WikiLeaks on Tuesday dumped thousands of documents it said came from the CIA’s cyber espionage department, a catastrophic breach that exposes sophisticated covert tools for hacking everything from computers to TVs to popular social apps.
The release is the first in a series called “Year Zero” that involves 8,761 documents and files from the spy agency’s Center for Cyber Intelligence in Langley, Va., the group said.
The disclosures, called “the largest ever publication of confidential documents on the agency,” lay bare the CIA’s cyber warfare material – malware, viruses, trojans – that could turn ordinary consumer tech products into espionage tools.
The devices in the spy agency’s intelligence trove allow operatives to “weaponize” Apple iPhones, Google’s Android, Samsung TVs and even bypass the encryption on apps like Signal, WhatsApp and Telegram, WikiLeaks said.
A CIA spokesman wouldn’t confirm the authenticity of the documents, but a retired agency operative said their release would be a staggering blow to the spy agency if they are genuine.
“If the documents are apparently CIA, then the CIA’s procedures in conducting cyber espionage and sabotage have been terribly compromised. This essentially gives our enemies a playbook on how we go about our clandestine cyber operations,” the former agent told The Post.
“This will be bad for the agency. They will have to reexamine its procedures for doing this type of work.”
Asked about the release at a White House briefing, spokesman Sean Spicer said he wouldn’t comment.
“That has not been fully evaluated,” he said.
A lawyer with a data security firm in Philadelphia said if the disclosures are true, it’s “Snowden 2.0,” referring to NSA analyst Edward Snowden, who fled to Russia after leaking sensitive US surveillance secrets.
“You’re talking about an extensive hacking and malware program by the most powerful and largest intelligence-gathering organization in the world, one that’s supposedly lost control over its arsenal,” said Scott Vernick of Fox Rothschild of Philadelphia.
A Democratic congressman quickly called for an investigation into the leaks, saying the “potential privacy concerns are mind-boggling.”
“We need to know if the CIA lost control of its hacking tools, who may have those tools and how do we now protect the privacy of Americans,” said Rep. Ted Lieu, (D-Calif.)
A security expert said heads were probably rolling at the CIA over the leak.
“There’s no question that there’s a fire drill going on right now,” Jake Williams, a security expert with Augusta, Ga.-based Rendition Infosec, told the Associated Press. “It wouldn’t surprise me that there are people changing careers — and ending careers — as we speak.”
WikiLeaks said the documents were provided by a source who wanted to “initiate a public debate” about the expanding use of “cyberweapons.”
“In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency,” the group said.
The cyber divisions inside the CIA built a global force of hackers and amassed an array of hacking systems so huge, it used more code that what’s necessary to run Facebook, WikiLeaks claimed.
The malware and hacking tools – carrying names like “Assassin,” “Medusa” and “Weeping Angel” – were used by the CIA in covert operations around the world.
One insidious malware, “Weeping Angel,” infests smart Samsung TVs, turning them into microphones to pry on unwitting subjects.
“Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server,” WikiLeaks said.
CIA units developed or were working on products to “weaponize” smart phones from Apple and Google, including techniques to collect audio and messages from WhatsApp, Signal, Telegram and Wiebo before encryption begins.
One of the more outlandish efforts begun in October 2014 intended to exploit the control systems used in cars and trucks.
“The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations,” WikiLeaks said in the release.
WikiLeaks said the files were created between 2013 and 2016, and that it would only publish a portion — redacting some sensitive samples of code — “until a consensus emerges on the technical and political nature of the CIA’s program.”
WikiLeaks’ previous document dump shook up the presidential race.
In July, the group began publishing thousands of emails hacked from Democratic National Committee computers.
It also dropped installments of emails from Hillary Clinton campaign staffers during the 2016 presidential campaign.