Updated on: March 7, 2017 / 7:10 PM EST / CBS/AP
WikiLeaks dumps CIA docs
WikiLeaks releases CIA hacking documents "Vault 7"
02:31
WASHINGTON -- WikiLeaks published thousands of secret CIA files on Tuesday detailing hacking tools the government employs to break into users’ computers, mobile phones and even smart TVs.
Some companies that manufacture smart TVs include Apple, Google, Microsoft and Samsung.
The documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features intended to keep the private information of citizens and corporations safe from prying eyes. U.S. government employees, including President Trump, use many of the same products and internet services purportedly compromised by the tools.
“This is CIA’s Edward Snowden,” former CIA acting director Michael Morrell told CBS News Justice correspondent Jeff Pegues, referring to the former National Security Agency contractor who leaked millions of documents in 2013.
“This is huge, in terms of what it will tell the adversaries,” Morrell said. “We’ll he to essentially start over in building tools to get information from our adversaries, just like we did with Snowden.”
Vice President Mike Pence blasts the AP for publishing wife’s email address
The documents describe CIA efforts -- cooperating with friendly foreign governments and the NSA -- to subvert the world’s most popular technology platforms.
Some of the products affected include Apple’s iPhones and iPads, Google’s Android phones and Microsoft Windows operating system (desktop and laptops).
Details of WikiLeaks’ document releaseLargest publication of confidential documents about the CIACode-named “Vault7”Part 1 includes 8,761 documents from CIA’s Center for Cyber IntelligenceReveals direction of global hacking programInformation on agency’s malware arsenalClaims that CIA used products like iPhones and smart TVs as covert microphonesClaims that the CIA used its Langley HQ and U.S. consulate in Frankfurt, Germany as bases for its hackersBroad exchanges of tools and information among the CIA, NSA and other U.S. intelligence agencies
CNET reports that if the CIA could break into a phone’s operating system, the agency could potentially access not just encrypted data stored on devices, but also encrypted messages sent through popular services like WhatsApp, Signal and Telegram. The approach doesn’t break the encryption, CNET reports, but rather gives hackers the same access to messages that a regular user would he when unlocking their phone.
WhatsApp declined to comment. Open Whisper Systems, parent company of Signal, didn’t immediately respond to requests for comment. Telegram said on its website that the problem lies with operating systems and not encrypted messaging apps and that naming specific encrypted services is “misleading.”
WikiLeaks has a long track record of releasing top secret government documents, and experts who sifted through the material said it appeared legitimate.
The documents also include discussions about compromising some internet-connected televisions to turn them into listening posts. One document discusses hacking vehicle systems, indicating the CIA’s interest in hacking modern cars with sophisticated on-board computers.
RELEASE: Vault 7 Part 1 "Year Zero": Inside the CIA's global hacking force https://t.co/h5wzfrReyy pic.twitter.com/N2lxyHH9jp
— WikiLeaks (@wikileaks) March 7, 2017Missing from WikiLeaks’ trove are the actual hacking tools themselves, some of which were developed by government hackers while others were purchased from outsiders. WikiLeaks said it planned to oid distributing tools “until a consensus emerges” on the political nature of the CIA’s program and how such software could be analyzed, disarmed and published.
WikiLeaks founder Julian Assange “very happy” about fake news narrativeTuesday’s disclosure left anxious consumers who use the products with little recourse, since repairing the software vulnerabilities in ways that might block the tools’ effectiveness is the responsibility of leading technology companies. The revelations threatened to upend confidence in an Obama-era government program, the Vulnerability Equities Process, under which federal agencies warn technology companies about weaknesses in their software so they can be quickly fixed.
It was not immediately clear how WikiLeaks obtained the information, code-named “Vault7.” WikiLeaks said the material came from “an isolated, high-security network” inside the CIA’s Center for Cyber Intelligence but didn’t say whether the files were removed by a rogue employee or whether the theft involved hacking a federal contractor working for the CIA or perhaps breaking into a staging server where such information might he been temporarily stored.
“The archive appears to he been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive,” WikiLeaks said in a statement.
In a statement to CBS News, CIA spokesman Jonathan Liu said, “We do not comment on the authenticity or content of purported intelligence documents.” White House spokesman Sean Spicer also declined to comment.
Trump heatedly complains to CIA chief about leaks 03:04The tools described in the documents carried bizarre names, including Time Stomper, Fight Club, Jukebox, Bartender, Wild Turkey, Margarita and “RickyBobby,” a racecar-driving character in the comedy film, “Talladega Nights.”
That RickyBobby tool, the documents said, was intended to plant and harvest files on computers running “newer versions of Microsoft Windows and Windows Server.” It operated “as a lightweight implant for target computers” without raising warnings from antivirus or intrusion-detection software. It took advantage of files that he been included in Windows for at least 10 years.
The files include comments by CIA hackers boasting in slang language of their prowess. “You know we got the dankest Trojans and collection tools,” one reads.
The documents show broad exchanges of tools and information among the CIA, NSA and other U.S. intelligence agencies, as well as intelligence services of close allies Australia, Canada, New Zealand and the United Kingdom.
WikiLeaks claimed the CIA used both its Langley, Virginia, headquarters and the U.S. consulate in Frankfurt, Germany, as bases for its covert hackers. The AP found that one purported CIA hack that imitates the Domain Name System -- the internet’s phone book -- traced to an internet domain hosted in Germany.
CIA negligence sees it losing control of all cyber weapons arsenal sparking serious proliferation concerns #Vault7 https://t.co/mHaRNCr3Df pic.twitter.com/lwapDCKYt9
— WikiLeaks (@wikileaks) March 7, 2017Jake Williams, a security expert with Augusta, Georgia-based Rendition Infosec who has experience dealing with government hackers, said the files’ extensive references to operation security meant they were almost certainly government-backed. “I can’t fathom anyone fabricated that amount of operational security concern,” he said. “It rings true to me.”
In an unusual move, WikiLeaks said it was withholding some secrets inside the documents. Among them, it said it had withheld details of tens of thousands of “CIA targets and attack machines throughout Latin America, Europe and the United States.”
Key Trump surrogates once led fight vs. WikiLeaks and Assange
WikiLeaks also said its data included a “substantial library” of digital espionage techniques borrowed from other countries, including Russia.
The release represents yet another catastrophic breach for the U.S. intelligence community at the hands of WikiLeaks and its allies, which he repeatedly humbled Washington with the mass release of classified material, including from the State Department and the Pentagon.
WikiLeaks releases documents on CIA hacking 04:25Tuesday’s documents, purported to be from the CIA’s “Embedded Development Branch,” discuss techniques for injecting malicious code into computers protected by the personal security products of leading international anti-virus companies. They describe ways to trick anti-virus products from companies including Russia-based Kaspersky Lab, Romania-based BitDefender, Dutch-based G Technologies, F-Secure of Finland and Rising Antivirus, a Chinese company.
In the new trove, programmers also posted instructions for how to access user names and passwords in popular internet browsers.
Those browsers include Microsoft Internet Explorer, Google Chrome and Mozilla Firefox.
Under a list of references in one exchange, users were advised that “the following may be low traffic sites, sites in which it might be a good idea to disable JaScript, etc,” referring to a widely used internet programming language. “Remember, practice safe browsing, kidz!” they were told.
Some documents were classified “secret” or “top secret” and not for distribution to foreign nationals. One file said those classifications would protect deployed hacks from being “attributed” to the U.S. government. The practice of attribution, or identifying who was behind an intrusion, has been difficult for investigators probing sophisticated hacks that likely came from powerful nation-states.
WikiLeaks More
What did Julian Assange do? WikiLeaks' most significant document dumps
WikiLeaks' Assange back in Australia after long legal battle with U.S.
WikiLeaks' Assange can appeal against U.S. extradition, U.K. court rules
Assange's wife takes hope as Biden suggests U.S. could drop charges
U.K. court grants Assange chance to appeal against U.S. extradition
Central Intelligence Agency
© 2017 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.