Wikileaks has released a set of CIA documents in a new series of leaks that reveal the Central Intelligence Agency’s (CIA) hacking capability. The Vault 7 leak by Wikileaks starts with 8,761 documents which came from servers in Langley, Virginia. It’s been revealed that the CIA uses a host of tools under the Engineering Department Group (EDG) formed under the Center for Cyber Intelligence (CCI) at the CIA, which has a less than clean history.
The documents include millions of lines of codes (redacted for security reasons), including zero day exploits to gain full access to a device, allowing them to go around the end-to-end encryption advertised by many popular apps, such as Telegram, Signal, and more. Former security agents have confirmed with the NY Times that the program code names and hacking database as contained in the Vault 7 leak seem genuine. The CIA response to this leak has simply been:
“We do not comment on the authenticity or content of purported intelligence documents.”
Wikileaks Vault 7 leaks CIA hacking documents
Vault 7 documents show that by 2016, the CIA’s hacking arm had over 5000 active hackers. One hacking tool, which was done in cooperation with UK intelligence, is called Weeping Angel, an exploit that allows the CIA to use Samsung smart TVs to listen in on conversations even when the device is “off.”
The CIA maintains its own hacking arms under the CCI, separate from the NSA, so the revelations of Vault 7 really underscore the fact that the American government has been hoarding zero days at the expense of the security community as a whole. Wikileaks said that the source “wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.”