WikiLeaks on Tuesday released a trove of purported CIA documents hailed by security expert Jessalyn Radack as "in same category as [the] biggest leaks of classified info by [whistleblowers] Chelsea Manning and Edward Snowden."
"The CIA reports show the U.S. government developing vulnerabilities in U.S. products, then intentionally keeping the holes open. Reckless beyond words."
—Edward SnowdenIndeed, Snowden himself described the leak as "genuinely a big deal" on Twitter. "Looks authentic," the National Security Agency (NSA) whistleblower added. The New York Times also described the documents' authenticity as "likely."
The Times went on to describe the bombshell revelations included in the trove of documents:
Among other disclosures that, if confirmed, would rock the technology world, the WikiLeaks release said that the CIA and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp, and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect "audio and message traffic before encryption is applied."
Tuesday's release of documents comprise part one of a series, WikiLeaks wrote in a press statement. This first installment, titled "Year Zero," contains "8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Va.," according to WikiLeaks.
"The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive," writes the transparency organization, noting that this means the CIA's cyber arsenal has already been widely and possibly insecurely shared.
WikiLeaks explains that "'Year Zero' introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of 'zero day' weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android, and Microsoft's Windows, and even Samsung TVs, which are turned into covert microphones."
Indeed, the documents appear to confirm security experts' and privacy advocates' warnings about the dangers of so-called "smart" technologies:
— WikiLeaks (@wikileaks) March 7, 2017
And Snowden notes that the documents demonstrate that the U.S. government itself appears to be paying tech companies to ensure their products remain insecure. "Reckless beyond words," he tweeted:
The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words.
— Edward Snowden (@Snowden) March 7, 2017
In describing the scope of the archive, WikiLeaks details the vast hacking powers of the CIA—powers that the CIA itself seems to have lost control over, according to the leak:
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force—its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
"In a statement to WikiLeaks," the organization adds, "the source [of the document leak] details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons."
"Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia, and teenage hackers alike," WikiLeaks notes.