This WikiLeaks document is a cheat sheet for decoding CIA hacking operations

This WikiLeaks document is a cheat sheet for decoding the CIA’s hack attacks


One of the documents in WikiLeaks' massive Vault 7 release holds a key to deciphering CIA jargon.
A document in WikiLeaks' massive Vault 7 release holds a key to deciphering CIA jargon.
Image: WikiLeaks

A secret document buried in WikiLeaks’ “Vault 7” data dump serves as a sort of Rosetta Stone for the CIA’s extensive hacking operations targeting iOS devices and other consumer electronics.

Titled “IOS Team Acronyms and Terms,” the document unlocks the agency’s spyspeak. If you’re diving into Vault 7 — the massive, searchable cache of supposed CIA documents released Tuesday by WikiLeaks — the iOS terms sheet acts as a handy guide to the dizzying array of acronyms and abbreviations you’ll encounter.

In total, Wikileaks’ Vault 7 consists of 8,761 documents allegedly spirited away from the CIA by a source who “wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.”

That source could be the CIA’s Edward Snowden: WikiLeaks describes the data dump as “the largest intelligence publication in history.”

A key to deciphering WikiLeaks Vault 7

The documents offer a startling look into the spy agency’s activities, many of which targeted iPhone users. Even more worryingly, WikiLeaks says the CIA lost control of its hacking tools. As a result, the malware might be used by foreign governments, cybercriminals or other bad actors to target individuals’ devices, from iPhones and Android phones to Samsung smart TVs.

As you read the Vault 7 documents, you’ll encounter terms like “Mcnugget” (Mission Control for iOS), “ElderPiggy” (a privilege escalation), “NightSkies” (a beacon/implant tool) and “IPSW” (shorthand for iPhone/iPad firmware).

CIA hacking terms explained

Some terms are colorful CIA shorthand, while others are simply jargon used by software developers and hackers. The document that defines the terms is classifed as “SECRET//NOFORN,” which means it’s not to be shared with “foreign nationals,” aka anybody who is not a U.S. citizen.

Knowing the various arcane terms makes it easier to decode the sprawling trove of CIA documents, such as the “MCNUGGET v4.0 User Guide” (.pdf). That 12-page technical document offers step-by-step instructions for building and deploying a payload to target an iOS device.

“MCNUGGET payloads are typically NIGHTSKIES installs (but not necessarily required),” the MCNUGGET user guide says. “Given a Nightskies .zip file, you can generate a MCNUGGET payload for that specific Nightskies zip file. You use the solcreate script to generate the payload.”

(Maybe you can see why the CIA needed its very own secret cheat sheet for deciphering its cyberwarriors’ jargon.)


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.