WASHINGTON (CN) – Master hackers of the CIA can break into personal computers, smart phones, smart televisions and even smart cars, according to thousands of pages of documents WikiLeaks unloaded online Tuesday.
As news media outlets scrambled to authenticate the documents, WikiLeaks founder Julian Assange declared the document dump — dubbed Vault 7 — the largest leak of its kind ever.
Assange said the documents expose the “entire hacking capacity of the CIA.” They include more than 7,000 pages, millions of lines of embedded computer code, and several hundred attachments included.
Revealed in the pages are how professionally groomed CIA hackers and other intelligence officials, including those of foreign governments, engaged in a training system and frequently exchanged information on how to bypass password protections, antivirus software and other forms of encryption methods with relative ease.
The documents suggest devices manufactured by Samsung, Android and Apple were readily hacked by agents.
Throughout the documents, a variety of covert techniques and programs used to collect audio and video streams live from their user’s devices are given names worthy of a tawdry suspense novel.
For instance, Weeping Angel, one such covert program, taps into Samsung’s smart televisions, offering hackers a window into the private citizen’s world.
“The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS,” a statement from WikiLeaks said. “After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on.”
In that mode, “the TV operates as a bug, recording conversations in the room and sending them over the internet to a covert CIA server,” the statement said.
The story may sound familiar. In 2015, it was revealed that Samsung acknowledged a threat to privacy in its terms of service for its own smart televisions.
“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of voice recognition,” the company’s warning said.
The secretive surveillance is said to go as far back as 2013. WikiLeaks claims that since then, the CIA has expanded its actions to include “infecting the vehicle control systems used by modern cars and trucks.”
Admitting that “the purpose of such control is not specified, [it] would permit the CIA to engage in nearly undetectable assassinations,” Assange claimed on Tuesday.
Assange said the source of the documents worked with WikiLeaks to piece together an organizational chart that reveals the supposed hacker chain of command at the CIA.
One of those divisions, dubbed the CIA’s Mobile Devices Branch, also “developed numerous attacks to remotely hack and control popular smart phones.”
Those infected phones can be programmed to report a user’s geolocation. Audio and text communications can also be covertly activated. A phone’s camera and microphone can also be tapped undetected, the documents claim, whether the phone is on or off.
An offshoot of the CIA’s Mobile Devices Branch, called the Mobile Development Branch, is also said to have actively produced malware to “infest and control” data from iPhones and other Apple products running an iOS system. Tablets and iPads are not exempt from the spying, WikiLeaks said.
The National Security Agency, FBI and the UK’s Government Communications Headquarters are said to have purchased the malware. Another program, given the arguably apt name of UMBRAGE – a noun which is defined as an annoyance in modern parlance or a shade or shadow cast by trees in archaic English – contained a massive collection of cyber attack methods produced by foreign governments including the Russian federation, the release said.
UMBRAGE supposedly allows for CIA hackers to cover up their cyberattack tracks and lead would- be investigators to a dead end. UMBRAGE and its related projects “cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from,” the release said.
This goes for password collection, webcam capture and several other components as well.
Another program, tucked away in the release’s many folds, is one called MaddeningWhispers. The program runs as a daemon, or background process, which is not under control by the device user, but rather by an external user.
The whimsical code name could be a call out to a spell used in the popular computer game World of Warcraft.
In the game, muttering the Maddening Whispers spell forces the players words to “burrow into your foe’s minds like hungry maggots, spawning dark and disturbing thoughts,” according to a World of Warcraft gamer database.
The leak itself proves something far more nefarious in real time, according to Assange. In his assessment, Vault 7 reveals the ominous reality that these weapons “are not possible to keep under effective control,” the release said.
“While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber weapons, once developed, are very hard to retain,” Assange said.
He also warned that cyber weapons can be pirated just like any other and further, “since they are entirely comprised of information they can be copied quickly with no marginal cost.”
In a statement, Samsung, one of the technology firms whose products appear to have been hacked by the CIA, said “protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter.”
Representatives from the NSA, FBI, Google, Apple, HTC and Sony did not immediately return requests for comment.
When reached by phone this morning, a representative from the CIA, Heather Fritz Horniack said the intelligence agency would not comment on the authenticity of the claims found in Vault 7.