WikiLeaks on Tuesday published a massive trove of documents purportedly pertaining to the CIA’s hacking programs — the first of many document dumps the site says it has coming on the intelligence agency.
The documents contain descriptions of hacking tools, engineering notes, internal communications and more. The release did not immediately appear to have included the tools themselves, and agent names have been redacted.
This is the first leak from a CIA project the site is calling “Vault 7.” WikiLeaks first released an encrypted version of this batch of documents, nicknamed “Year Zero,” on Twitter late Monday.
The site provided a password for the documents around 8 a.m. Tuesday, about an hour before the documents’ intended release time, due to alleged cyberattacks on the online press conference that WikiLeaks head Julian Assange tried to host in advance of the release.
"'Year Zero’, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina [sic],” a press release accompanying the leaks read.
The leaks reveal a hacking operations center called the Center for Cyber Intelligence Europe based out of the Frankfurt Consulate.
An acclimation guide for operatives rotating in for temporary duty at the center explains some of the lesser tradecraft involved in working in the covert base. For example, if asked “Why are you here?” it says to answer: "Supporting technical consultations at the Consulate."
But it also reveals some of the banalities of life traveling for the agency. The guide gives advice on how to manage finances — get a travel credit card, make sure to leave with as few euros as possible — warns that grocery stores might be closed for new agents arriving in Germany on a Sunday and recommends recruits send their own diplomatic cables regarding their move to Germany in order to learn how to send cables.
“Seriously, if you have never written a cable in your entire career, do it yourself. Learn to write a cable: believe it or not, it's a handy skill,” the guide reads.
The guide also provides travel tips — “Flying Lufthansa: Booze is free so enjoy (within reason)! Flying United: My condolences, but at least you are earning a United leg towards a status increase” — and suggests taking advantage of duty-free stores in the airport before returning stateside — “Buy something in Duty Free, because you're awesome and you deserve it! (Might I recommend a travellers' edition single malt whisky?”
The leaks also include forums for improving hacking operations. One notes that researchers at Kaspersky Lab uncovered an National Security Agency-affiliated hacking toolkit known as the Equation Group, and asks agents to spitball methods of not being similarly discovered.
Hacking tools detailed in the leaks include mobile device breaching tools for both iPhone and Android, defeating antivirus programs and a program developed with Britain to hack Samsung smart televisions known as “Weeping Angel.”
"Weeping Angel" lets the television appear off while actually being on.
Other tools allowed for hackers who had to breach networks on-site to appear to be doing other things, including playing video games such as Brickout or listening to music.
WikiLeaks’s press release cites an executive order it claims President Trump signed in February “calling for a 'Cyberwar' review to be prepared within 30 days.”
The press release says “the timeliness and relevance” of the leaks is aided by the order.
In fact, Trump has not signed an executive order on cybersecurity, though he has come close — even going so far as having the press briefed on an executive order before a scheduled signing event.
WikiLeaks ends its press release on "Year Zero" with a Q-and-A, including encouragement to citizen and professional journalists alike to delve into the documents and find more interesting stories.
“Won't other journalists find all the best stories before me?
“Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.”
Updated at 10:28 a.m.