Whistleblowing group WikiLeaks has published what it claims are details of malware and cyber weapons used by the CIA - some developed in conjunction with MI5.
According to documents uploaded yesterday, the agency holds tools that target flaws in popular platforms including Windows, macOS, iOS and Android.
The alleged arsenal also includes an attack against Samsung smart televisions, which is said to have been developed with help from UK spy agency MI5.
WikiLeaks claimed the CIA had “lost control” of its tools, which were circulated “in an unauthorised manner”, giving their possessors the CIA’s “entire hacking capacity”.
The source of the documents has not been named and their contents have not been confirmed. Although a CIA spokesperson would not comment on the documents’ authenticity, NSA whistleblower Edward Snowden suggested they were genuine.
“Still working through the publication, but what WikiLeaks has here is genuinely a big deal,” he tweeted yesterday. “Looks authentic.
“What makes this look real? Program and office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them.”
Snowden went on to criticise suggestions that the CIA and US government had researched vulnerabilities in products and intentionally left them open, pointing out that those same flaws would remain present for cyber criminals to take advantage of.
Although the alleged tools vary in nature, a common theme is the compromise of smart devices to gain control of their cameras and microphones.
For example, the Samsung television exploit - dubbed Weeping Angel - creates a “fake-off” mode where sets appear to be off but continue to record audio.
"There is an extreme proliferation risk in the development of cyber 'weapons',” said WikiLeakes editor Julian Assange.
“Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade.
“But the significance of Year Zero goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."
More details on the documents, named Vault 7, are on the WikiLeaks website.
Photo © Cancillería del Ecuador (CC BY-SA 2.0). Cropped.
This story was originally reported by Business Reporter