The inner workings of the CIA’s cyber-espionage operations were at risk of being laid bare on Tuesday, after Wikileaks published what it claimed was the first part of a large trove documents detailing the US agency’s techniques for hacking into smartphones, internet-connected TVs and other devices.
The documents purported to reveal a stockpile of malware used by the CIA to break into some of today’s most widely used technologies, including phones and tablets running on Google’s Android operating system and Apple’s iOS.
By taking control of smartphones, Wikileaks claimed the agency was also able to get around the protections built into encrypted messaging services like WhatsApp, Telegram and Signal, which have risen in popularity as many users look for stronger protection against prying eyes.
Tuesday’s release echoed the massive dump of National Security Agency documents that began in 2013. Those files, handed over by former NSA contractor Edward Snowden, caused an international political storm and exposed fissures between Washington and some of the largest US tech companies, which found their products had come under attack by their own government.
Wikileaks claimed that the trove of CIA information it had obtained, which it called Vault 7, included “several hundred million lines of code”, including many of the agency’s cyber-weapons. It published close to 9,000 documents and files on Tuesday and said it would only reveal details of the malware and other cyber-weapons after it had been “analysed, disarmed and published.”
“The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive,” it said.
The disclosures will raise new questions about government use of so-called “zero day” exploits, or malware that takes advantage of previously unidentified flaws in common technology products.
Security experts warn that by using these tools for espionage or law enforcement, agencies like the CIA risk releasing powerful cyber-weapons into wider use, helping criminals and terrorists. The Obama administration promised to severly limit its collection of such tools after the Snowden revelations, keeping only a small, undisclosed number for national security reasons. Wikileaks said the files it had obtained included “dozens of ‘zero day’ weaponised exploits.”