Vault7 WikiLeaks

Earlier today, WikiLeaks published a collection of hacking tools which the organization claims belong to the United States Central Intelligence Agency (CIA).

The WikiLeaks dump, codenamed Vault 7, comes after a rogue hacking group calling itself The Shadow Brokers had leaked similar tools in the summer of 2016, which they claimed to have stolen from the United National Security Agency (NSA). The Shadow Brokers have retired in the meantime.

According to WikiLeak's press release, the organization is now in possession of "the majority of its [CIA's] hacking arsenal including malware, viruses, trojans, weaponized 'zero day' exploits, malware remote control systems and associated documentation."

The dump contains only PDF documentation for the alleged CIA hacking tools, but none of the actual malware and exploits.

Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.

The WikiLeaks dump is available for download via a torrent file, which delivers a password-protected archive. The archive's password is SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds, a quote from President Kennedy, which WikiLeaks tweeted hours after announcing its latest leak.

The archive file unzips into a folder named "year0" that holds 930 MB of data. According to a summary of the included documents, there's documentation for tools targeting Windows, Android, iOS, and even Samsung TVs.

Some tools are visibly marked as "Confidential" or "Top Secret," while others are marked with the names of other intelligence agencies, such as the FBI, NSA, GCHQ, and MI5.

Tools included in Vault 7 Year Zero leak

WikiLeaks says the files come from both US government contractors and hackers. The organization hints that some of the tools were circulated before its staff got ahold of the data.

The exact date when the files were taken from CIA servers is unknown. WikiLeaks says this is only the first of many leaks to come.

The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina.

To get an idea of what the CIA hacking tools can do, here's a short summary of some random utilities (these are just a few, there are tens included in the leak):

HammerDrill - a CD/DVD collection tool that collects directory walks and files to a configured directory and filename pattern as well as logging CD/DVD insertion and removal events.
Sparrowhawk - collects user-entered keystrokes from any system terminal, and collate in a unified format across multiple Unix platforms.
MaddeningWhispers - a set of software components that provide beaconing and remote access capabilities to a Vanguard-based device.
BaldEagle -Local user-to-root privilege escalation exploit within the Hardware Abstraction Layer (HAL) daemon. Exploit is available on Linux and PC-BSD platforms.
Bee Sting - Proxy with iFrame injection.
Fight Club - encryption utility.
RainMaker - a survey and file collection tool.
Weeping Angel - transforms Samsung smart TVs into microphones, using a fake "Off mode."