Reuters reported on Wednesday that law enforcement and intelligence officials knew of the breach and believed the likeliest source was a government contractor.
Early Tuesday morning, WikiLeaks published a trove of more than 8,700 documents labeled “confidential” and “secret” that contain a variety of computer security exploits and hacking tools useful in targeting a wide range of consumer devices, from Samsung TVs to cellphones and car systems.
Statements from WikiLeaks regarding the files were characteristically speculative, from openly hypothesizing that the CIA’s vehicle hacks might be useful in carrying out assassinations, to strongly asserting that exploits relying on borrowed code are used to frame foreign intelligence agencies, i.e., “false flag” attacks.
Car hacking is not new, and the ability to remotely force a car to crash has been demonstrated by researchers before, but the CIA documents do not actually describe the purpose behind the exploit, which may also be useful for surveillance purposes.
WikiLeaks points out that the “stolen” code—their word, not the CIA’s—could be used to obfuscate the source of a cyberattack due to the digital “fingerprints” they leave behind. But there appears to be no source document to support WikiLeaks’ claim that the U.S. government is actively working to pin blame for its cyberattacks on foreign states.
The emphasis WikiLeaks placed on this uncorroborated accusation, in a number of tweets and in the text of its press release, only raised the level of suspicion aimed at the group, whom some have accused of being the unwitting tool of Russian operatives. This combined with the fact that the transparency organization decided to solely single out Russia as a potential victim in its statement while referencing “other states” without naming them.
WikiLeaks did not respond to a request for comment.
The malware list made public by WikiLeaks does not appear to contain the specific exploits used to infiltrate the Democratic National Committee last year, according to security researcher Kevin Poulsen, editor of Wired, despite a number of Russian news sites hinting that the release may absolve Moscow of its involvement.
It remains unlikely that attribution for an attack at the highest levels of the U.S. government relies solely on bits of code that may be purchased on the black market; much of the evidence, which was enough to convince President Donald Trump of Russia’s involvement, is classified.
What’s more, the bits of code, which the CIA describes as containing “borrowed from in-the-wild malware,” is not arranged by nation of origin, which would seem useful if the motivation behind its use was to frame other governments.
What the documents appear to show is that CIA coders maintain a library of known exploits from which they borrow code while crafting specialized hacking tools, which is not in itself particularly controversial or revelatory. That the CIA conducts offensive cyber operations is a well-established and widely accepted fact.
Concerns over the CIA’s ability to hack “smart” TV sets were eased on Wednesday as security experts acknowledged that the specific attacks described in the files would require physical interaction, e.g., a USB drive being directly inserted into the TV.
WikiLeaks tweeted that so far it has released less than one percent of the stolen CIA files, which the group has dubbed “Vault 7.”