The CIA has become the preeminent hacking operation, sneaking into high-tech phones and televisions to spy on people worldwide, according to an explosive WikiLeaks publication of purported internal CIA documents on Tuesday.
To hide its operations, the CIA routinely adopted hacking techniques that enabled them to appear as if they were hackers in Russia, WikiLeaks said.
WikiLeaks also claimed that nearly all of the CIA’s arsenal of privacy-crushing cyberweapons have been stolen, and the tools are potentially in the hands of criminals and foreign spies.
WikiLeaks claimed the stolen tools ended up in the hands of “former U.S. government hackers and contractors… one of whom” leaked documents to WikiLeaks.
U.S. Rep. Ted Lieu of California called for an immediate congressional investigation.
“I am deeply disturbed by the allegation that the CIA lost its arsenal of hacking tools. The ramifications could be devastating,” he said in a statement. “”We need to know if the CIA lost control of its hacking tools, who may have those tools, and how do we now protect the privacy of Americans.”
“The potential privacy concerns are mind-boggling,” he said.
WikiLeaks said it published the documents to show the potentially hazardous ramifications of the CIA’s covert hacking program — and the massive theft of those tools.
“There is an extreme proliferation risk in the development of cyber ‘weapons,'” said WikiLeaks editor Julian Assange in a statement.
WikiLeaks, an outfit that believes in transparency, backed up the claims by publishing a massive trove of what it says are secret CIA documents. It calls the collection “Year Zero,” and it consists of 8,761 documents and files.
The CIA, citing standing policy, declined to say whether the published documents are genuine.
“We do not comment on the authenticity or content of purported intelligence documents,” said CIA spokeswoman Heather Fritz Horniak.
Shocking claims
WikiLeaks portrays the CIA as a powerful hacking organization that has managed to infiltrate common personal devices — with the power to spy on nearly everybody’s personal lives.
CIA frames other hackers: The CIA rules say that its hackers must use cyberweapons in a way that can’t get traced back to the “CIA, U.S. government, or its witting partner companies,” according to WikiLeaks.
After a person, company or government gets hacked, cybersecurity experts worldwide are typically hired to conduct reviews. These reviews of tools and techniques usually allow someone to identify the attacker.
WikiLeaks said there’s an entire department within the CIA whose job it is to “misdirect attribution by leaving behind the ‘fingerprints'” of others, such as hackers in Russia.
Cybersecurity experts have repeatedly warned against the tendency to quickly blame a nation for a particular hack. This revelation could lend further credence to those, like President Trump, who doubt whether Russia did indeed hack the Democrats in an attempt to sway the recent American election.
Phones, TVs spy on you: A team within the CIA developed spy software that infects Samsung smart TVs — placing televisions on a “fake-off” mode that still listens to conversations and sends them back to American spies, WikiLeaks claimed. The program, called “Weeping Angel,” was created with the help of the British spying agency MI5, it said.
WikiLeaks reports that another team within the CIA built hacking tools that can remotely control iPhones, iPads and Android devices — secretly taking video from the camera, listening with the microphone, and tracking your location.
In the past, consumers have been warned that Samsung TVs were eavesdropping on private conversations — with the microphones implanted into the TV.
CNN has also reported how the NSA can “turn on” your phone remotely. But it was not previously known that the CIA has a similar capability.
Apple sought to ease customers’ worries, noting that its latest software update eliminated “many” of the potential iPhone hacking methods pointed out by WikiLeaks. The company said “it will continue work to rapidly address any identified vulnerabilities.”
After analyzing the leaks, Google had a similar reaction. “Chrome and Android already shield users from many of these alleged vulnerabilities,” said the company’s director of information security and privacy, Heather Adkins.
Samsung said it was aware of the situation and was “urgently looking into the matter.”
Microsoft said: “We’re aware of the report and are looking into it.”
People who are careful about their privacy have resorted to encrypted apps to place phone calls and send text messages. The most common are Signal and WhatsApp.
WikiLeaks pointed out that if a phone is infected by the CIA, spies could potentially still monitor communications. Cybersecurity experts have long noted that an infected device should be considered “compromised.”
It’s currently impossible for the average person to know if their phone, computer, or TV has been hacked by the CIA.
Potential car hacking: WikiLeaks also claims that the CIA in October 2014 was exploring the possibility of infecting the internet-connected systems of modern cars. In the past, CNN has documented how car hacking is a real possibility. Cybersecurity experts have long suspected the U.S. government has developed this capability.
U.S. consulate in Germany is a secret American hacking base, WikiLeaks says: Several U.S. State Department employees who work out of the consulate in Frankfurt, Germany are actually undercover CIA hackers who spy on Africa, Europe, and the Middle East, according to WikiLeaks.
Proving the documents are real
WikiLeaks has a long history of publishing authentic documents that have been stolen or leaked from government agencies, corporations and powerful individuals. However, this latest batch has not been authenticated by independent experts. CNN is reviewing the material.
In its statement on Tuesday, WikiLeaks said it withheld immediately publishing technical details about the malware allegedly used by CIA to prevent it from dispersing online. However, if and when those technical details are made public, computer experts could use them to track CIA hacking activity.
For example, cybersecurity researchers can pull together new information on alleged CIA hacking techniques and compare it with existing evidence of past cyberattacks. It’s an effort that could potentially prove whether the CIA hacked a specific person, company or government.
CNN’s Ryan Browne contributed to this story.