Today, Wikileaks released “Year Zero,” which they say is a trove of 8,761 “documents and files from an isolated high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.”
They claim it is the first in a “series” of intelligence leaks, called Vault 7, that will comprise the largest intelligence dump in history. The documents detail CIA weapons, tactics, vulnerabilities, operations and strategies available to and used by cyberintelligence officers operating inside or on behalf of the CIA’s secretive CCI, Center for Cyber Intelligence. Wikileaks claims the information inside is as recent as 2016; NSA hacker Edward Snowden has stated that the documents appear to be legitimate.
Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.
— Edward Snowden (@Snowden) March 7, 2017
“Year Zero” reveals hacks, exploits, and “Zero Day” vulnerabilities in operating systems, hardware, software, and devices used by nearly every American and millions of people across the globe. The CIA can exploit holes in every available operating system and antivirus, including Android and iOS, as well as encrypted messaging apps like Signal. They detail exploits on “smart” devices to activate microphones and cameras even when the owners of such devices attempt to turn them off.
Instead of revealing software and hardware weaknesses, the CIA collected them, adding them to an ever-growing arsenal of available cyberweapons. The dump also details the agency’s direction and interest in developing new capabilities. That includes the operating systems behind self-driving cars, for example, to which the CCI was working to gain access.
Wikileaks says Central Intelligence Agency operatives “lost control” of “the majority” of its hacking arsenal, millions of lines of code that include “malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation” and amount to what they say is the “entire hacking capacity of the CIA.” They say the arsenal has already been removed from the CIA and distributed to former government hackers and contractors in “an unauthorized manner.” They cite one of those recipients as their source, while keeping the recipient’s identity anonymous.
The individual who provided these documents to Wikileaks allegedly leaked the secrets in order to press debate over the scope and capabilities of CIA cyber-weaponry. That includes “whether the CIA’s hacking capabilities exceed its mandated powers” and “the problem of public oversight of the agency.”
“The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons,” says the Wikileaks release. If legitimate, the cyberweapons and vulnerabilities contained in the “Year Zero” release alone reveal a more capable and dangerous cyberintelligence architecture than Americans have ever known.
In communications, Wikileaks seems to paint the release as an indictment of a reckless CIA. They write that “once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.”