WikiLeaks on Tuesday released “Year Zero,” a supposed trove of 8,761 “documents and files from an isolated high-security network situated inside the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia.”
WikiLeaks said this is the first in a “series” of intelligence leaks, called Vault 7, that will comprise the largest intelligence dump in history. The documents detail CIA weapons, tactics, vulnerabilities, operations and strategies available to and used by cyberintelligence officers operating inside or on behalf of the CCI. WikiLeaks claimed the information inside is as recent as 2016; NSA hacker Edward Snowden later said the documents appear to be legitimate.
Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.— Edward Snowden (@Snowden) March 7, 2017
“Year Zero” reportedly reveals hacks, exploits and “Zero Day” vulnerabilities in operating systems, hardware, software and devices used by nearly every American and millions of people across the globe. WikiLeaks said the CIA can exploit holes in every available operating system and antivirus, including Android and iOS, as well as encrypted messaging apps like Signal. WikiLeaks said the documents detail exploits on “smart” devices to activate microphones and cameras even when the owners of such devices attempt to turn them off.
WikiLeaks claimed that instead of revealing software and hardware weaknesses, the CIA collected them, adding them to an ever-growing arsenal of available cyberweapons. The dump also purportedly details the agency’s direction and interest in developing new capabilities. That includes the operating systems behind self-driving cars, for example, to which the CCI was working to gain access, WikiLeaks said.
Wikileaks said CIA operatives “lost control” of “the majority” of its hacking arsenal, millions of lines of code that include “malware, viruses, trojans, weaponized 'Zero Day' exploits, malware remote control systems and associated documentation” and amount to what they say is the “entire hacking capacity of the CIA.” WikiLeaks said the arsenal has already been removed from the CIA and distributed to former government hackers and contractors in “an unauthorized manner.” WikiLeaks cited one of those recipients as their source, while keeping the recipient’s identity anonymous.
The individual who provided these documents leaked the secrets to press debate over the scope and capabilities of CIA cyber-weaponry, WikiLeaks said. That includes “whether the CIA’s hacking capabilities exceed its mandated powers” and “the problem of public oversight of the agency," WikiLeaks said.
“The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons,” says the WikiLeaks release. If legitimate, the cyberweapons and vulnerabilities contained in the “Year Zero” release alone reveal a more capable cyberintelligence architecture than Americans have ever known.
In communications, WikiLeaks seems to paint the release as an indictment of a reckless CIA. WikiLeaks wrote that “once a single cyber ‘weapon’ is ‘loose,’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.”