📷 Key players Meteor shower up next 📷 Leaders at the dais 20 years till the next one
NEWS
WikiLeaks

WikiLeaks: CIA hacking group 'UMBRAGE' stockpiled techniques from other hackers

Aamer Madhani, Brad Heath, and John Kelly
USA TODAY

A division of the Central Intelligence Agency stockpiled hacking techniques culled from other hackers, giving the agency the ability to leave behind the "fingerprints" of the outside hackers when it broke into electronic devices, the anti-secrecy group WikiLeaks alleges as it released thousands of documents Tuesday.

In this Feb. 5, 2016 file photo, WikiLeaks founder Julian Assange speaks from the balcony of the Ecuadorean Embassy in London.

WikiLeaks says it acquired the documents from a source who wished to propel a debate about whether CIA’s hacking capabilities exceed the agency's legal powers. If authentic, the documents appear to show that the CIA's hacking division has developed software that enables the agency to break into smartphones, computers and even turn Internet-connected televisions into microphones.

The documents also suggest that one of the agency’s divisions – the Remote Development Branch’s UMBRAGE Group – may have been cataloguing hacking methods from outside hackers, including in Russia, that would have allowed the agency to mask their identity by employing the method during espionage.

“With UMBRAGE and related projects the CIA cannot only increase its total number of attack types, but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from,” Wikileaks said in a statement.

The CIA, which keeps its organizational structure below the directorate level classified, declined to comment on the WikiLeaks document release and would not confirm that the hacking and cataloguing programs exists. USA TODAY has not been able to independently confirm the authenticity of the documents nor seen anything in them so far to indicate the tools were used in the U.S. – or at all.

The agency's Center for Cyber Intelligence(CCI) produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware, according to the documents. The malware and hacking tools were developed by the agency’s Engineering Development Group (EDG) within the CCI.

The EDG described its mission innocuously in one document: “To be the premiere development shop customized hardware and software solutions for Information Operations: utilizing operating system knowledge, hardware design, software craftsmanship, and network expertise to support the (Information Operations Center) Mission.” Another document says the EDG “develops software exploits and implants for high priority target cell phones for intelligence collection.”

They could, but did they? What the CIA leak means for you

WikiLeaks says it has exposed the CIA's hacking operations. Here's what we know now

The documents describe how the engineering team develops software to target individual cellphones for surveillance, suggesting that it is not attempting to infiltrate cellphones in bulk. For example, its guide says “completed software implants must be tested on an exact version … of the target phone.”

The documents also describe, in very general terms, collaboration among U.S. and other intelligence services to hack into various electronic devices. For example, one document suggests the U.S. National Security Agency purchased an exploit called “Earth/Eve,” which it shared with the CIA, and with GCHQ, the Britain's main signals intelligence agency. The same documents list another exploit purchased under an NSA contract but “implemented by” GCHQ.

UMBRAGE catalogued software that tracks what physical actions a user is taking through the keyboard or mouse, collects passwords, captures webcams, and other hacking techniques, the documents show.

Among the treasure trove of documents, one refers to two common ways to hack a webcam operating on a Windows system. In another document, analysts comment on the pros and cons of certain key-logging hacks. Other documents note “anti-sandboxing” techniques that agency hackers can use to avoid malware detection by the subject of their surveillance.

If the release of the documents—which Wikileaks dubbed the Vault 7 archive—are proven to be authentic, it would mark the most significant leak of classified U.S. intelligence documents since the release of tens of thousands of documents taken from the National Security Agency by Edward Snowden in 2013.

Nathan White, a senior legislative manager at the international group Access Now, said that the stockpiling of digital vulnerabilities—without working with technology companies to patch them—hurts the cause of digital security.

“Many of these vulnerabilities could have been responsibly disclosed and patched,” White said. “This leak proves the inherent digital risk of stockpiling vulnerabilities rather than fixing them.”

Follow USA TODAY reporter Aamer Madhani on Twitter: @AamerISmad

Featured Weekly Ad