Wikileaks has published almost 9,000 documents from the CIA about the agency’s own malware used to hack into anyone’s electronics and spy on them. Most concerning? The CIA has malware from Russia, and other countries, so it looks like an attack came from that country:

The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Wikileaks compares this style to that of finding the same “knife wound on multiple separate murder victims.” This evidence leads investigators to believe the same person committed each murder so when they apprehend the killer then they can solve the other murders.

CIA spokesman Dean Boyd said the agency does “not comment on the authenticity or content of purported intelligence documents.”

But The New York Times reported that a former intelligence officer reviewed the documents this morning. He “said some of the code names for C.I.A. programs, an organization chart and the description of a C.I.A. hacking base appeared to be genuine.”

Here is the organizational chart:

After Edward Snowden leaked NSA material, the Obama administration told the technology world that it “would disclose on an ongoing basis – rather than hoard – serious vulnerabilities, exploits, bugs or ‘zero days’ to Apple, Google, Microsoft, and other US-based manufacturers.” But these documents now show that the CIA did not uphold that commitment:

As an example, specific CIA malware revealed in “Year Zero” is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities (“zero days”) possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable.

The CIA malware allows the hackers to attack iPhones, Androids, and smart TVs. The Embedded Devices Branch (EDB) developed “Weeping Angel” specifically for the smart TVs by “transforming them into covert microphones.” The malware will turn the TV into “Fake-Off” mode so the agents can keep recording the person.

In February 2015, Samsung released a warning about its smart TVs voice recognition feature:

“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition,” Samsung posted in its SmartTV privacy policy.

The agency also formed a special unit specifically to target Apple products that run iOS, including the iPhone and iPad even though it only makes up 14.5% of the market:

CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

The Android, which maintains 85% of the market, has its own target group within the CIA. Documents have shown “that as of 2016 the CIA had 24 ‘weaponized’ Android ‘zero days’ which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.”

These groups use techniques that allows the hackers “to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloakman.” The agents can then hack into the phons and collect “audio and message traffic before encryption is applied.”

From The Wall Street Journal:

WikiLeaks said in its statement that it was not publishing such information as computer source code that could be used to replicate the tools it claims to have exposed. But the group left open the possibility of publishing those crucial details if “a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should [sic] analyzed, disarmed and published.”

Mr. Snowden said in a tweet Tuesday, “Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.”

WikiLeaks said the CIA recently “lost control” of the majority of its hacking arsenal. “This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA,” the site said in a statement. “The archive appears to have been circulating among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”