agency shifted resources and attention to online espionage.
The digital files are designed to exploit vulnerabilities in consumer devices including Apple’s iPhone, Google’s Android software and Samsung television sets, according to WikiLeaks, which labeled the trove “Year Zero.”
WikiLeaks said the files were created between 2013 and 2016, and that it would only publish a portion of the archive – redacting some sensitive samples of code – “until a consensus emerges on the technical and political nature of the CIA’s program.”
Beyond hacking weapons, the files also puportedly reveal information about the organization of the CIA’s cyber directorate, with an organization chart and files that indicate that the agency uses the U.S. consulate in Frankfurt, Germany as a hub of digital operations in Europe, the Middle East and Africa.
Though primarily thought of as an agency that recruits spies, the CIA has taken on a larger role in electronic espionage over the past decade. CIA efforts mainly focus on so-called “close in” operations in which the agency at times relies on individuals to implant code on computer systems not connected to the Internet.
The CIA’s focus is more narrow and targeted than that of the NSA, which is responsible for sweeping up electronic communications on a massive scale around the globe.
THE CIA’S SPYING ARSENAL
SAMSUNG SMART TVs
WikiLeaks claims the CIA worked with U.K. intelligence officials to turn microphones in Samsung Smart TVs into listening devices. Samsung Smart TVs have microphones so viewers can make voice commands, such as requests for movie recommendations. WikiLeaks claims that through a program called Weeping Angel — named after a Doctor Who villain — the target TV appears to be off when it is actually on — and listening. “After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server,” says WikiLeaks.
The CIA’s Mobile Devices Branch (MDB) is hacking smartphones, says WikiLeaks. A special unit produces “malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads,” it says. “The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites,” says WikiLeaks.
The CIA also has a special department targting Google’s Android and has developed techniques “to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.”
WikiLeaks claims the CIA “runs a very substantial effort to infect and control” Microsoft Windows users with malware. A virus called “Hammer Drill” infects software distributed by CD/DVDs while “Brutal Kangaroo” is a system to hide data in images or in covert disk areas, says WikiLeaks. Meanwhile, HIVE “is a multi-platform CIA malware suite” providing customizable implants for Windows and Linux platforms among others.
“As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations,” says WikiLeaks in a press release.
WikiLeaks claims the CIA is able to hack devices by exploiting vulnerabilities that it conceals from manufacturers such as Apple and Google. “By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone at the expense of leaving everyone hackable,” it says.
“The CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use,” says WikiLeaks. Spies insert a USB containing malware into a targeted computer — such as a police record database. “To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos). But while the decoy application is on the screen, the underlaying system is automatically infected and ransacked,” says WikiLeaks.
The U.S. Consulate in Frankfurt is a covert base for CIA hackers covering Europe, the Middle East and Africa, says WikiLeaks.
National Post news services