WikiLeaks releases major trove of alleged CIA hacking documents
WikiLeaks has described the 'Vault 7' leak as the largest ever leak of confidential documents from the CIA
US intelligence agencies have been left with egg on their faces after Wikileaks published what it said is the biggest-ever leak of confidential documents from the CIA detailing the tools it uses to hack into phones, communication apps and other electronic apps.
The 8,761 documents focus largely on hacking techniques, including how to compromise smart televisions and turn them into improvised surveillance devices. They include malware that targets Windows, Androd, iOS, OSX and Linux computers as well as internet routers.
Wikileaks said that its source had shared the details with it to prompt a debate into whether the CIA's hacking capabilities had exceeded its mandated powers.
A spokesman for the CIA would not confirm the details.
"We do not comment on the authenticity or content of purported intelligence documents," he said.
The leak, that WikiLeaks has dubbed “Vault 7”, will raise further questions about the inability of US intelligence agencies to safeguard secret documents in the digital age. It follows disclosures about Afghanistan and Iraq by Chelsea Manning in 2010 and about the National Security Agency and Britain’s GCHQ by Edward Snowden in 2013.
The effort to compromise Samsung's F8000 range of smart TVs was codenamed Weeping Angel by the CIA, according to documents dated June 2014.
They describe the creation of a "fake-off" mode, designed to fool users into believing that their screens had been switched off.
Instead, infected sets were made to covertly record audio, which would later be transferred over the internet to CIA computer servers once the TVs were fully switched back on, allowing their wi-fi links to re-establish.
Under a "future work" section, it is suggested that video snapshots might also be taken and the wi-fi limitation be overcome.
Alleged Apple attacks
Wikileaks also claims that as of last year, the CIA has built up an arsenal of 24 Android "zero days" - the term given to previously unknown security flaws in code.
Some of these are said to have been discovered by the CIA, but others were allegedly obtained from the UK's GCHQ agency as well as the NSA and unnamed third-parties.
Devices made by Samsung, HTC and Sony, among others, were said to have been compromised as a result, allowing the CIA to read messages on Whatsapp, Signal, Telegram and Weibo among other chat services.
It is also claimed that a specialised CIA unit was set up to target iPhones and iPads, allowing the agency to see a target's location, activate their device's camera and microphone, and read text communications.
The unit is also reported to have made use of further iOS "zero days" obtained from GCHQ, the NSA and FBI.
The documents also claim that the CIA was trying to find ways to infect vehicles' computer control systems for “undetectable assassinations”, had developed attacks against popular anti-virus products, had built up a library of hacking techniques "stolen" from malware developed in Russia and elsewhere
Wikileaks describes its release as the first in a series of planned leaks about the CIA's cyber-activities.