The anti-secrecy site WikiLeaks released thousands of documents Tuesday that it claims detail a massive CIA hacking program targeting Windows operating systems, iPhones, and smart TVs—both in the U.S. and abroad.
WikiLeaks began a new series of leaks on March 7, when it released 8,761 documents revealing the CIA’s spying secrets. The collection, called Vault 7, contains material from 2013 to 2016. WikiLeaks claims it is the largest publication of confidential documents regarding the CIA ever released. MeriTalk and other independent media outlets have been unable to determine the authenticity of the documents.
According to the leaked documents, the CIA has the ability to hack iPhones, Android devices, smart vehicles, and Samsung smart televisions. The agency’s method of hacking smart TVs was developed in tandem with the United Kingdom’s MI5. Labeled “Weeping Angel,” this type of hack can turn on a smart television’s audio system and record someone’s conversation while he or she thinks the machine is off. “Weeping Angel” also suppresses the device’s LED lights to improve the look of the “Fake-Off” mode.
“The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell’s 1984, but ‘Weeping Angel,’ developed by the CIA’s Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization,” says a press release Wikileaks issued alongside the leaked documents.
Mobile devices and televisions are not the CIA’s only prey, according to Wikileaks. The agency also leads a substantial effort to “infect and control” Windows, OSx, and Linux users with malware. The CIA’s Automated Implant Branch (AIB) employs a virus called “Hammer Drill,” which tracks CD and DVD insertions and removals.
Techniques like “Hammer Drill” are crafted to defeat anti-virus utilities and Personal Security Products (PSP), WikiLeaks’ s press release states. One of the leaked documents, called “PSP/Debugger/Reverse Engineer Avoidance,” captures a discussion between two CIA hackers about consolidating tip sheets on how to bypass PSP detection and hamper efforts to run a program in a debugger.
“Ideally, I’d even like to see an Applied Engineering Division Tradecraft space with offshoots into subtopic areas like these,” said User #52497, whose real name WikiLeaks replaced with an identification number. “Heck, I’ll create one right now.”
The CIA’s malware is written carefully to avoid leaving “fingerprints” that would implicate the agency or its partners, WikiLeaks states. WikiLeaks compared the trail of the CIA’s hacks to finding the same knife on multiple murder victims. Over time, these clues make the agency look suspicious, the press release states. However, the CIA is covering its tracks with its UMBRAGE group, which manages a library of attack techniques and misdirects “fingerprints” to other hacking groups, including those located in the Russian Federation.
Although the CIA’s headquarters are in Langley, Va., WikiLeaks claims the agency also operates a base in Frankfurt, Germany. Under the guise of technical consultants for the State Department and armed with diplomatic passports, CIA hackers work in the Frankfurt Consulate to be closer to the cyber warfare occurring in Europe, the Middle East, and Asia.
According to Wikileaks, the hackers are instructed to “breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport.” CIA spies on the ground use USBs contaminated with malware to target a computer. The attack system “Fine Dining” includes 24 decoy applications; while the spy may appear to be presenting slides or showing videos, he or she is really using this system to hack into a computer.
“A number of the CIA’s electronic attack methods are designed for physical proximity,” Wikileaks stated in its release. “But while the decoy application is on the screen, the underlaying system is automatically infected and ransacked.”