WikiLeaks exposes files on alleged CIA hacking tools targeting consumer electronics


WikiLeaks on Tuesday published what it described as thousands of secret documents about CIA hacking tools that the U.S. government uses to break into people’s computers, mobile phones and even smart TVs.

The documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other security features for keeping the private information of citizens and corporations safe from prying eyes.

U.S. government employees, including President Donald Trump, use many of the products and internet services that purportedly are compromised by the tools.

The documents describe CIA efforts — cooperating with friendly foreign governments and the U.S. National Security Agency — to subvert the world’s most popular technology platforms, including Apple’s iPhones and iPads, Google’s Android phones and the Microsoft Windows operating system for desktop and laptop computers.

The documents also include discussions about compromising some internet-connected televisions to turn them into listening posts. One document discusses hacking automobile systems.

WikiLeaks has a long track record of releasing top-secret government documents, and experts who sifted through the material said it appeared to be legitimate.

The chairman of the House intelligence committee, Republican California Rep. Devin Nunes, said he was very concerned about the release and had asked the intelligence community for more information about it.

Former CIA Director Mike Hayden told MSNBC he had undertaken only a cursory review of the documents but said if they were real, it would amount to a “very extensive file of the tactics, techniques, procedures, targets and other political rules” under which the CIA hacks targets. “If it is that, it would be very, very damaging,” he said.

The CIA and the White House declined comment.

Missing from WikiLeaks’ trove are the actual hacking tools. Some were developed by government hackers and others were purchased from outside. WikiLeaks said it planned to avoid distributing tools “until a consensus emerges” on the political nature of the CIA’s program and how such software could be analyzed, disarmed and published.

Tuesday’s disclosure left consumers who use the products with little recourse, since changing software to block the tools is the responsibility of technology companies.

The revelations threatened to upend confidence in an Obama-era government program, the Vulnerability Equities Process, under which federal agencies warn technology companies about weaknesses in their software so they can be quickly fixed.

It was not immediately clear how WikiLeaks obtained the information, and details in the documents could not immediately be verified. WikiLeaks said the material came from “an isolated, high-security network” inside the CIA’s Center for Cyber Intelligence but didn’t say whether the files were removed by a rogue employee or whether the theft involved hacking a federal contractor working for the CIA or perhaps breaking into a staging server where such information might have been temporarily stored.

“The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive,” WikiLeaks said in a statement.

Some technology firms on Tuesday said they were evaluating the information. Microsoft said it was looking into the report, while the maker of the secure messaging app Signal said the purported CIA tools affect users’ phones themselves and not its software design or encryption protocols.

The manufacturer of the popular Telegram mobile messaging app said that manufacturers of cellphones and their operating systems — including Apple, Google and Samsung — are responsible for improving the security of their devices. It said the effort will require “many hours of work and many security updates” and assured its customers that “If the CIA is not on your back, you shouldn’t start worrying yet.”

The tools described in the documents carried names including Time Stomper, Fight Club, Jukebox, Bartender, Wild Turkey, Margarita and RickyBobby, a race car-driving character in the comedy film “Talladega Nights.”

RickyBobby, the documents said, was intended to plant and harvest files on computers running “newer versions of Microsoft Windows and Windows Server.” It operated “as a lightweight implant for target computers” without raising warnings from antivirus or intrusion-detection software. It took advantage of files that Microsoft has built into Windows since at least 10 years ago.

The files include boasting comments by CIA hackers. “You know we got the dankest Trojans and collection tools,” one reads.

The documents show broad exchanges of tools and information among the CIA, NSA and other U.S. intelligence agencies, as well as the intelligence services of close allies Australia, Canada, New Zealand and the United Kingdom.

WikiLeaks claimed the CIA uses both its headquarters in Langley, Virginia, and the U.S. Consulate in Frankfurt, Germany, as bases for its covert hackers. The AP found that one purported CIA hack that imitates the Domain Name System — the internet’s phone book — traced to an internet domain hosted in Germany.

In an unusual move, WikiLeaks said it was withholding some secrets inside the documents. Among them, it said it had withheld details of tens of thousands of “CIA targets and attack machines throughout Latin America, Europe and the United States.”

WikiLeaks also said its data included a “substantial library” of digital espionage techniques borrowed from other countries, including Russia.

If the authenticity of the documents is officially confirmed, it would represent yet another catastrophic breach for the U.S. intelligence community at the hands of WikiLeaks and its allies, which have repeatedly humbled Washington with the mass release of classified material, including from the State Department and the Pentagon.

Documents purportedly from the CIA’s Embedded Development Branch discuss techniques for injecting malicious code into computers protected by the products of leading anti-virus companies. They describe ways to trick anti-virus products from companies including Russia-based Kaspersky Lab, Romania-based BitDefender, Dutch-based AVG Technologies, F-Secure of Finland and Rising Antivirus of China.

In the new trove, programmers also posted instructions for how to access user names and passwords in internet browsers such as Microsoft’s Internet Explorer, Google Chrome and Mozilla Firefox.

Some documents were classified “secret” or “top secret” and not for distribution to foreign nationals. One file said those classifications would protect hacks from being “attributed” to the U.S. government. Attribution — identifying who was behind an intrusion — has been difficult for investigators probing sophisticated hacks that likely came from nations such as Russia and China.