U.S. intelligence officials scrambled Tuesday to assess the damage wrought by WikiLeaks’ publication documents purporting to expose a vast and clandestine CIA cyberoperation capable of hacking into and turning smartphones, laptops and internet-connected televisions into listening devices and spy cameras.
While the Trump administration and the CIA refused to comment on the latest revelations from the global transparency activist group, intelligence community sources said the documents looked legitimate and, if verified, could represent the most significant U.S. intelligence breach since Edward Snowden exposed the National Security Agency’s highly classified mass-surveillance activities in 2013.
Rep. Devin Nunes, California Republican and chairman of the House Permanent Select Committee on Intelligence, said he was “extremely concerned” about the breach of U.S. security protocols and that he had asked the intelligence community for more information about the documents. The documents show broad exchanges of tools and information among the CIA, the NSA and other U.S. intelligence agencies, as well as intelligence services of close allies Australia, Canada, New Zealand and the United Kingdom.
WikiLeaks, whose founder Julian Assange has taken sanctuary inside the Ecuadorean Embassy in London, said in a statement that it had posted an initial batch of some 8,761 documents tied to previously undisclosed hacking programs developed by the CIA’s Center for Cyber Intelligence.
The documents purport to show the global scope of the CIA’s covert hacking operations and “weaponized exploits against a wide range of U.S. and European company products, includ[ing] Apple’s iPhone, Google’s Android, Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones,” WikiLeaks said.
It claimed the materials were provided by a U.S. government contractor but did not disclose the contractor’s identity.
Google declined to comment, although the company and the other tech giants were reported to be poring over the documents amid fear that the revelations could undermine consumer confidence.
Private cybersecurity analysts generally agreed that the materials, dated from 2013 to 2016, appear to have originated with the CIA. A longtime intelligence contractor with expertise in U.S. hacking tools told Reuters that the documents included correct “cover” terms describing active cyberprograms.
“People on both sides of the river are furious,” the contractor said, referring to the Virginia-based CIA and the NSA, based in Fort Meade, Maryland.
Robert E. Cattanach, a Minneapolis-based partner with the international law firm Dorsey & Whitney, said the leaks “raise a number of potentially troubling issues.”
While active CIA cyberoperations may be compromised, Mr. Cattanach said, the worst is likely yet to come because WikiLeaks claims to have held back on publishing the most sensitive aspects of the materials in its possession.
In its statement, the anti-secrecy organization said it had stopped short of publishing actual “source code” associated with the alleged CIA hacking operations and was “avoiding the distribution of ‘armed’ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should be analyzed, disarmed and published.”
If the code becomes public without being disarmed, it would be a “Pandora’s box,” said Mr. Cattanach, who added that such a development would give anyone with basic hacking know-how the ability to use the CIA cybertools to spy on private devices around the world.
“Once that rabbit’s out of the bag, anybody can use it,” he said.
Mr. Snowden weighed in on Twitter. The former intelligence contractor, who fled to Russia shortly after leaking documents on the NSA four years ago, said the WikiLeaks dump was “genuinely a big deal.”
“The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words,” Mr. Snowden tweeted.
Others were more circumspect. Alex McGeorge, the head of threat intelligence at the Miami-based cybersecurity firm Immunity Inc., said the documents were damaging and revealed the CIA’s development of hacking tools but did not indicate their widespread usage.
“There are a lot of people saying that the CIA has turned everybody’s phone into a bug. I think that’s very hyperbolic,” Mr. McGeorge said. “The tool sets that they have, based on this leak, would have allowed them to target specific brands and models of phones … [but] it does not suggest that these are widely deployed.”
Mr. Cattanach agreed, but stressed the situation could turn explosive if the CIA is found to have used the tools to spy on Americans.
“If the CIA didn’t use any of this domestically, then they would be on the right side of the law,” he said. “There’s no evidence so far that they have used it domestically, but if it is revealed that they did, it would be far more explosive than the [Snowden] revelations about the NSA.”
• S.A. Miller and Andrew Blake contributed to this report, which is also based in part on wire service reports.