On Tuesday, WikiLeaks released thousands of new documents it claimed were from the Central Intelligence Agency. The documents, which detail some of the CIA’s hacking capabilities, are part of a larger trove of data WikiLeaks says it will continue to release in a series. WikiLeaks is calling the series Vault 7 and has named Tuesday’s dump Year Zero:
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
“Year Zero,” WikiLeaks writes, “introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits” against vulnerabilities in smartphones, computers, and Samsung smart TVs. The smartphone vulnerabilities reportedly allow the CIA to hack into phones running popular secure messaging apps like Signal and WhatsApp and intercept messages and data before the apps’ encryption is applied. (While some on Twitter have interpreted this to mean that Signal has been "broken,” that isn’t the case.) The dump also reportedly reveals ways in which the CIA has attempted to cover its digital tracks in its hacking efforts and the location of a major base for CIA hackers in Europe.
WikiLeaks says many of the hacking tools described in Vault 7 were made unclassified to skirt rules on posting classified information to the internet—most of the CIA’s malware requires the use of the internet for communication. “This means that cyber ‘arms’ manufactures and computer hackers can freely “pirate” these ‘weapons’ if they are obtained,” WikiLeaks claims. “The CIA has primarily had to rely on obfuscation to protect its malware secrets.”
WikiLeaks says it has elected not to release the actual code for the CIA’s malware and cyberweapons “until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.”
The New York Times reported that a former intelligence officer it contacted has said the some of the information included in the dump “appears to be genuine.” David Kennedy, CEO of the information security firm TrustedSec, told Wired the dump’s information appeared genuine as well:
“From what I can tell, this seems to be legitimate,” says David Kennedy, CEO of TrustedSec, who formerly worked at the NSA and with the Marine Corps’ signals intelligence unit. “It shows expansive capabilities of the CIA and divulges NSA tools as well. But a lot of it seems to be missing, as far as direct codebase used for these.” Wikileaks says it redacted much of that more specific information.
Those redactions, in part, make it difficult to ascertain just how comprehensive the leaked information is. In spite of Wikileaks’ claims, it is only a small fraction of the CIA’s total arsenal.