THE NSA, IT seems, isn’t the only American spy agency hacking the world. Judging by a new, nearly 9,000-page trove of secrets from WikiLeaks, the CIA has developed its own surprisingly wide array of intrusion tools, too.
On Tuesday morning, WikiLeaks released what it’s calling Vault 7, an unprecedented collection of internal CIA files—what appear to be a kind of web-based Wiki—that catalog the agency’s apparent hacking techniques. And while the hoards of security researchers poring through the documents have yet to find any actual code among its spilled secrets, it details surprising capabilities, from dozens of exploits targeting Android and iOS to advanced PC-compromise techniques and detailed attempts to hack Samsung smart TVs, turning them into silent listening devices.
“It certainly seems that in the CIA toolkit there were more zero-day exploits than we’d estimated,” says Jason Healey, a director at the Atlantic Council think tank, who has focused on tracking how many of those “zero-days”—undisclosed, unpatched hacking techniques—the US government has stockpiled. Healey says that he had previously estimated American government agencies might have held onto less than a hundred of those secret exploits. “It looks like CIA might have that number just by itself.”
The leak hints at hacking capabilities that range from routers and desktop operating systems to internet-of-things devices, including one passing reference to research on hacking cars. But it seems to most thoroughly detail the CIA’s work to penetrate smartphones: One chart describes more than 25 Android hacking techniques, while another shows 14 iOS attacks.
Given the CIA’s counterterrorism work—and the ability of a phone exploit to keep tabs on a target’s location—that focus on mobile makes sense, Healey says. “If you’re going to be trying to figure where Bin Laden is, mobile phones are going to be more important.”