WikiLeaks says it has exposed the CIA's hacking operations. Here's what we know now
WikiLeaks reports 'largest ever' leak of C...
The website claims they have several hundred million lines of code from the CIA's hacking arsenal that includes damaging information. USA TODAY NETWORK
In a statement, the CIA declined to comment on the authenticity of the documents, which they described as "purported."
Security experts, however, are concerned, with one expert saying that it is a possible sign that the spy agency has "lost control" over its cyber arsenal.
Here's what we know so far.
What do the documents claim to reveal?WikiLeaks says the documents have details about the size and scope of the CIA's hacking capabilities. The agency's hacking division had more than 5,000 users and produced more than a thousand trojans, viruses and "weaponized" malware, WikiLeaks said in a statement on its website.
The hacking program laid out in the documents had the ability to tap into iPhones, Google Android phones, Microsoft Windows operating systems and Samsung smart televisions, which can act as microphones. WikiLeaks said the agency could place smart TVs into "fake-off" mode, which allowed the agency to record conversations when the TV was seemingly off. The information, WikiLeaks said, would then be sent to "a covert CIA server."
"The CIA had created, in effect, its 'own NSA' with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified," WikiLeaks said in a statement on its website.
Was anyone hacked with these tools in the U.S.?Legally speaking, these cyber weapons can’t be used against U.S. citizens within the United States without the permission of the proper legal authorities-- and we currently have no information at this point that they were.
The CIA can, however, legally use the tools outside of the U.S. as the constitutional limitations that bind it don’t apply outside U.S. borders.
If they were used, it would have to have been done by the FBI, not the CIA. The domestic authority of the CIA is incredibly limited, said Robert Cattanach, a partner at the law firm Dorsey & Whitney.
“The only thing they can do is debrief people that have been overseas. They have no authority and in fact are forbidden from conducting operations in the United States,” said Cattanach, who was previously a trial attorney for the United States Department of Justice and also special counsel to the Secretary of the Navy.
These weapons are also expensive and difficult-to-create, making it unlikely the CIA used them on ordinary citizens.
What is WikiLeaks?WikiLeaks is a multi-national media organization and associated library, according to its website. It was founded by its publisher, Julian Assange, in 2006. Assange has been holed up in the Ecuadorian embassy in London since 2012 to avoid extradition to Sweden, where he has been accused of sexual assault, and the United States, where he fears possible espionage charges.
WikiLeaks has run a global campaign to expose government secrets through a series of controversial and sometimes embarrassing document dumps in recent years. One led to the imprisonment of Chelsea Manning, who has spent six years behind bars for leaking hundreds of thousands of classified documents through the WikiLeaks website.
This new data dump. Is it all true?USA TODAY hasn't yet been able to verify the documents, which were released Tuesday. In a statement, the CIA declined to comment on the authenticity of the documents, which the agency described as "purported."
How many documents are there?WikiLeaks says it has released thousands of documents, which it says are "the largest ever publication of confidential documents on the (CIA)."
How did WikiLeaks get the documents?WikiLeaks did not unveil its source. However, the organization did say the CIA Center for Cyber Intelligence "lost control of the majority of its hacking arsenal," which provided "the entire hacking capacity of the CIA."
Will there be an investigation?Representative Ted Lieu, Democrat of California, quickly called for an investigation by Congress in the wake of the release.
"The potential privacy concerns are mind-boggling," Lieu said. "We need to know if the CIA lost control of its hacking tools, who may have those tools, and how do we now protect the privacy of Americans."
What do security experts think?Jake Williams of the Rendition Infosec security firm said hackers, and those who combat them, will put the documents to use in the coming days or weeks.
"This is a treasure trove of information," Williams said. "We are regularly dealing with corporations being attacked by nation-state hacking groups. This gives us a lot of insight into how they do it."
Scott Vernick of the law firm Fox Rothschild said if it was true, "then at a minimum this is Snowden 2.0," referring to the former government contractor Edward Snowden, who leaked details of U.S. surveillance programs to news outlets.
"You're talking about an extensive hacking and malware program by the most powerful and largest intelligence-gathering organization in the world, one that's purportedly lost control over the arsenal," said Vernick, who specializes in data security and privacy.
What do the tech companies have to say?According to the documents, CIA hackers could break into devices such as iPhones, Android phones, PCs running Microsoft Windows and Samsung smart TVs, plus encrypted apps such as WhatsApp and Signal, you might be wondering what the impacted tech companies have to say about all this. For now, it's not much.
Microsoft, Google, Samsung and WhatsApp (owned by Facebook) told USA TODAY that they are looking into the matter. Apple and Signal did not respond to email messages seeking comment on the report.
Pop culture referencesThe documents showed CIA developers' penchant for pop culture. They named programs and techniques after the television series Doctor Who as well as the films Talladega Nights and Fight Club.
The documents revealed the "fake-off" smart TV technique was named "Weeping Angel," a nod to a recurring group of villains in Doctor Who. An implant for computers running Microsoft Windows went by the name "RickyBobby," the character played by Will Ferrell in the 2006 film Talladega Nights. Fight Club was the name for a trojan spread by thumb drives.
Follow Sean Rossman on Twitter: @SeanRossman
John Bacon, Elizabeth Weise, Nick Penzenstadler and Eli Blumenthal contributed to this article.