Everything you need to know about WikiLeaks’ CIA document dump

By

The CIA has a team of more than 5,000 hackers.
The CIA has a team of more than 5,000 hackers.
Photo: Brian Klug/Flickr CC

The entire hacking arsenal of the CIA has been dumped online and the entire internet is freaking out.

WikiLeaks dropped a data bomb Tuesday with its massive document dump, which it claims is one of the biggest in history. Secrets on how the CIA hacked devices made by Apple, Google, Samsung and Microsoft are now available for all to see. But should you start freaking out just yet?

Cult of Mac talked to a number of iOS security experts to make sense of all the new info. While it’s tempting to panic, there’s a lot more you need to know first.

What is ‘Year Zero’?

“Year Zero” is a series of 8,761 documents and files obtained by WikiLeaks that allegedly came from a secret network at CIA headquarters. WikiLeaks claims it is “the largest intelligence publication in history.”

What’s in the leaked documents?

Information on all of the tools the CIA uses to hack smartphones, computers and even televisions. The documents reveal new exploits that companies like Apple and Google apparently didn’t know about. The CIA supposedly kept some of those vulnerabilities secret from the companies involved, despite a promise to the contrary from the Obama administration.

How does this compare to the Snowden leaks?

WikiLeaks claims that the CIA data dump is bigger than the Snowden leaks, but it’s really much smaller. The Snowden leaks revealed the NSA was conducting mass surveillance with little to no oversight. While the CIA leaks contain a massive amount of data, it simply shows that the CIA created and purchased tools that allow them to conduct high-risk hacks targeted individuals.

Can someone use the leaked CIA tools to hack my iPhone?

It doesn’t look like it. So far there hasn’t been any information found in the data dump that would effect someone running an iPhone or iPad with the most recent version of iOS.

Where are the CIA’s hacking tools

WikiLeaks hasn’t unleashed the all of its info on the world. Founder Julian Assange says that he plans to give the CIA’s cyberweapons to companies like Apple so that they can use them to fix their vulnerabilities.

Should I be worried?

Maybe, but probably not. There is still a ton of data to go through. Hackers we have talked to so far told us they’ve seen no new zero day vulnerabilities for iOS in the documents. (There might be some for Windows, though.) Most of the of the vulnerabilities described are old ones that can’t be implemented.

But I read that the CIA hacked all the messaging apps?

Not really. The CIA found a way to bypass the encryption of apps like WhatsApp, Signal, Telegram, Weibo, Confide and Cloakman by hacking the encryption of the smartphone they run on. If your iPhone hasn’t been owned by the CIA, then you’re OK.

Who would want the leaked info?

The CIA’s enemies. By leaking the CIA’s hacking arsenal, WikiLeaks just revealed to foreign government agencies how the CIA approaches hacking tradecraft. Hacker groups and others will probably be pretty stoked for the data dump, too.

Why is the leak important?

Because it reveals that the CIA has massive hacking capabilities that rival the National Security Agency. It also shows that the CIA has been dishonest with companies like Apple, Microsoft and Google. In 2008, the Obama administration promised it would disclose serious software vulnerabilities so they could be fixed. Instead, the CIA hoarded the exploits.

Has Apple commented on the leaks?

In a statement regarding the WikiLeaks data, Apple said that its initial analysis revealed that “many of the issues leaked today were already patched in the latest iOS.” It’s unclear if that means there are still a number of holes to patch, but the company says it’s working rapidly to address any identified vulnerabilities.

What are security experts saying?

For the most part, members of the iOS jailbreaking community and top information security experts are fairly underwhelmed by the information contained in the leaks. Nicholas Weaver, a researcher who leads network security efforts at the University of California, Berkeley, said the actual data is entertaining but not all that significant. One of the world’s top jailbreakers also says the information leaked so far most likely can’t be used to exploit iPhone and iPad users who have the latest version of iOS 10.

Has anything shady been going on?

It’s the U..S government, so yeah. According to notorious NSA leaker Edward Snowden, the WikiLeaks documents reveal that the government developed vulnerabilities for U.S. products — then intentionally left the holes open so they could exploit them later.

Who has the CIA been hacking?

It’s hard to tell exactly who the CIA targeted with its tools. WikiLeaks redacted the names of ten of thousands of targets and attack machines throughout the United States, Europe and Latin America. One document reveals that the CIA even hacks its own double agents.

How many hackers does the CIA have?

More than 5,000 users are registered in the CIA’s hacking division. The team has produced more than a thousand hacking systems, trojans, viruses and malware. Because team members don’t need to go through the NSA to get hacking tools, they have very little public oversight.

What kind of hacking tools did the CIA create?

Methods were developed that allow the agency to remotely hack and control smartphones. Hacked devices would send audio and text communications. CIA operatives could also covertly activate the cameras and microphones of compromised devices. Similar tools were made to hack smart TVs made by Samsung. The agency also hacked vehicle control systems.

What can I do to defend myself?

Keep iOS and macOS updated with the latest software fixes. Don’t use unnecessary apps. Avoid becoming a target of the CIA.

Will more info be leaked later?

Most likely, yes. WikiLeaks says that the over 8,000 documents and files that it dumped are just a fraction of the data. Expect more data to be released over the next coming weeks.

What happens next?

A federal criminal probe is being opened to investigate the CIA WikiLeaks data. The person behind the leaked information is still unknown, so the FBI and CIA are coordinating an investigation.

  • dickleweed

    Just takeout your Phone tell the CIA to go screw them self’s online and await to be hacked chances are they’ll already know you are no threat, cuz they have the file on you as a U.S. Citizen and there isn’t crap you can do.

  • JonLeach

    There is something you can do about it, you can educate yourself. I’ve been trying to tell Americans for years now what the elite know. All you need to do is read these 2 documents.
    Preparing for the coming collapse of the petrodollar system: by Jerry Robinson (online)
    Confessions of an economic hitman, John Perkins
    Follow the money…

  • Null Static Void

    pretty inaccurate article. Instead of just repeating Wikileaks hyperbole, try looking through ‘vault 7’ yourself.
    There is nothing about breaking crypto in there.