Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

WikiLeaks Releases Details on CIA Hacking Tools

WikiLeaks revealed on Tuesday that it has obtained thousands of files allegedly originating from a high-security network of the U.S. Central Intelligence Agency (CIA). The leak, dubbed “Vault 7,” apparently exposes the CIA’s vast hacking capabilities.

WikiLeaks revealed on Tuesday that it has obtained thousands of files allegedly originating from a high-security network of the U.S. Central Intelligence Agency (CIA). The leak, dubbed “Vault 7,” apparently exposes the CIA’s vast hacking capabilities.

WikiLeaks said the files come from the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia, and they have been circulating among former U.S. government hackers and contractors. One of these individuals provided the data to the whistleblower organization, which has called it “the largest intelligence publication in history.”

According to WikiLeaks, the files, dated between 2013 and 2016, include malware and exploits targeting the products of several major tech companies, including Apple, Google, Microsoft and Samsung. The leaked tools can allegedly be used to hack mobile devices, desktop computers, routers, smart TVs and other types of systems.


These pieces of software are said to have been developed by the CCI’s Engineering Development Group (EDG). WikiLeaks said the EDG develops, tests and provides support for backdoors, exploits, Trojans, viruses and other types of malware used by the CIA.

In addition to hacking tools developed by its own people, the agency allegedly obtained tools from British intelligence agencies (GCHQ and MI5), the NSA, the FBI and cyber arms contractors. For instance, the agency is said to have collaborated with MI5 on the development of a tool designed for spying on people through Samsung smart TVs.

The CIA allegedly has dozens of zero day exploits designed for targeting devices running Android, iOS, Windows, OS X and Linux. WikiLeaks claims some of these tools even allow the agency to bypass the encryption of secure messaging apps such as Signal, WhatsApp, and Telegram.

However, this does not necessarily mean these applications have been compromised – an attacker who has root access to a mobile device can often access messages exchanged via secure IM apps without the need to break the encryption.

WikiLeaks will not release the tools and exploits “until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.”

The files also appear to show that the CIA has developed tools designed for targeting the control systems of modern vehicles, multi-platform malware, and threats that add themselves to CDs and DVDs in order to jump air gaps.

Following the Edward Snowden leaks, the U.S. government has promised to disclose serious vulnerabilities that represent a high risk or affect a product that is widespread in critical infrastructure. If the files obtained by WikiLeaks are genuine, the CIA breached that commitment.

Related: Assange’s Internet Cut by ‘State Party’, Says WikiLeaks

Related: Ecuador Says it Cut Assange Internet Over US Election Leaks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.