Washington, March 8: Anti-secrecy organisation WikiLeaks on Tuesday released thousands of documents that it said described sophisticated software tools used by the Central Intelligence Agency (CIA) to break into smartphones, computers and even Internet-connected televisions.
The initial release, which WikiLeaks said was only the first part of the document collection, included 7,818 web pages with 943 attachments, The New York Times quoted the group as saying. The entire archive of the CIA material consists of several hundred million lines of computer code, it said.
Among other disclosures, the WikiLeaks release said that the CIA and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram.
According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”
The source of the documents was not named. WikiLeaks said the documents, which it called Vault 7, had been “circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive.”
WikiLeaks said the source, in a statement, set out policy questions that “urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.”
The source, the group said, “wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.”
The documents, from the CIA’s Centre for Cyber Intelligence, are dated from 2013 to 2016, and WikiLeaks described them as “the largest ever publication of confidential documents on the agency.”
A CIA spokesman, Dean Boyd, said, “We do not comment on the authenticity or content of purported intelligence documents.”
Some of the details of the CIA programmes might have come from the plot of a spy novel for the cyberage, revealing numerous highly classified — and in some cases, exotic — hacking programmes, The NYT added.
One, code-named Weeping Angel, uses Samsung “smart” televisions as covert listening devices. According to the WikiLeaks news release, even when it appears to be turned off, the television “operates as a bug, recording conversations in the room and sending them over the internet to a covert CIA server.”
The release said the programme was developed in cooperation with British intelligence.
Since their release, internet-connected televisions have been a focus for hackers and cybersecurity experts, many of whom see the sets’ ability to record and transmit conversations as a potentially dangerous vulnerability.
In early 2015, Samsung appeared to acknowledge the televisions posed a risk to privacy. The fine print terms of service included with its smart TVs said that the television sets could capture background conversations, and that they could be passed on to third parties.
The company also provided a remarkably blunt warning: Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.
Another programme described in the documents, named Umbrage, is a voluminous library of cyberattack techniques that the CIA has collected from malware produced by other countries, including Russia. According to the WikiLeaks release, the large number of techniques allows the CIA to mask the origin of some of its cyberattacks and confuse forensic investigators.