By the end of 2016, the C.I.A. program had 5,000 registered users, including government employees and contractors. And they had produced more than a thousand hacking systems. The agency’s arsenal, the documents indicate, included an array of malware ranging from viruses to clandestine “zero day” vulnerabilities in the software of major companies.
The files have circulated among former United States government hackers and contractors in “an unauthorized manner, one of whom provided WikiLeaks with portions of the archive,” WikiLeaks said.
WikiLeaks said it was publishing the documents while redacting and anonymizing some passages, including the names of “tens of thousands” of C.I.A. targets. WikiLeaks said it was not distributing “armed cyberweapons.”
The software targeted by the hacking program included the most popular smartphone operating systems: Apple’s iOS and Google’s Android.
The C.I.A. hacking initiative had a “mobile devices branch,” which developed an array of attacks on popular smartphones to infect and extract data, including a user’s location, audio and text messages, and to covertly activate a phone’s camera and microphone.
Apple’s iPhone software, according to the documents, was a particular target, including the development of several “zero day” exploits — a term for attacking coding flaws the company would not have known about.
Though Apple has only 15 percent of the global smartphone market, the intensive C.I.A. effort was probably explained by the “popularity of the iPhone among social, political, diplomatic and business elites.”
Finding these vulnerabilities could in theory allow the spy agency to circumvent the kinds of security that stymied investigators who wanted to gain access to the password-protected iPhone of one of the attackers in the 2015 mass shooting in San Bernardino, Calif.
Google’s Android, the most widely used smartphone operating system, seemed to have received even more attention. By 2016, the C.I.A. had 24 weaponized Android “zero day” software programs.
Did the C.I.A. directly target encryption software?
The C.I.A. focused on smartphone operating systems in large part to intercept messages before they could be encrypted, according to the WikiLeaks documents. So by targeting the phone’s underlying software, the C.I.A. was looking to bypass the encryption of WhatsApp, Signal, Telegram, Weibo and other smartphone communications applications.
Were other kinds of devices targeted?
The C.I.A. also targeted Microsoft’s Windows personal computer software, other internet-connected computers, and home and industrial devices running the Linux operating system, according to the documents.
There was a specific program to penetrate and take control of Samsung smart TVs. The program, code-named Weeping Angel, was intended to convert new digital televisions into “covert microphones.” The malware was developed in cooperation with the British spy agency MI5, according to the documents.
The Weeping Angel program puts the target TV in a “fake off” mode, according to the WikiLeaks documents. Then, with the owner believing the TV is turned off, the set works as a clandestine recording device, picking up conversations in the room and sending them over the internet to a C.I.A. server computer.
And in October 2014, according to the documents, the C.I.A. was exploring technology to penetrate the vehicle control systems of cars. The documents do not detail the goal of the vehicle hacking program, but WikiLeaks speculated that it would “permit the C.I.A. to engage in nearly undetectable assassinations.”
Has encryption software changed how the C.I.A. behaves?
The leaked documents indicate that the broad use of encryption has pushed the C.I.A. to become one of the world’s foremost creators — and buyers — of malware. Much of the cache released by WikiLeaks appears to show how the agency has created or acquired a variety of tools to thwart tough encryption or intercept messages before encryption tools make them useless to the intelligence agency.
What is new about the C.I.A. program?
Using malware to hack into devices ranging from smartphones to webcams has been going on for years. Sometimes the intent is to steal information — like names, addresses and credit-card numbers for identity theft and fraud. Sometimes the goal seems to be to create havoc.
But the C.I.A. program seems to have been particularly sophisticated, far-reaching and focused on surveillance. Just how innovative the individual software techniques were will not be known until independent computer security experts and scientists at the companies whose software was probed can examine the malware and tactics involved.
What time period is covered by the documents?
WikiLeaks says the document dump will cover 2013 to 2016. The organization says this is the largest publication of intelligence documents in history.
If the documents are accurate, did the C.I.A. violate commitments made by President Barack Obama?
In 2010, the Obama administration promised to disclose newly discovered vulnerabilities to companies like Apple, Google and Microsoft. But the WikiLeaks documents indicate that the agency found security flaws, kept them secret and then used them for surveillance and intelligence gathering.
Why is it so hard to keep these cyberweapons under wraps?
Unlike nuclear weapons, which can be guarded and protected, cyberweapons are “just computer programs which can be pirated like any other,” WikiLeaks notes. “Since they are entirely comprised of information they can be copied quickly with no marginal cost.”
