WikiLeaks today published thousands of documents that it claims are from the CIA's arsenal of hacking and cyberespionage tools, calling this leak the "largest ever publication of confidential documents on the agency."
According to WikilLeaks, the program allowed the CIA to hack into iPhones, Android phones, and classic computers, and undermine the encryption of popular "secure" smartphone apps such as WhatApp and Signal. It also allowed the spy agency to commandeer people's Samsung smart televisions and transform them into spying equipment by using the device's built-in microphones to listen into conversations.
If the leaked materials are genuine -- and, to date, WikiLeaks has a record of publishing authentic documents -- today's disclosure would represent a catastrophic leak for United States intelligence, and it could potentially harm our nation's national security. It also reveals that the CIA used various hacking techniques to make its attacks look like they were done by Russia, and engaged in questionable behavior vis-a-vis its spying activities. Today's leak comes on the heels of one that took place last year involving NSA cyberweapons. (Note: I have not looked at the alleged CIA materials, nor do I plan to do so, so I cannot vouch for their authenticity other than by referring to WikiLeaks' historical behavior.)
According to WikiLeaks, the materials were somehow circulating among former government workers and contractors (which, I should note, in itself, may constitute the commission of serious crimes if the materials were classified, as they no doubt were), and were provided to WikiLeaks by an insider interested in sparking "a public debate about the security, creation, use, proliferation and democratic control of cyberweapons." I have previously discussed the dilemma that governments face when discovering vulnerabilities--reporting them protects citizens, but not reporting them allows the government to use them against adversaries; in its blog post today, WikiLeaks claims that the CIA "hoarded zero day" attacks -- which would seemingly mean that the agency violated the Obama administration's public commitment made to report most vulnerabilities found since 2010.
Putting the scale of the cyberweapons program into perspective, WikiLeaks claims that by 2016, the CIA's hackers had utilized more code for the cyberweapons program than are used by Facebook to run its social media empire.
Through a spokesman, the CIA said simply, and, as expected: "We do not comment on the authenticity or content of purported intelligence documents."