Vault 7: WikiLeaks reveals CIA's secret hacking tools and spy operations
WikiLeaks has unleashed a treasure trove of data to the internet, exposing information about the CIA's arsenal of hacking tools. Code-named Vault 7, the first data is due to be released in serialized form, starting off with "Year Zero" as part one. A cache of over 8,500 documents and files has been made available via BitTorrent in an encrypted archive.
The plan had been to release the password at 9:00am ET today, but when a scheduled online press conference and stream came "under attack" prior to this, the password was released early. Included in the "extraordinary" release are details of the zero day weapons used by the CIA to exploit iPhones, Android phones, Windows, and even Samsung TVs to listen in on people. Routers, Linux, macOS -- nothing is safe.
WikiLeaks explains how the "CIA's hacking division" -- or the Center for Cyber Intelligence (CCI) as it is officially known -- has produced thousands of weaponized pieces of malware, Trojans, viruses and other tools. It's a leak that's essentially Snowden 2.0. WikiLeaks says: "This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA."
Julian Assange's organization had been promoting the upcoming leak and accompanying press conference on Twitter. When the press conference came under attack, Plan B was brought into play meaning that the required password was released earlier than expected:
Press conf under attack: Facebook+Periscope video used by WikiLeaks' editor Julian Assange have been attacked. Activating contingency (1/2)
— WikiLeaks (@wikileaks) March 7, 2017
WikiLeaks published a lengthy press release to introduce the findings, summarizing what the archive contains. Unsurprisingly, the release is highly critical of the CIA:
Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
WikiLeaks says that it has taken care to review all of the documents and information it received from its source, and has been careful to avoid "the distribution of 'armed' cyberweapons." Some information has been redacted or anonymized, but an explanation for this has not been given.
The documents reveal that the CIA worked with MI5 in the UK to infect Samsung smart TVs so their microphones could be turned on at will. Investigations were carried out into gaining control of modern cars and trucks, and there is even a specialized division of the CIA focused on accessing, controlling and exploiting iPhones and iPads. This and Android zero days enables the CIA to "to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied."
Other revelations made in in Year Zero include the suggestion that the US Consulate in Frankfurt is actually a "covert base for [the CIA's] hackers covering Europe, the Middle East and Africa."
The cache makes for terrifying reading, but will take some time to be fully analyzed.
If you want to download the files for yourself, you can grab the torrent (sorry, no magnet link from WikiLeaks!) and extract it using 7-Zip. The password you'll need to decrypt the archive is: SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds