WikiLeaks Unveils Treasure Trove Of CIA Documents

The latest from WikiLeaks is the largest collection of documents ever released from the CIA. The release, called ‘Vault 7: CIA Hacking Tools Revealed’, is the CIA’s hacking arsenal.

While Vault 7 is only the first part in a series of leaks of documents from the CIA, this leak is itself massive. The documents, available on the WikiLeaks site and available as a torrent, detail the extent of the CIA’s hacking program.

Of note, the CIA has developed numerous 0-day exploits for iOS and Android devices. The ‘Weeping Angel’ exploit for Samsung smart TVs,  “places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on.” This Fake-Off mode enables a microphone in the TV, records communications in the room, and sends these recordings to a CIA server. Additionally, the CIA has also developed tools to take over vehicle control systems. The purpose of such tools is speculative but could be used to send a moving car off the road.

It is not an exaggeration to say this is the most significant leak from a government agency since Snowden, and possibly since the Pentagon Papers. This is the documentation for the CIA’s cyberwarfare program, and there are more leaks to come. It will be a while until interested parties — Hackaday included — can make sense of this leak, but until then WikiLeaks has published a directory of this release.

Header image source (CC BY 2.0)

121 thoughts on “WikiLeaks Unveils Treasure Trove Of CIA Documents

  1. “Conform with all directives
    Remember obedience pays
    and when you watch that TV Screen
    remembers it works both ways”

    Don’t forget Big Brother is watching you!

    1. Got a smart TV that ONLY gets used as a PC monitor:
      Fixed the first bugs I found: couple moths and a failed voltage divider for the backlight #Enable signal.

      Found no microphones or cameras (they are supposed to be optional extras via USB anyway) But contains a WiFi module (Not sure if the monitor will still power on without said module because: SONY!)

      Got little to hide: Only the eery, creepy feeling of being watched, mainly.

      1. It don’t have to be a human operator watching, Heck an AI watching and making baseless judgements…. Especially when it is a foreign agency (Relative to my home country) whom their Gov’t involves the infamous name like Trump!

          1. That project was started 10 years ago (Bush era). It was continued under the Obama administration, which leads to think that both obey to the very same boss.

        1. Please, PLEASE don’t turn HaD into a reddit circle jerk. This isn’t a place for politics, and so far, the staff has done a good job of seeing it doesn’t become “just another controlled narrative”. I’m here for cool hacks and revelations involving far-reaching surveillance. Thanks.

          1. Correct: The pun came from the story of the first computer bug: A moth in a vacuum tube.

            Extra information relating above posts:
            Also seems that my comment lasted well past when interest dwindled from this blog-post without it being labeled “tin-foil hatter” material.

            Key points:
            State something mildly “technical”,
            Have something of a claim to make,
            Point out a common concern: Discomfort
            Show at least some kind of experience/research/speculation.

            Shortening the comments by bundling the Key Points into single sentences should help the ease of reading and become very difficult to palm off as BS-Theories without the nay-sayer looking completely stupid. (End Of Current Observation)

    1. “the CIA documents highlighted the desirability of virtually undetectable assassinations”
      where? in the just-released stash of docs? or are you referring to the Church committees?

  2. Not a hack. Er, wait…

    In all seriousness though, i find this to be clickbait by hackaday standards. I was hoping that in reading my 10th Vault 7 article today that HAD would put some novel analysis or extended thought into the news (considering you can download the source material) but this isn’t any different from the other opportunistic news outlets that have reported on the leak.

    Brian i love 95% of what you write but this feels rushed.

    1. I don’t see how this can be called clickbait. The title was clear to me at least. Now it it had read “WikiLeaks Unveils Treasure Trove of CIA Documents, AND WHAT WE FOUND WILL SHOCK YOU!” – then you might have a point. ;)

      1. “By hackaday standards” by which I mean i hold hackaday to higher standards with regard to tech and security topics than, say, buzzfeed.

        The article took today’s big news headline and provided no additonal commentary over that which has already been provided by other decidedly less technical news outlets.

        Inb4 go away and stop commenting: I am only trying to provide constructive criticism. I’m a big fan of hackaday.

    2. Not clickbait.
      Headline: wikileaks has published crapload of CIA documents.
      Article: wikileaks has published crapload of CIA documents.
      The mere fact that this has happened warrants a post here, analysis of content will follow soon. Right Brian?

      1. We discussed how to approach this. It’s clearly important breaking news, and we’d never get an in-depth story written up in any reasonable timeframe. So we went with a quick heads-up piece just to get it out the door.

        So yeah. There’s not much more here than a quickie blog-post pointing the reader to the largest ever leak, ever. If there’s more to say later, and we can add some of the Hackaday standards that you crave, we’ll be on it.

    3. Anybody claiming clickbait needs first sit back and examine why THEY clicked it instead of rushing off elsewhere to find the source material to download the real meat and potatoes and do their own cooking instead of going for the pre-prepared, osterized, sugared up, and prime tasty bits of baby food in the ez-open package for a quick thrill.

      He’s doing exactly what his job calls for. Tasted it and reporting the flavors found so you can determine if it’s your kinda dish to go and cook for yourself. AKA a service to the readers. A synopsis respectfully presented for your consideration in case you are allergic to shrimp or peanuts.

      1. And it is legal, it is in the T&C’s, so is totally Ok.

        The original was term was “Any information collected in this way, for example, your UGM, the content of your voice and text communications, video of your game play, the time and location of your activities, and your name, your PSN Online ID and IP address, may be used by us or our affiliated companies,” the section reads. “This information may be passed to the police or other appropriate authorities. By accepting these Software Usage Terms, you expressly consent to this”

        The wording has changed a bit to make it sound less like big brother, but legally it is unchanged. https://www.playstation.com/en-us/network/legal/terms-of-service/

      1. did you search twitter ? e.g. plug “site:twitter.com SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds” into your search engine of choice, and then look 24 hours earlier ?

  3. Unless I’m missing something, there’s FUD at work here. The link to vehicle control systems goes to what appear to be meeting minutes where they’re discussing what they _might_ work on, one of which is vehicle control systems.

    Just because they say that QNX and VxWorks aren’t being looked at doesn’t mean that everything else is…

  4. Any “exploit” or ‘zero day’ to try and take over a vehicle is very dubious at best. You would need a direct hardwire connection to it’s CAN bus – or – alternatively, I suppose a wifi vector is another possibility. You ain’t making the car steering wheel veer off course (unless it’s electric steering). Worst case (on a vehicle with rack and pinion steering), the only possible attack methodologies would be to mess with the anti-lock brakes, and/or throttle by wire systems – that’s presuming you have access to the car’s systems in the first place (oh, there’s that pesky cable into CAN bus issue – or – being in vicinity for a speculative wifi channel… and that’s assuming the code has been modified to permit access to the CAN bus via wifi – which again, is very iffy).

    With electric steering you could spoof the steering wheel position sensor – again, if you had access to the data bus.

    1. An attack on vehicle stability control systems could cause a car to go off the road. Also electric power steering is becoming common.

      There was an attack described a couple of years ago that used the Onstar system as a bridge to the CAN bus and allowed access to brakes and other systems via a phone call.

      1. Re-read the post.. ABS/TBW were mentioned. Accessing CAN-bus via Onstar to monitor data is one thing. I can’t find the specific vaporware you speak of that “attacks” the ‘brakes and other systems via a phone call’. You would need a command(s) to modulate the ABS BPMV hardware – if I recall that was proprietary to the manufacturer…in any case, this is the FUD factor… an extremely low probability event – but hey someone makes revenue from spreading this type of FUD.

        If you want to clip/whack/cancel someone, just run their ass off the road – a hell of a lot simpler… or I suppose in a deniable plausibility scenario, an “accident” a specific mark experienced leading to their death, that subsequent investigation reveals driver error, could have it’s advantages.

        1. I remember the article that Bill is talking about.. and no it is not vaporware… If I remember correctly they exploited an over the air (onstar) software upgrade feature in the cars entertainment system. Injected their own code and were able to receive and transmit onto the cars Can bus via the cpu in the radio. It took some experimenting and precise timing to inject their commands at the right time, but they were able to affect the steering and breaks while the car was being driven.

          1. Confirmed. I watched the program. The exploit was demonstrated on primetime television to the whole nation with over a full week of commercials trying to get your attention to watch this episode. 18-24 months ago best I recall. Driver was negotiating a roadcourse of cones wherein both braking and steering were hacked to repeatedly and successfully render control from the driver such that the vehicle would leave the course and/or come to a halt. The equipment in use was a laptop with cellular, and all they needed was to dial your vehicle and send the hack.

          2. Allright, so let’s examine this from the perspective of causing this imaginary mayhem for some sinister purpose (related to making an individual – hmm, “go away” – *forever*). Scenario described (onstar), means you need specific intel on the target vehicle. If you already have that, why bother with all this complicated “crypto-nerd” nonsense ?

            Just pay off a gang-banger $100 to ‘take care of business’. Hell, I used to pay-off the “jocks” as ‘collection agents’ on my old college campus when I was the un-official “loan officer”.

            Some of you geeks are pathetic. Can’t see the forest thru the trees. What counts is the end result – not how you achieve it. It’s presumed if you’re gonna fuck with someones car to cause a crash – use the simplest methods available !

            https://xkcd.com/538/

          3. Number two – it’s to Make it look like an accident. Some goon takes out snowdon or Kim Jong-nam, everyone knows who did it even if it can’t be proven. If they crash their cars on an empty road, much less likely to call foul play.

      1. Do you have a financial interest in the “security business” ? Idiot – if this were so common place, where are the actual deliverables that can make it happen ? Oh, that’s right – they don’t exist in a practical/field usable form. Even if they did, it’s worthless to the average fixer. Much easier/simpler ways to ‘take care of business’ when you want to remove a troublemaker from the equation.

    2. “You would need a direct hardwire connection to it’s CAN bus”

      How often does one look at their vehicle’s diagnostic connector to see if something is plugged into it? Opening your car doors to install it is not a problem, especially if your car uses keyless entry as most of them do.

    3. The widely publicized Fiat-Chrysler hack exploited an attack vector on Harmon radios where dbus was left open on the attached LTE modem in the car. The attackers (security researchers) browsed the dbus service directory, also open. Saw a software update service for the micro that white-list firewalls traffic to/from the CAN bus (Renesas RH850) and main infotainment processor. Then they crafted a jump bug in the RH850 firmware to alter it’s behavior while keeping all of the presence patterns in-tact (there is no formal firmware hash – doh!) And that allowed them to send whatever they wanted to the attached CAN buses from potentially half-way around the world.

      Things like this tend to happen when companies outsource 95% of their labor demands to Hyderabad because American teens are too preoccupied with Twitter and Vine to learn technically challenging professions in 2017.

      The CIA leak is a good thing. It should cause every company to take deeper stock of their security apparatus and increase investments.

      1. “Things like this tend to happen when companies outsource 95% of their labor demands to Hyderabad because American teens are too preoccupied with Twitter and Vine to learn technically challenging professions in 2017.”

        Fuck that. Outsourcing is not the fault of the technical employees: the blame lies with management, looking to cut costs in any way possible.

      1. Very good point that I hadn’t thought of before! Plus if the car has traction control, you can control any wheel independently. And even be able to pulse the brakes many times a second… so steering with the brakes without really slowing the vehicle down much

  5. I truly do not understand why everyone is so shocked when accusations like this are brought to the public eye. Ive lived my life always under the impression that if someone wanted into my personal life in such ways, it could easily be done. I feel that everyone that comes to this site should know how easy such a task could be, not saying we are elite due to knowledge, but many here work with and know enough about the internal workings of gadgets and software to see how easy it is for such devices to be used against us, and we have incorporated this stuff into our lives. I am truly shocked when I hear people talk about ways to disable their smart TVs, or the extent to which they go through with their computers, phones and vehicles. Sheeples! If you do not trust it, why let in your life to begin with! No one needs a smart phone! Or smart TV! I actually know someone who brags about the great price he paid for a smart TV, but actually will go outside (with his cell phone clipped to his side) to talk personal matters because the TV or Xbox might hear. The one thing these devices do, without ever being hacked, is collect personal information about you, every app you install, every drive you make, every show you watch, every song you play, some piece of data is collected. That is called profiling, and from that, patterns emerge. This information is sold, for pennies, to anyone and everyone. it has always been and always will be my belief that governments are the biggest customer to these companies for this data. It’s a fucked up combo of Santa clause “he knows when you’ve been sleeping” and stings “I’ll be watching you”. Why hack when you can go to the sources and buy everything you need, very very cheap, with the tax money of the people whom you want the data? Take all that info, all of it, push that shit into a super computer or database, a handful of algorithms, you got yourself a very nice picture of the everyday lives of everyone, literally, at your fingertips. Anything unusual? Then break out these tools they have.
    Welcome to the 21rst century bitches!!!!!!!

    1. most people, including me don’t care. Some neckbeards make noise now and again, but then it goes away. I’ve assumed all my electronic data were accessible by the spooks and whomever for about 15 years. ISn’t that when we found out the NSA had closets in all the telco hubs and were like the largest customer of seagate by a huge margin??

      1. I feel like this apathy is a major problem. Even if you have nothing to hide, who is to say that in the future our great government won’t decide that hardware hackers are a threat? If that happens, they have a 20 year backlog to go and find something wrong to lock you up for.
        That being said, you at least know the level of technology being levied against you when you dismiss it. I feel like most non-tech savvy people don’t even understand the vast spectrum of digital weapons being brought to bear on their personal information and just hand-wave it away in dismissal. Reminds me of an interview in which people were told the NSA was spying on them, and no one could care. The interveiwer then asked if they were fine with the NSA accessing any nude pics they may have sent and they were suddenly up in arms, lol

    2. “if someone wanted into my personal life in such ways, it could easily be done”

      Exactly, even without giving away everything voluntarily via use of social media concerns like Facebook. These days, the 1984 “Telescreens” are paid for and installed by the potential targets themselves.

    3. People want entertainment, regular TV is a poor provider so people use netflix and amazon and hulu and all that, that means you need to connect to the internet, and that is why people allow TV’s onto the internet. So the word ‘need’ is a bit vague in the way you throw it around.

      1. Oh. My. God.
        It has been decades since I read that book, and I really, honestly forgot. But you have just summarized a large part of today’s society.

        War is Peace: As long as the industry roars, there will be jobs and wellbeing. And war destroys goods which have to be replaced and gives an excuse to strike down any movements that might endanger the public order. Check.
        Freedom is Slavery: Being free implies to be responsible for your decisions, and, of course, to make those decisions beforehand. This actually is hard work and is unpleasant at times. Check.
        Ignorance is Strength: The less I know the less I am susceptible to arguments. Either your point of view is identical to mine or I just can’t understand what you say and I can ignore you completely. I will never have to doubt anything, while you will never be completely sure. Check.

        Who says that oppression needs brutal force, there are people who just need someone to show them a way…

        Excuse me, while I will cringe a bit…

  6. Why such leaks comes only from CIA, NSA (USA agencies) likes if other countries doesn’t do it?
    Russia, China, UK, name it, they all spy. Is wikileaks biased?

      1. “Maybe the amount of leaks are proportional to the extent of the surveillance?”

        Exactly what I was thinking – proportional to the size of the effort and, therefore, the number of people involved. In anything other than a total dystopian police state, TRUST in those with clearances is a huge part of the security equation. The more people involved, the more likely someone is going to violate that trust.

      2. Also, it maybe have something to do with a culture of free thinking, dignity and responsibility among the people. I hate to say it but I think U.S citizens better us europeans in that regard.

    1. Mike Pence used an AOL email account while he was the governor for Indiana and it was hacked. Where are those emails? Yes, Wikileaks is biased and not necessarily on our side. Despite the apparent value of knowing what the CIA can do with these hacking tools.

    2. Yes, they have a definite preference for targeting the US government; they haven’t published anything like a treasure trove of Russian intel documents or the source code for the Great Firewall of China. I think it’s most likely bias, although people leaking US documents may be less afraid of ending up buried in an unmarked grave.

    3. It’s all about budget and intent, the US is driven to spend trillions on spying, many other countries are less concerned with what normal people do and more interested in hacking into lucrative and militarily beneficial stuff of a few select organisations. They want plans to the newest missiles not to hear your inane discussions in front of your TV, only the US want to invade every damn normal person on the world’s privacy and has the budget to do so in a massive scale and store it all.

      It’s the same with the military, all countries have armies, the US though has a budget for their armed services equaling all the other ‘big’ players combined.. times 10.

      As RT recently said for example: Trump want to increase the US army’s budget with an amount greater than the entire budget of Russia’s armed services.

  7. Allegedly the tools themselves will be released once they are able to neuter them or have given software companies enough time to patch the vulnerabilities. Kali is going to get some great new additions!!!

  8. Good job CIA, good job. Now everyone, including China, Russia, UK, and even your neighborhood script kiddie can spy on everyone else.

    To fix this, I propose 3 things.

    1. Use their own weapon to dig up and publish as much dirt as possible on existing politicians, “intel” (spy) community, etc. Maybe this will wake them up to ban such practices – because now their own ass is on the line as well. Maybe following laws is a good thing, eh?

    2. Create as much fake/misleading data as possible. For example, even if you are janitor living in Sweden, create multiple profiles portraying you as PhD living in China, pornstar in Italy, yak herder in Mongolia, etc. Rubbish data is useless and can confuse even humans.

    3. Steganography. https://en.wikipedia.org/wiki/Steganography

    Trump was right, as always. He only found the news out few days earlier than news outlets, as usual. They are spying on everyone, all the time.

    1. Always perfectly possible even before it was apparently revealed in this batch of materials (which I have not looked at except in the summary) is that it is possible to frame an entire country using their own hacking tools and/or by compromising and using the tools and network assets of a highly competent civilian hacker team within another country… like the “only the stupid would fall for it” script kiddie level phishing attack against the Dem Podesta that compromised his email account and the attacks against the DNC which were riddled with clues left behind allowing them to be traced back to Eastern Europe. The tools used were apparently freely available in the hacker community and since civilian hacker groups don’t care about leaving source clues in their malware, there were source tells in the malware. Any competent STATE SPONSORED group would not leave behind such evidence. And yet, it was “the Russians.”

      Ask yourself what country absolutely loves Trump, but would want to discredit Russia due to their alliance with Syria and Iran, and has a very capable state sponsored cyber warfare team. There is only one and they were apparently the most significant partner in Stuxnet’s creation. Also, if they were involved, we in the US would NEVER be told they were. Instead, their framed target would be blamed.

      1. Yeah exactly, the ‘evidence; was not consistent with what a ‘state player’ would do.
        There is though the sudden arrest of that top guy in Russia for working for the US money, which makes it possible that that was because Putin realized they are actually bugging Putin’s phone/computer/house/TV/etcetera and that he realized it because they knew too much which they could only know if he was bugged?
        It’s a complex world of FUD and counter-FUD and impossible for us to be sure what’s going on, except that we know we aren’t safe – and that we know they lie, they all lie.

  9. Thanks for copy-pasting the main article page *eyeroll*

    Wikileaks does love to be dramatic, though…

    What is the total size of “Vault 7”?
    The series is the largest intelligence publication in history.

    Has WikiLeaks already ‘mined’ all the best stories?
    No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They’re there. Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.

    Won’t other journalists find all the best stories before me?
    Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.

    1. What I already noticed is that the mainstream media now reports it as ‘stuff Wikileaks stole’, whereas we all know Wikileaks is only the conduit, but to fit in with their previous ‘Russia hacked the brains of all Americans’ story where Wikileaks was the ‘commie-controlled hacker’ they continue this nonsense where Assange is personally hacking the noble and good people of the CIA, the heroes you know.

    1. In some of them it is. Others, more or less just a single photoresistor, because that’s all that’s needed and has very little additional hardware or firmware to use in comparison to a camera.

    2. They can just turn on any or all phone mics so it’s rare that they would need a TV to do it. maybe in baghdadi’s bunker or some such it might come in handy though.
      Incidentally, even the public already noticed that you can switch any headphone over to become a mic in modern audio codecs, so there is that alternative too. That probably won’t work for amplified speakers though unless specifically provisioned for it .

  10. The most insecure component of any security infrastructure is the users themselves. Yet for some reason security IT professionals are more concerned with firewall rules and ACL lists than psych evaluations and employee feedback.

  11. After Snowden many governments and companies have meetings now where phones aren’t allowed in the room. And rightly so, even if you aren’t worried about spooks there is always the competition to worry about.

      1. Yeah but there is also nothing new in these “leaks” correct? I’m not interesting in what a less competent idiots refuse to believe.

        Has anyone found anything that can’t actually be linked back to an already openly discussed theoretical vulnerability? It is like the Snowden dump, which was 100% old and obvious hacks. It is the lack of novelty in these leaks that has me suspicious. I am not judging there authenticity, just pointing out an anomaly and the fact that if they are all known hacks then we should be assuming every single goverment and interested organisation in the world is potentially doing the same. This is in fact what I have always assumed and I know I am not alone in this.

  12. CIA has shtlod of taxpayer money available, so they are always (and will be) at least 2 steps ahead of the state-of-the-art computer security.

    But the funny thing is, even if they spend 10x more money, they will be unable to stop most new attacks. Because the new attacks are mostly “lone wolf” type, where the gunman does not communicate with anyone before the murders begin.

  13. Counterintelligence people. If Wikileaks got it and the CIA didn’t want them to have it, would Assange be alive right now?

    There’s probably claims inside the remainder of the documents about UFO and alien contact and perpetual energy….

    What I thought was a hoot was Snowden acting like he’s still relevant saying “this looks legit.” Sorry traitor, nobody cares what you think. There’s a large difference between the trending of data and spying…but then you had to go and tip off the world. Why? Do you truly think you changed anything.

    Take whatever WikiLeaks sends out with a pound of salt. They have some agenda, and it appears to be focused on our country rather than any other.

    1. We all know that Russia and China are “bad”, because Western propaganda (sorry, media) has been telling us that for decades. “Now” we know that USA is also bad. So: no moral authority remaining.

      1. Bad depends on your point of view. I’ve been to Russia, not to China. The people who live in Russia are no different from the people in the US. They only want to live their lives in peace and have their children do better than they did. What’s bad is the agencies within each government that push policies that benefit those within that country that are in and wish to remain in power. As a side effect the populace is kept in a somewhat protected state.

        And I challenge your “no moral authority remaining” statement. The United States has done plenty for the world in the past 100 years. Plenty of humanitarian missions occur funded by the taxpayer and provided by the government of this country. No, it’s not perfect, and gasp….our Central Intelligence Agency spies on people. Whole lot of no kidding going on there. You think the other powerful nations of the world DON’T spy on people? What separates us from Russia and China is that we try to do good things…we fail on occasion, but imagine what would be if we became an isolated country and didn’t help via humanitarian and military operations. Might want to bone up on your Russian and Mandarin.

        1. Heh. Count the number of foreign civilians killed by USA, China, and USSR/Russia in the last 80 years. USA wins hands down. From napalm in Japan, Korea and Vietnam, to firebombing the German cities, to weddings in Afghanistan. And many, many other countries. USA wins hands down in butchery. And no, killing of civilians cannot be justified.

  14. My discoveries predate this by several weeks, had some interest from TLA’s as they weren’t even aware of the zeroday in question until I posted it on “El Reg”.
    Seems that many phones with FM radios “chirp” even if the power is off and can be made to do so using a malformed SMS, tested on Nokia 110 among others. No wonder the battery kept running down!

  15. I respectfully disagree. Single killer working alone will almost always pass. Terrorists have already adjusted their tactics accordingly. Of the last 10 or so shootings/mass murders, most were committed by single guys. There is almost no defense against that, since everyone can grab a knife and go to a shopping mall. All CIAs, FBIs, and polices of the world will not help.

  16. Try this experiment.
    1. You and your friend connect to the same wifi.
    2. Pull out your phone and put the ok Google search bar on your scree. Withouth activating it,
    3. Have your friend come up with a random topic and tell you out loud.
    4. Type in said topic and count the letters you had to type before Google suggested your topic.

Leave a Reply to TruthCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.