THE REVELATIONS OF WIKILEAKS: No. 9—Opening the CIA’s Vault
As its publisher remains in prison awaiting judgment on his extradition case, we continue our series of looking at WikiLeaks’ significant revelations contributing to the public’s right to know.
On Feb. 6, 2017, WikiLeaks released documents detailing the Central Intelligence Agency’s espionage program in the months leading up to and following France’s presidential election in 2012.
The agency used spies and cyberweapons to infiltrate and hack into the major political parties with competing candidates — the Socialists, the National Front and the Union for a Popular Movement. Their candidates — respectively François Hollande, Marine Le Pen and incumbent Nicolas Sarkozy — were also spied upon individually, as were many other prominent political figures.
The objectives of the program included ascertaining the contending parties’ political strategies and platforms, their views of the U.S., and their relations with the European Union, with other European nations (Germany, Britain) as well as Israel, Palestine, Libya, Syria, and others. The CIA’s French operation lasted 10 months, beginning in November 2011 and enduring until September 2012, several months after Hollande won the election and formed a Socialist government.
WikiLeaks’ disclosure of the agency’s project bears a special irony: It was just as WikiLeaks published this material in 2017 that the CIA helped propagate unsubstantiated (and later discounted) “intelligence” that Russian hackers and propagandists were interfering with France’s presidential election that year. Similar allegations (similarly lacking in evidence) were floated as the European Union held parliamentary elections in May 2019.
As WikiLeaks reported at the time of the releases on the CIA’s covert activities in France, those revelations were to serve “as context for its forthcoming CIA Vault 7 series.” WikiLeaks’ apparent intent was to display a CIA’s hacking operation in action.
Vault 7, the subject of this latest report on the history of WikiLeaks disclosures, stands as the most extensive publication on record of classified and confidential CIA documents. Never before and not since have the agency’s innumerable programs and capabilities been so thoroughly exposed to public scrutiny.
Biggest Since Snowden
Julian Assange, WikiLeaks founder and publisher, described the Vault 7 publications as the most significant since Edward Snowden, the former CIA data analyst, released an unprecedented trove of National Security Agency documents in the summer of 2013.
The Vault 7 series concerns the extraordinarily sophisticated inventory of cyber weapons the CIA has developed to spy on or hack into the communications of any person or entity it targets. Apart from the espionage function, certain of the programs in Vault 7 — this designation is WikiLeaks’, not the CIA’s — can also plant documents and data without being detected as the source — when, for example, the agency wishes to compromise an adversary via a false-flag operation.
The program wherein this capability was developed, called Marble, may have been crucial to creating the orthodox “narrative” that Russia was responsible for the theft of Democratic Party email in 2016 — the cornerstone allegation in the construct we now call Russiagate.
The Vault 7 releases expose the CIA’s hacking activities from 2013 to 2016. The series began on March 7, 2017, with the publication of “Year Zero,” an introductory survey and analysis of the agency’s globally deployed hacking programs. The Vault 7 series ran for six months, concluding on Sept. 7, 2017.
Complete as of that date, the series is comprised of 23 publications, each of which focuses on an individual hacking or cyber-espionage program. Marble is one of these.
The CIA’s development of its hacking capabilities began as a joint effort with the National Security Agency. But the Sept. 11 terrorist attacks and the subsequent wars in Afghanistan and Iraq, begun in 2001 and 2003 respectively, proved a turning point for the agency. It was during this time that the CIA, as WikiLeaks puts it in its introduction to the Vault 7 series, “gained political and budgetary preeminence over the NSA.”
According to former U.S. intelligence sources, the CIA has invested some $175 billion in its vast variety of cyber programs in the post–2001 years. “The agency’s hacking division, WikiLeaks notes, “freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.”
A Near Deal to Free Assange
WikiLeaks launched the Vault 7 series at a delicate moment for Assange, who was at the time taking asylum at the Ecuadoran embassy in London.
Shortly after Donald Trump took office in January 2017, Assange’s attorneys approached a lawyer named Adam Waldman, who was noted for his Washington connections.
Assange’s team proposed negotiations that would commit the U.S. to granting Assange limited immunity and safe passage from the Ecuadoran embassy in exchange for his agreement to limit publication of classified CIA documents. The agency knew by this time that WikiLeaks had an extensive inventory of CIA documents it was prepared to publish. These included what WikiLeaks soon named Vault 7.
Crucially, Assange signaled that he was also willing to reveal technical evidence that would shed light on who was not responsible for the theft of email from the Democratic National Committee in mid–2016. This was key: By this time the “narrative” that Russia had hacked the DNC’s computer servers was well-established; the Democratic Party, the intelligence agencies, the Federal Bureau of Investigation and the media were heavily invested in it. Assange, while observing the WikiLeaks principle of not revealing sources, had by this time asserted that Russia had nothing to do with the intrusion.
The Justice Department and Assange’s attorneys drafted an immunity deal in the course of the negotiations that both sides agreed to pursue. The attorneys’ initial contact, through Waldman, was a DoJ official named Bruce Ohr. The lead DoJ negotiator was named David Laufman. When WikiLeaks released “Year Zero” on March 7, 2017, these negotiations were still in progress; the release had no apparent impact on the talks.
But at this point the contacts between Assange and the U.S. government took a fateful turn. The only full account of the events summarized below was written by John Solomon, who has followed the Russiagate phenomenon from the first, and was published in The Hill on June 25, 2018.
Shortly after negotiations began, Waldman, the go-between, contacted Mark Warner, the Democratic senator from Virginia, to see if the Senate Intelligence Committee, of which Warner was vice-chairman, wished to contact Assange on its own in connection to matters related to Russia. This proved a miscalculation.
Warner, who had vigorously pressed the Russiagate narrative from the first, soon contacted James Comey, then the FBI director. Comey was also an aggressive Russiagate advocate and had a direct interest in sustaining the official account of events: It was while he ran the FBI that the bureau worked with CrowdStrike, the infamous cybersecurity firm hired by the DNC, to build what is now demonstrated to be an entirely false case to support the Democrats’ assertions of Russian responsibility for the mail intrusion.
Any proof that Russia had no role in the DNC mail theft would have discredited the FBI and Comey and very likely destroyed the career of Comey and numerous others.
Comey, working through Sen. Warner, immediately ordered Waldman to cut off the Assange–DoJ talks. Although negotiations continued a brief while longer, Comey had effectively dealt them a soon-to-be-fatal blow. By this time WikiLeaks had released two other Vault 7 document collections, including what it called the Marble Framework.
The DoJ finally broke off the negotiations on April 7, when WikiLeaks released a fourth set of documents, this one called Grasshopper. Six days later Mike Pompeo, then CIA director, gave a notably aggressive speech at the Center for Strategic and International Studies, the Washington think tank, in which he called WikiLeaks “a nonstate hostile intelligence service often abetted by state actors like Russia.”
With the CSIS speech, Pompeo effectively opened the Trump administration’s rigorously pressed campaign to have Assange extradited from Britain. The WikiLeaks founder appears never to have had another chance to negotiate an agreement providing for his freedom.
Run Amok
The Vault 7 releases continued at a steady pace, roughly four a month, for the next five months. The documents WikiLeaks made public, along with descriptions of the programs WikiLeaks deemed significant, can be found via its “Vault 7: Projects” report. Taken together they describe an expensively funded U.S. government organization that has run frighteningly amok, operates with no regard for U.S. or international law, and stands entirely beyond civilian control. Many of the projects exposed in the Vault 7 releases, and very likely most or all, violate Fourth Amendment rights to privacy and the CIA’s charter, which bars the agency from activity on U.S. soil.
The history of the CIA, reaching back to Allen Dulles’ tenure as director (1953 to 1961), indicates that from its earliest days it entertained a diabolic desire to accumulate the power to operate with no reference to constraints of any kind, including those imposed by ordinary standards of decency. In this way it was effectively the id of America’s exceptionalist consciousness. What we see in the Vault 7 series is the perversely logical outcome of this culture of limitless impunity and immunity.
By the end of 2016, the hacking division of the CIA’s Center for Cyber Intelligence had more than 1,000 hacking, malware, virus-implanting, remote-control and Trojan-horse programs in its inventory. These comprised more than 700 million lines of computer code.
Former CIA and NSA officials told Consortium News that a line of code costs roughly $25 to produce, putting the cost of the agency’s hacking tools over the years these programs were developed at $175 billion. “The CIA had created its ‘own NSA,’” WikiLeaks noted when it began releasing the Vault 7 publications, “with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”
What follows are accounts and summaries of the most significant of the 23 Vault 7 releases. We present these chronologically, the earliest first, to give readers a clear idea of how WikiLeaks organized and presented the Vault 7 project.
Year Zero
March 7, 2017
With the publication of “Year Zero,” it was immediately clear that WikiLeaks had penetrated into or very near the core of the CIA’s cyberoperations. This first Vault 7 release is comprised of 8,761 documents and files obtained from what WikiLeaks describes as “an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia, the agency’s headquarters.
As WikiLeaks notes, the agency had “lost control of the majority of its hacking arsenal” shortly before it published “Year Zero.” There had been a massive leak, to put this point in simple terms. “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner,” WikiLeaks reported, “one of whom has provided WikiLeaks with portions of the archive.” This occurred at some point in 2016.
“Year Zero” serves as an overview of “the scope and direction of the CIA’s global hacking program” and an introduction to material included in the Vault 7 releases to follow. The agency’s inventory of tools was the purview — and we can assume continues to be so — of the Engineering Development Group (EDG), a technology department under the authority of the Center for Cyber Intelligence.
The EDG also tests and operates its products once they are perfected and added to the agency’s arsenal. The engineering group, Wikileaks reported, has developed some 500 projects, each with its own malware and hacking tools. The EDG’s focus is on penetration, implanting, control and exfiltration. “Year Zero” analyzes the most important of these.
High among the objectives of Vault 7 programs was to achieve the capability of penetrating the manufacturers of cellular telephones and other electronic devices for a variety of operations. Among the products targeted for this purpose were Apple’s iPhone and iPad, Google’s Android operating system, Microsoft Windows and Samsung televisions.
Programs included in the Vault 7 collection were designed to hack these and other commonly used devices and systems remotely so they can corrupt the targets and also send the CIA the owner’s geographic location and all audio and text communications. Other programs were capable of turning on a device’s microphone and camera without the owner’s knowledge. Other attack-and-control programs targeted MAC OS X, Solaris and Linux operating systems.
A number of the CIA’s programs revealed in the Vault 7 releases focus exclusively on one or another of these companies, most commonly Microsoft.
“Grasshopper” (April 7, 2017) is a platform for the development of malware designed for attacks on Windows operating systems. “AfterMidnight” (May 12, 2017) and “Brutal Kangaroo” (June 22, 2017) also target the Microsoft Windows platform, while “Weeping Angels” (April 21, 2017) infiltrated Samsung televisions. “Outlaw Country” (June 30, 2017) is designed for attack on computers that use the Linux OS.
“Year Zero” also details the CIA’s use of what the agency calls “zero days.” These are commonly occurring software code imperfections and vulnerabilities in electronic devices that the CIA knows and makes use of but does not disclose to manufacturers or the public.
In some respects, zero days are treated as commodities. While the CIA discovered some zero days on its own, it obtained others from the NSA, GCHQ (the NSA’s British counterpart), or the FBI. It also purchased zero days from private cyber-weapons manufacturers much as the Pentagon would buy a weapons system from a defense contractor.
The CIA’s stockpile of zero days enables it to bypass encryption systems installed in such communications applications as WhatsApp, the widely used long-distance telephone and text service. This makes zero days, which can be used either locally or remotely, especially significant in extending the reach of the agency’s hacking operations. The CIA’s practice of keeping zero days secret — effectively hoarding them, as WikiLeaks notes — is especially cynical and dangerous.
As WikiLeaks explains:
“If the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable. The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google, the CIA ensures that it can hack everyone– at the expense of leaving everyone hackable.”
Most malware developed by the EDG and related units in the CIA’s organizational structure is designed to remain in implanted devices for considerable lengths of time — in some cases years — after it is installed. So long as it is present it communicates regularly and in two-way fashion with the CIA’s Command and Control systems.
While many programs are implanted remotely, some require a physical presence. This typically means an agent infests a targeted device on site. But in some cases, the CIA covertly intervened into supply chains and delivery services, including postal services, by opening, infecting, and on-sending products without the knowledge of either the manufacturer or the purchaser.
As it began its Vault 7 series with “Year Zero,” WikiLeaks took the occasion to note “an extreme proliferation risk in the development of cyber ‘weapons,’” as Assange put it at the time. He drew a comparison between these weapons and the global arms trade, noting “the inability to contain them, combined with their high market value.”
The source of the Vault 7 trove, who was among the former government hackers and contractors circulating the Vault programs among themselves, shared these and other concerns:
“In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation, and democratic control of cyber-weapons.”
This is Consortium News’s intent in publishing its report on Vault 7.
Mindful of the risks attached to proliferation, and perhaps of past (and unfounded) charges that its publications compromised U.S. national security and American personnel, WikiLeaks notes that it was careful to avoid distributing what it termed “‘armed’ cyber-weapons” as it published the Vault 7 series.
It also said it redacted “tens of thousands of CIA targets and attack machines throughout Latin America, Europe, and the United States.” In a note in an FAQ section appended to “Year Zero,” WikiLeaks states, “Names, email addresses, and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete.”
Dark Matter
March 23, 2017
Projects developed in the “Dark Matter” program were designed to penetrate Apple Macs and iPhones with what is called firmware — that is, malware that continues to infect the units attacked even if the OS is reinstalled. “Sonic Screwdriver,” a sub-project in this group, allowed attackers to install and activate computer code while users booted up these Apple devices.
WikiLeaks’ “Dark Matter” release also included the manual for using the agency’s “Nightskies” program, “a beacon/loader/implant tool” intended for attacks on Apple iPhones. “Nightskies” had been upgraded by the time WikiLeaks received the Vault 7 documents. “Noteworthy is that Nightskies had reached Nightskies 1.2 by 2008,” WikiLeaks observed, “and is expressly designed to be physically installed into factory fresh iPhones, i.e., the CIA has been infecting the iPhone supply chain of its targets since at least 2008.”
Marble Framework
March 31, 2017
The “Marble” program, consisting of 676 source code files, was specifically intended to incapacitate anti-virus software programs and block the work of forensic scientists and investigators attempting to trace the origin of malware, hacking attacks and Trojan horse attacks.
The core function of Marble is what the CIA terms “obfuscation,” that is hiding all traces of an agency intervention from investigators. Marble also has a “deobfuscating” capability. This enables the agency to reverse an obfuscation so that investigators detect what appears to be evidence of an attack’s origin.
It is with this deobfuscating tool that the CIA can mislead investigators by implanting false evidence in the attacked device or program — for example, by leaving signs that the language used in a malware attack was not English but, say, Chinese. In addition to Mandarin, the languages Marble was capable of false-flagging were Russian, Korean, Arabic and Farsi, Iran’s national language.
Marble’s anti-forensics capability made “Marble Framework” among the most significant of the Vault 7 releases, not least due to the timing of its publication, very shortly before the intrusion into the Democratic Party’s email servers. As the DNC, the FBI, and the CIA constructed their case purportedly proving Russia’s responsibility for the theft, they cited malware metadata with extensive script in Cyrillic.
There is no direct evidence that the CIA used its Marble program in the DNC case, but the presence of Cyrillic in the metadata suggests this may have been the case. It is highly unlikely that a Russian intelligence agency would have amateurishly left behind Cyrillic characters as prominently in the metadata as U.S. authorities presented them.
Ellen Nakashima of The Washington Post reported on the Marble program when WikiLeaks released it March 31, 2017. “WikiLeaks’ latest disclosure of CIA cyber-tools reveals a technique used by the agency to hide its digital tracks,” she wrote, “potentially blowing the cover on current and past hacking operations aimed at gathering intelligence on terrorists and other foreign targets.” We note that this remains the only mention of the Marble program in mainstream media.
Weeping Angel
April 21, 2017
The agency’s Embedded Services Branch, tasked with developing programs that worked by way of physically implanted devices, built a program called “Weeping Angel” specifically to compromise Samsung’s F Series line of “smart televisions.”
This program is a measure of the exceptional reach the agency’s hacking division has achieved. When a target TV is infested, the implant gives a “fake off” mode so that the owner is deceived into thinking the TV is off when it is still on and operating as a standard bug to record conversations and send them over the internet to a remote CIA server at Command and Control. In effect, televisions were turned into listening devices capable of surveilling entire offices or households.
“Weeping Angel” was developed jointly with MI5, Britain’s domestic intelligence service, and a U.K. intelligence entity called BTSS. The program requires a tool to be physically implanted in targeted televisions. Given it is intended to attack an ordinary consumer product, “Weeping Angel” is likely to count among those tools that were implanted on a mass basis via intrusions into Samsung’s supply chains or delivery services.
Archimedes
May 5, 2017
The CIA’s “Archimedes” program developed the agency’s capability to attack computers connected by a Local Area Network, or LAN. With the Archimedes tool, CIA hackers can compromise the network to divert message traffic from the targeted device or devices by infecting and controlling a computer in the LAN. In addition to message traffic, the targeted devices’ web browsers are also redirected to the covert server while maintaining the appearance of a normal browser for the targeted computer’s user.
Archimedes was effectively a self-expanding tool. It was designed to invade protected environments, as WikiLeaks put it, by attacking one or more computers in a LAN and using those to infect other devices in the network.
CherryBlossom
June 15, 2017
The CIA developed its “CherryBlossom” programs in cooperation with the Stanford Research Institute International, or SRI, a Menlo Park, California, scientific research organization with long-established ties to the CIA, notably in the field of parapsychology research.
CherryBlossom programs are dedicated to penetrating wireless networking devices such as commonly used routers with the intent of monitoring internet activity and implanting targeted devices with malware that enables the agency to execute a variety of operations: With CherryBlossom, CIA hackers can monitor, control and manipulate the internet traffic of those connected to a compromised wireless device; they can also implant malware and malicious content into data streams by taking advantage of “zero day” vulnerabilities in operating systems or computer applications.
The intricacies of the CherryBlossom program are worth noting, as they are typical of the sophistication common to the hacking operations WikiLeaks exposed in its Vault 7 releases. The program’s ability to engage in two-way communication between infected devices and the agency’s Command and Control unit, and control’s ability to assign tasks to the program, are especially to be noted:
“The wireless device itself is compromised by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection. Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap. A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree. The beaconed information contains device status and security information that the CherryTree logs to a database. In response to this information, the CherryTree sends a Mission with operator-defined tasking. An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.”
Many of the programs detailed in the Vault 7 series were designed for deployment via remote hacking operations; products that required physically implanted devices in targeted hardware or software were the responsibility of the agency’s Embedded Services Branch, which focused in part on “the Internet of Things,” or IoT.
“Weeping Angels” is an example of an ESB product. Another program of this kind, which WikiLeaks reports was under consideration as of 2014, was conceived to infiltrate the computer systems in motor vehicles and override the driver’s ability to control the vehicle by, for example, causing it to accelerate beyond safe speeds.
“The purpose of such control is not specified,” WikiLeaks notes, “but it would permit the CIA to engage in nearly undetectable assassinations.” WikiLeaks came upon a reference of this project in notes of a Branch Direction Meeting held Oct. 23, 2014. It is not clear if this project has since been completed and gone operational.
Official Reaction: Get Assange
The Trump administration, two months in power when WikiLeaks released “Zero Day” and announced the Vault 7 series, reacted swiftly and vigorously to the news.
Sean Spicer, the White House press secretary at the time, told reporters, “Anybody who leaks classified information will be held to the highest degree of law. We will go after people who leak classified information. We will prosecute them to the full extent of the law.”
It was at this time President Donald Trump announced his determination to extradite and prosecute Assange. But even as the White House reacted with fury, the Justice Department was well along in its negotiations with Assange via Waldman, the go-between attorney Assange’s legal team had contacted after Trump’s inauguration in January. While there is no evidence that the CIA had a role in these talks, it is clear the DoJ was negotiating for the purpose of limiting the damage to the agency’s covert hacking operations.
While the CIA was also stunned by WikiLeaks’ penetration of the walls of secrecy erected around its extensive inventory of cyber-weapons, the events of March 7, 2017, may not have landed in Langley by surprise. A news report by the Australian Broadcasting Corporation published a day after the “Year Zero” release indicated that the agency was aware of a significant breach of its Center for Cyber Intelligence by the end of the previous year.
However, the CIA’s WikiLeaks Task Force final report of Oct. 17, 2017, which probed the leak, says the agency was not aware of the breach until it read about it in WikiLeaks on March 7 of that year:
“Because the stolen data resided on a mission system that lacked user activity monitoring and a robust server audit capability, we did not realize the loss had occurred until a year later, when WikiLeaks publicly announced it in March 2017. Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss—as would be true for the vast majority of data on Agency mission systems.”
The CIA did know by then that over the previous three years it had sustained (along with NSA, other intelligence agencies and contractors such as Booz Allen Hamilton) what WikiLeaks described as “an unprecedented series of data exfiltrations by its own workers.” Until Vault 7, the Snowden releases in 2013 were the most prominent such case.
By the time “Year Zero” was published, WikiLeaks noted, “a number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.” WikiLeaks singled out the case of Harold T. Martin III, who, a month before “Year Zero” came out, was indicted by a grand jury on 20 counts of mishandling classified information.
Martin was accused of hacking some 50 terabytes of data from the NSA while working as a contractor for Booz Allen. He was sentenced to nine years in prison in July 2019.
Vault 7 comprises what remain among WikiLeaks’ most extensive publications for their penetration into the CIA’s culture of secrecy. As earlier noted, it was in apparent response to the launch of the Vault 7 series that Director Pompeo signaled the U.S. government’s campaign to extradite Assange from Britain.
This case is now proceeding. If Assange is extradited to the U.S., he faces 18 charges of espionage and conspiracy to intrude into a government computer system with combined maximum sentences of 175 years.
There is a final irony here of the sort typical of the Trump administration. Jennifer Robinson, one of Assange’s attorneys, testified last month at Assange’s extradition hearing in London that Trump offered to pardon Assange in the course of 2017 if he had agreed to reveal the source of the DNC email trove leaked in 2016 that was published on WikiLeaks.
The offer was conveyed at a meeting with Assange by Dana Rohrabacher, the then Republican congressman, and Charles Johnson, an associate of Rohrabacher’s with ties to the Trump administration. Given that confidentiality is WikiLeaks’ most fundamental principle, Assange declined the offer.
Media Reacts
By the time WikiLeaks began the Vault 7 series, U.S. media in particular, and Western media altogether, had followed the U.S. government’s lead and turned decisively against the publisher with which they had previously collaborated. Press and broadcast coverage of Vault 7 releases reflected this. Reporting of the Vault 7 series was minimal and avoided any examination of the profound political and legal questions Vault 7 raised.
The New York Times and The Washington Post reported the release of “Year Zero” as a spot news story. Both papers reviewed in broad-brush fashion a few of the programs contained in the first Vault 7 release, as for example, in these paragraphs from the Times story :
“The documents amount to a detailed, highly technical catalog of tools. They include instructions for compromising a wide range of common computer tools for use in spying: the online calling service Skype; Wi-Fi networks; documents in PDF format; and even commercial antivirus programs of the kind used by millions of people to protect their computers. A program called Wrecking Crew explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer. Other programs were called CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.”
This quick-gloss treatment was typical of U.S. press coverage. Without exception, it was arms-length, incurious, minimally dutiful, and at bottom unserious. No major news outlet published a news analysis or addressed questions related to the CIA’s Fourth Amendment abuses, its compromises of individuals and private and publicly listed corporations, or its breach of its charter.
None quoted transparency or anti-secrecy advocates, public policy analysts, or defenders of individual privacy. Consumer Reports published a “what consumers need to know” piece.
“There is no evidence that the C.I.A. hacking tools have been used against Americans,” the Times reported in contradiction to the list of devices and services the agency’s tools were designed to attack. The paper went on to quote an analyst at CSIS, where Pompeo was shortly afterward to speak forcefully against Assange, suggesting “that a foreign state, most likely Russia, stole the documents by hacking or other means and delivered them to WIkiLeaks.” This ignored WikiLeaks forthright account of the source of the documents — which the Timesquoted earlier in its story.
The U.S. press effectively dropped the Vault 7 story after “Year Zero” was published. There was very little reporting on any of the other releases. As noted, the Post’s Nakashima was the only reporter to put out a story on the highly significant “Marble” program.
This year Nakashima was also among the few journalists to report on an internal CIA report concluding that the leak of the documents collected as Vault 7 “was the result of a workplace culture in which the agency’s elite computer hackers ‘prioritized building cyber weapons at the expense of securing their own systems.’”