Vault 7

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare.

"[13] In March 2017, US intelligence and law enforcement officials said to the international wire agency Reuters that they had been aware of the CIA security breach which led to Vault 7 since late 2016.

"[8] In July 2022, former CIA software engineer Joshua Schulte was convicted of leaking the documents to WikiLeaks,[9] and in February 2024 sentenced to 40 years' imprisonment.

"[1] WikiLeaks attempted to redact names and other identifying information from the documents before their release,[1] but faced criticism for leaving some key details unredacted.

[23][24] It also said that it would postpone releasing the source code for the cyber weapons, which is reportedly several hundred million lines long, "until a consensus emerges on the technical and political nature of the C.I.A.

[20] The CIA released a statement saying, "The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community's ability to protect America against terrorists or other adversaries.

"[25] In a statement issued on 19 March 2017, Assange said the technology companies who had been contacted had not agreed to, disagreed with, or questioned what he termed as WikiLeaks' standard industry disclosure plan.

[36] On 21 April 2017, WikiLeaks published the sixth part, "Weeping Angel" (named for a monster in the TV show Doctor Who[37][38]), a hacking tool co-developed by the CIA and MI5 used to exploit a series of early smart TVs for the purpose of covert intelligence gathering.

Security expert Sarah Zatko said about the data "nothing in this suggests it would be used for mass surveillance," and Consumer Reports said that only some of the earliest smart TVs with built-in microphones and cameras were affected.

Both AfterMidnight and Assassin run on Windows operating system, are persistent, and periodically beacon to their configured LP to either request tasks or send private information to the CIA, as well as automatically uninstall themselves on a set date and time.

While not stated in the leaked documentation, it is possible that newly infected computers could themselves become "Pandemic" file servers, allowing the implant to reach new targets on a local network.

Brutal Kangaroo was a project focused on CIA malware designed to compromise air-gapped computer networks with infected USB drives.

[53] On 19 July 2017, WikiLeaks published part 18, documents from Raytheon Blackbird Technologies for the "UMBRAGE Component Library" (UCL) project reports on malware and their attack vectors.

In October 2021, a new backdoor based on the Hive source code was discovered being used "to collect sensitive information and provide a foothold for subsequent intrusions."

[64][66] WikiLeaks said that the documents came from "an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence (CCI) in Langley, Virginia.

[68] The cybersecurity firm Symantec analyzed Vault 7 documents and found some of the described software closely matched cyberattacks by "Longhorn," which it had monitored since 2014.

[69][70] The first portion of the documents made public on 7 March 2017, Vault 7 "Year Zero", revealed that a top secret CIA unit used the German city of Frankfurt as the starting point for hacking attacks on Europe, China and the Middle East.

WikiLeaks documents reveal the Frankfurt hackers, part of the Center for Cyber Intelligence Europe (CCIE), were given cover identities and diplomatic passports to obfuscate customs officers to gain entry to Germany.

Conservative commentators such as Sean Hannity and Ann Coulter speculated about this possibility on Twitter, and Rush Limbaugh discussed it on his radio show.

[75] Robert Graham, CEO of Errata Security told The Intercept that the source code referenced in the UMBRAGE documents is "extremely public", and is likely used by a multitude of groups and state actors.

[82] In its release, WikiLeaks said "Marble" was used to insert foreign language text into the malware to mask viruses, trojans and hacking attacks, making it more difficult for them to be tracked to the CIA and to cause forensic investigators to falsely attribute code to the wrong nation.

[82][84] Security researcher Nicholas Weaver from International Computer Science Institute in Berkeley told the Washington Post: "This appears to be one of the most technically damaging leaks ever done by WikiLeaks, as it seems designed to directly disrupt ongoing CIA operations.

[87] After WikiLeaks released the first installment of Vault 7, "Year Zero", Apple stated that "many of the issues leaked today were already patched in the latest iOS," and that the company will "continue work to rapidly address any identified vulnerabilities.

[90][91] WikiLeaks said on 19 March 2017 on Twitter that the "CIA was secretly exploiting" a vulnerability in a huge range of Cisco router models discovered thanks to the Vault 7 documents.

[92][93] The CIA had learned more than a year ago how to exploit flaws in Cisco's widely used internet switches, which direct electronic traffic, to enable eavesdropping.

Cisco quickly reassigned staff from other projects to turn their focus solely on analyzing the attack and to figure out how the CIA hacking worked, so they could help customers patch their systems and prevent criminal hackers or spies from using similar methods.

[96] Commentators, including Snowden and cryptographer and security pundit Bruce Schneier, observed that Wikileaks incorrectly implied that the messaging apps themselves, and their underlying encryption, had been compromised - an implication which was in turn reported for a period by the New York Times and other mainstream outlets.

[100] On 7 March 2017, Nathan White, Senior Legislative Manager at the Internet advocacy group Access Now, wrote:[101] Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them.

This leak proves the inherent digital risk of stockpiling vulnerabilities rather than fixing them.On 8 March 2017, Lee Mathews, a contributor to Forbes, wrote that most of the hacking techniques described in Vault 7 were already known to many cybersecurity experts.

"[106] On 8 April 2017, Cindy Cohn, executive director of the San Francisco-based international non-profit digital rights group Electronic Frontier Foundation, said: "If the C.I.A.