What You Need to Know about WikiLeaks’ (Vault 7) Release of Alleged CIA Documents
Amid a flurry of headlines about health care and wiretapping on Tuesday, WikiLeaks released nearly 9,000 documents that it claims describe hacking tools used by the CIA. The documentation, much of it technical in nature, describes tools that can be used to break into various desktop and mobile operating systems, as well as routers and smart TVs.
The documents’ authenticity remains unclear, and WikiLeaks has suggested that additional releases are forthcoming. Here’s what you need to know:
What was included in the leak?
Overall, the release contains 7,818 text pages and 943 file attachments, many of which are snippets of actual code. WikiLeaks said in its press release that although it is in possession of the code behind the hacking tools and malware described in the documents, it has decided not to release the malicious code itself.
Instead, the bulk of the release is essentially a directory of pages with technical instructions on how to implement the hacking tools (most of which have rather whimsical names). Many of those pages read like a corporate knowledge-base or wiki. On a page titled “Detailed Notes regarding Samsung F8000 Smart TV networking,” for example, the author notes a function in the television’s operating system that has yet to be reverse-engineered.
/etc/Scripts/wifi_restart.sh – calls /sbin/wifi_module_reset which is not yet fully understood
Another page, less technical in nature, describes “things you might do” with the “Weeping Angel” tool, which WikiLeaks alleges is the name of the tool used to hack smart TVs:
Extract browser credentials or history
Extract WPA/WiFi credentials
Insert Root CA cert to facilitate MitM of browser, remote access, or Adobe application
Investigate the Remote Access feature
Investigate any listening ports & their respective services
Attempt to override /etc/hosts for blocking Samsung updates without DNS query and iptables (referred to by SamyGo)
Add ntpclient update calls to startup scripts to sync implant’s system time for accurate audio collection timestamps
Is this legit?
Unclear. In a statement, a CIA spokesman said, “We do not comment on the authenticity or content of purported intelligence documents.” But anonymous government officials told The Washington Post that the content of the release suggests it is authentic. For what it’s worth, Edward Snowden seems to agree.
Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.
— Edward Snowden (@Snowden) March 7, 2017
Where did the documents come from?
WikiLeaks did not name the source of the leak, but their press release describes that source’s motivations:
In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
What kinds of devices were targeted?
The documents describe tools that can be used to hack into the following devices:
- iOS devices (iPhones, iPads)
- Android devices
- OSX devices (such as iMacs and MacBooks)
- Windows computers
- Linux computers
- Samsung smart TVs
WikiLeaks also tweeted that certain secure messaging apps were vulnerable:
— WikiLeaks (@wikileaks) March 7, 2017
Though Snowden thought that misleading:
PSA: This incorrectly implies CIA hacked these apps / encryption. But the docs show iOS/Android are what got hacked – a much bigger problem. https://t.co/Bw9AkBpOdt
— Edward Snowden (@Snowden) March 7, 2017
So… did the CIA hack my TV?
The released documents—again, not yet verified—are largely technical and don’t appear to include information about actual operations in which these tools have been used. However, the nature of the tools described indicates that they would be used for surveillance of individual targets, versus the population at large.
What does the White House say?
A man of many opinions on leaks, US president Donald Trump has yet to tweet about the WikiLeaks disclosure, and there has been no official response from the White House. During a press briefing on Tuesday, press secretary Sean Spicer declined to answer a question on the document release.
“Obviously that’s something that has not been fully evaluated,” he said.