Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

CIA Responds to WikiLeaks Hacking Tool Dump

CIA Logo on Keyboard

CIA: We Are Innovative but We Don’t Spy on Fellow Americans

CIA Logo on Keyboard

CIA: We Are Innovative but We Don’t Spy on Fellow Americans

The U.S. Central Intelligence Agency (CIA) has issued a statement in response to the claims made by WikiLeaks in regards to the agency’s hacking tools, and denied conducting electronic surveillance on Americans.

The CIA and the FBI have launched an investigation into the Vault 7 dump and unnamed U.S. officials told Reuters that the most likely source of the breach is a CIA contractor.

In its initial press release, WikiLeaks said the files, originating from the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia, had been circulating among former government hackers and contractors. One of them allegedly provided the data to the whistleblower organization.

The CIA has refused to comment on the authenticity of the leaked documents or the status of its investigation into this incident. However, the agency pointed out that its mission is to “aggressively collect” foreign intelligence from overseas entities in an effort to protect America from adversaries such as terrorists and hostile nation states.

“It is CIA’s job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad,” the CIA said in its statement.

The nature of the tools suggests that they are designed for targeted operations – rather than mass surveillance – and the CIA pointed out that it’s legally prohibited from spying on individuals in the United States. The agency said its activities “are subject to rigorous oversight to ensure that they comply fully with U.S. law and the Constitution.”

The organization has expressed concern about the impact of the Vault 7 dump on its operations.

Advertisement. Scroll to continue reading.

“The American public should be deeply troubled by any Wikileaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists and other adversaries. Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm,” the agency said.

WikiLeaks has claimed that the U.S. consulate in Frankfurt is used by the CIA as a covert base for hackers targeting Europe, the Middle East and Africa. Germany’s foreign ministry issued a statement saying that it takes such information very seriously and that it’s in touch with the U.S. on this matter.

According to Reuters, China also expressed concern after the WikiLeaks documents showed that the CIA may have targeted the devices of several Chinese companies, including Huawei and ZTE. The country once again claimed it opposes all forms of hacking and urged the U.S. to “stop listening in, monitoring, stealing secrets and internet hacking against China and other countries.”

London-based Privacy International has also issued a statement, saying that if the leaks are authentic, “they demonstrate what we’ve long been warning about government hacking powers — that they can be extremely intrusive, have enormous security implications, and are not sufficiently regulated.”

Technology companies whose products are listed in the Vault 7 leaks have launched investigations to assess the impact of the alleged CIA tools. Following an initial analysis of the available information – WikiLeaks has yet to make public any actual exploits – security firms and tech giants such as Apple and Google have determined that a majority of the vulnerabilities do not affect the latest versions of their products.

Related: “Vault 7” Leak Shows CIA Learned From NSA Mistakes

Related: Government Contractor Indicted Over Theft of Secret Documents

Related: Required Insider Threat Program for Federal Contractors – Will It Help?

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.