SAN FRANCISCO — US intelligence officials were panicked that WikiLeaks released a trove of thousands of documents on Tuesday that claim to expose the tools the CIA uses to hack phones, computers, and other devices.
Intelligence officials confirmed to BuzzFeed News that the documents they reviewed appear legitimate, and that they not only put current US cyber operations in danger, but provide a road map for adversaries around the world who want to study US methods and, one day, deploy those methods themselves.
“We already have this deficit in our ability to defend ourselves and now in the release of the tools we use our ability to scoop up info, our ability to attack is compromised,” said Eric O’Neill a former counterintelligence officer for the FBI who now works for the cybersecurity firm Carbon Black. “When these tools get out it proliferates among those who want to attack. They will be taken and modified and used by others who want to attack.”
A CIA spokesman told BuzzFeed News they “do not comment on the authenticity or content of purported intelligence documents.”
WikiLeaks claimed the 8,761 documents and files purportedly from the CIA’s Center for Cyber Intelligence are the “largest ever publication of confidential documents on the agency.” The documents expose the malware and exploits the CIA uses to hack into devices ranging from phones and laptops to smart TVs. But unlike previous documents released by WikiLeaks, such as the well-known cache of documents made public by former NSA contractor Edward Snowden that detailed widespread US surveillance efforts, there is little in these documents which is likely to surprise the general public. That a US intelligence agency develops programs that allow it to hack into devices across the world is something any person who has ever watched a spy thriller should be able to guess. Rather, the documents’ importance comes from the detailed technical information they reveal about how the CIA conducts its cyber ops, throwing open the door on some of the intelligence community’s most closely guarded secrets.
“This is, if you look at the big picture, worse than Snowden. What he released led to big headlines and put a few lives in danger. What we have here could potentially put thousands of people in danger in countries around the world. It’s like handing our biggest cyber guns over to anyone with an internet connection,” said one US intelligence officer, who spoke to BuzzFeed News on condition of anonymity due to the sensitivity of the documents. He did not want his place of work named, though he has direct knowledge of US cyber operations. “The documents WikiLeaks published today are extremely dangerous. Not only do they endanger current operations, they reveal details about our methodology and practices which we don’t want our adversaries knowing about, let alone mimicking!”
Imagine if you could print a gun off the internet, added the officer, then use it against anyone you choose.
“Every adversary we have will be studying our methods and learning from them. They will use them not just against us, but against anyone weaker, with less cyber abilities,” said the officer. “It’s a worst-case scenario.”
WikiLeaks said in its statement that it was not publishing some of the most detailed information, such as the source code that could replicate the tools described in the documents, though the group added in a statement that it could publish that information if “a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should [sic] analyzed, disarmed and published.”
However, the intelligence officer said that based on what was already made public, countries around the world could begin looking into their systems and try to re-create whatever cyber tools the US had deployed there.
“I would say that what has already been released is dangerous enough. Russia, China, Iran, North Korea… Any number of countries are reading this over as if they’ve just been handed a manual,” said the officer.
“The potential to have this turned around and used against us and our allies is enormous. In my mind this is worse than what Snowden released,” said Jonna Mendez, former high-ranking CIA officer in the agency’s Office of Technical Service. “This is not hacking, you don’t have to break the encryption using these tools, you are basically bypassing the encryption and taking control of the end user, of the phone or computer. It’s much more dangerous.”
Cybersecurity experts focused on one particular section of the WikiLeaks trove that documented the use of “zero days,” a name given to bugs or other issues with a piece of technology that the original manufacturer doesn’t know about yet. Zero days are essentially problems within a machine or system that the manufacturer has had zero days to fix, so whether within an app on an iPhone or Microsoft Word, hackers can use it to break in.
In it release, WikiLeaks wrote, “‘Year Zero’ introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.”
Zero days, however, are difficult to find and cost millions of dollars to develop or buy from private researchers who uncover them. Cybersecurity experts were quick to point out that there had been misconceptions over whether the WikiLeaks documents claimed that the CIA had tools to break the encryption used by secure messaging apps such as Signal and WhatsApp used by millions of people across the world to guard their privacy. What the documents actually showed was that the CIA could hack into the device itself, whether it was an Apple or Android product, thus making any apps on that device no longer secure. (The app’s security features would at that point be the equivalent of putting an extra bolt to lock the door once the burglar is already inside the house.)
The documents also detailed a program called “Weeping Angel” that allowed spy agencies to install software on smart TVs, which turned the appliance into a listening device. Even when the TV appeared to be switched off, it could listen in on conversation. Another document showed that the CIA had researched methods of hacking into cars and remotely controlling them. In one section, detailing how CIA hackers operate out of the US consulate in Frankfurt, Germany, advice is given on how to travel through the airport and how Lufthansa (helpfully) offers free booze on international flights.
WikiLeaks did not comment on where, or how, it had obtained the documents detailing the CIA’s cyber capabilities, though O’Neill and others who spoke to BuzzFeed News said US intelligence agencies were likely focused on whether the documents had come from a whistleblower, or whether the CIA had been hacked.
“Either scenario is worrying,” said O’Neill.
It took a few hours for that frenzy to reach Capitol Hill, where lawmakers searched for answers. But information on how the trove of documents got to WikiLeaks, and what the potential impact could be, hadn't yet been provided to lawmakers.
"If they can hack into the CIA, they can hack into anything," said Sen. John McCain.
The leak is the latest to be made public by WikiLeaks, which has come under fire for failing to adequately redact certain documents and also for its role in the US election. Last year the group released thousands of emails detailing the communications of top Democratic Party leaders — which were widely believed to originate from a Russian government–sponsored hack. US intelligence agencies accused Russia of trying to meddle in the US elections and said WikiLeaks had assisted in that cause.
Ali Watkins contributed to this report from Washington.
Outside Your Bubble is a BuzzFeed News effort to bring you a diversity of thought and opinion from around the internet. If you don’t see your viewpoint represented, contact the curator at email@example.com. Click here for more on Outside Your Bubble.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Contact Sheera Frenkel at firstname.lastname@example.org.
Got a confidential tip? Submit it here.