FBI, CIA launch investigation into WikiLeaks file dump

The US agencies say the release of CIA documents to the public should be considered "deeply troubling."
Written by Charlie Osborne, Contributing Writer
Stock photo

The FBI and CIA have launched a joint inquiry into how WikiLeaks was able to publish thousands of documents revealing the agencies' surveillance tactics, malware usage, and more.

The federal agencies said the inquiry is being considered a criminal investigation, although neither the FBI, CIA or the White House will confirm the legitimacy of the documents.

Federal agents are attempting to hunt down the source of the leak and whether it originated from the CIA internally or was the result of an external issue, such as a cyberattack or data breach.

The cache of over 8,000 documents, obtained by WikiLeaks and released to the public this week, date between 2013 and 2016 and allegedly detail the exploits of the CIA's hacking unit, the Center for Cyber Intelligence.

The file dump includes classified material on surveillance tactics, the use of zero-day vulnerabilities in popular gadgets to keep tabs on users, and collusion between US and UK spies to pool resources in creating sophisticated digital weapons for spying and control.

"The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries," a CIA spokesperson told the BBC. "Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm."

Former CIA director Michael Hayden told the BBC that such disclosures have "made my country and my country's friends less safe," as "this seems to be an incredibly damaging leak in terms of the tactics, techniques, procedures and tools that were used by the Central Intelligence Agency to conduct legitimate foreign intelligence."

This opinion may hold some merit, but as the documents reveal dossiers on technology vendors and cybersecurity solutions providers alike -- as well as a swathe of zero-day vulnerabilities -- these companies have sprung into action.

It is worth noting that some of the security flaws and bugs exploited by the agencies for surveillance purposes are already well-known and have been patched, however, it does appear that some of the exploits may have been a surprise to tech firms.

Apple, for example, has told customers the company is "rapidly" working to fix zero-day vulnerabilities found in the cache of documents, although many of the bugs documented are legacy issues which have already been patched.

The iOS security flaws were allegedly used to control and siphon off data from iPhones and other Apple products running iOS either through local or remote means.

In a statement to ZDNet, Heather Adkins, Google's Director of Information Security and Privacy, said updates in both Chrome and Android "already shield users from many of these alleged vulnerabilities," but an investigation is ongoing and if required, new security fixes will address any zero-days which have not been fixed.

It is not only mobile devices at risk of surveillance and control. however. According to the leaked documents, malware developed during a hackathon between the CIA and UK's MI5 intelligence agency targets Samsung smart television sets.

Dubbed "Weeping Angel," the program allows smart TVs to be converted into devices which eavesdrop on owners, recording audio from its surroundings.

The leaked documents also claim that the CIA has developed malware for the purpose of targeting the Microsoft Windows operating system, used by millions of people worldwide. Microsoft says that the company is investigating these reports.

In light of the alleged leak, the World Wide Web Foundation has called on the US government to stamp out practices which erode personal privacy and security.

"Governments should be safeguarding the digital privacy and security of their citizens, but these alleged actions by the CIA do just the opposite," said Craig Fagan, Policy Director at the Web Foundation. "Weaponising everyday products such as TVs and smartphones -- and failing to disclose vulnerabilities to manufacturers -- is dangerous and short-sighted."

How to lock up your digital life and privacy in an hour (in pictures)

Editorial standards