The US intelligence agencies are facing fresh embarrassment after WikiLeaks published what it described as the biggest ever leak of confidential documents from the CIA detailing the tools it uses to break into phones, communication apps and other electronic devices.
Thousands of documents focus mainly on techniques for hacking, including how the CIA cooperated with British intelligence to engineer a way to compromise smart televisions and turn them into improvised surveillance devices.
The leak, dubbed “Vault 7” by WikiLeaks, will once again raise questions about the inability of US spy agencies to protect secret documents in the digital age. It follows disclosures about Afghanistan and Iraq by army intelligence specialist Chelsea Manning in 2010 and about the National Security Agency and Britain’s GCHQ by Edward Snowden in 2013.
The documents appear to be from the CIA’s 200-strong Center for Cyber Intelligence and show in detail how the agency’s digital specialists engage in hacking.
According to the documents:
- CIA hackers targeted smartphones and computers.
- The Center for Cyber Intelligence is based at the CIA headquarters in Virginia but it has a second covert base in the US consulate in Frankfurt which covers Europe, the Middle East and Africa.
- A programme called Weeping Angel describes how to attack a Samsung F8000 TV set so that it appears to be off but can still be used for monitoring.
The CIA declined to comment on the leaks beyond the agency’s now-stock refusal to verify their contents. “We do not comment on the authenticity or content of purported intelligence documents,” wrote CIA spokesperson Heather Fritz Horniak.
But it is understood the documents are genuine and a hunt is under way for the leakers or hackers responsible for the leak.
Snowden, who is exile in Russia, said in a series of tweets the documents seemed genuine and that only an insider could know this kind of detail. “Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.”
He added: “If you’re writing about the CIA/@Wikileaks story, here’s the big deal: first public evidence USG(US government) secretly paying to keep US software unsafe.” He described this as “reckless beyond words”.
The leaks come at an especially sensitive juncture, with the US intelligence agencies involved in confrontation with the president, Donald Trump, over alleged Russian hacking to influence the US election.
The timing is helpful to Trump, potentially diverting - at least temporarily - from the row engulfing the president over alleged links between his team and Russia.
Julian Assange, the WikiLeaks editor-in-chief, said the disclosures were “exceptional from a political, legal and forensic perspective”.WikiLeaks has been criticised in the past for dumping documents on the internet unredacted and this time the names of officials and other information has been blacked out.
WikiLeaks shared the information in advance with Der Spiegel in Germany and La Repubblica in Italy.
The document dealing with Samsung televisions carries the CIA logo and is described as secret. It adds “USA/UK”. It says: “Accomplishments during joint workshop with MI5/BTSS (British Security Service) (week of June 16, 2014).”
It details how to fake it so that the television appears to be off but in reality can be used to monitor targets. It describes the television as being in “Fake Off” mode. Referring to UK involvement, it says: “Received sanitized source code from UK with comms and encryption removed.”
WikiLeaks, in a statement, said: “The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake Off’ mode, so that the owner falsely believes the TV is off when it is on.
“In ‘Fake Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the internet to a covert CIA server.”
The role of MI5, the domestic intelligence service, is mainly to track terrorists and foreign intelligence agencies and requires warrants.
The Snowden revelations created tension between the intelligence agencies and the major IT companies upset that the extent of their cooperation with the NSA had been exposed. But the companies were primarily angered over the revelation that the agencies were privately working on ways to hack into their products. The CIA revelations risk renewing the friction with the private sector.
The initial reaction of members of the intelligence community was to question whether the latest revelations were in the public interest.
A source familiar with the CIA’s information security capabilities told the Guardian the leak calls into question the agency’s reliance on contractors, noting that Snowden was a source of leaks that detailed the NSA’s warrantless surveillance of US citizens, and that sloppiness of the part of another contractor may have led to exposure of more of the NSA’s tools last year.
The source took issue with WikiLeaks’ characterisation of its own aims. WikiLeaks said the leaker wanted “to initiate a public debate about cyberweapons”. But the source said this was akin to claiming to be worried about nuclear proliferation and then offering up the launch codes for just one country’s nuclear weapons at the moment when a war seemed most likely to begin.
Tuesday’s leaks also reveal that CIA hackers operating out of the Frankfurt consulate are given diplomatic (“black”) passports and US State Department cover. The documents include instructions for incoming CIA hackers that make Germany’s counter-intelligence efforts appear inconsequential:
“Breeze through German customs because you have your cover-for-action story down pat, and all they did was stamp your passport.
Your cover story (for this trip):
Q: Why are you here?
A: Supporting technical consultations at the Consulate.”
A number of the CIA’s electronic attack methods are designed for physical proximity. These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record databases. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB stick containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and extracts data.
A CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a programme showing videos , presenting slides, playing a computer game, or even running a fake virus scanner. But while the decoy application is on the screen, the system is automatically infected and ransacked.
The documents provide travel advice for hackers heading to Frankfurt: “Flying Lufthansa: Booze is free so enjoy (within reason).”