WikiLeaks released a cache of documents which it says comes from the CIA's cyber intelligence center. | Getty Images WikiLeaks dumps alleged secret CIA 'hacking arsenal'

WikiLeaks on Tuesday began publishing what it claims is the CIA's secret "hacking arsenal" that reveals how the intelligence agency transforms smartphones, computers and internet-connected televisions into spying devices.

The cache allegedly comes from the agency’s Cyber Intelligence Center, potentially spilling into the public domain an unprecedented amount of information about the CIA's electronic snooping. WikiLeaks called it the "largest ever publication of confidential documents" about the agency.


While a CIA spokesman would not comment "on the authenticity or content of purported intelligence documents," a former U.S. intelligence officer told POLITICO that the leaked documents looked legitimate.

On Twitter, Edward Snowden, the former NSA contractor who exposed the vast expanse of the government's spying apparatus, also said the documents appeared "authentic" because of the program names, among other arcane details.

If the files are genuine, their release marks the latest embarrassing episode for the intelligence community. Last year, a group calling itself “the Shadow Brokers” released classified NSA hacking tools that revealed so-called zero-day exploits, or unknown code flaws in popular products the government is exploiting.

Former CIA Director Michael Hayden said during an interview on MSNBC that "if it is what it pretends to be," then "it would be very, very damaging."

Senate Armed Services Chairman John McCain (R-Ariz.) agreed, telling reporters the leak was of the "greatest severity."

Posted Tuesday morning, the files detail a variety of hacking techniques, such as malware, viruses and zero-days. The files do not, however, include enough information to allow potential hackers to repurpose the attack methods, according to WikiLeaks.

Buried in the trove of documents are folders that detail the CIA’s methods of infecting Android and Apple phones. One page, for instance, lists 24 Android exploits, some of which the CIA shared with the NSA and the British spy agency GCHQ.

By infecting smartphones directly, the CIA could eavesdrop on conversations held through secure messaging apps like WhatsApp and Signal. These apps only shield communications as they transit over the internet. The CIA's phone exploits would allow the agency to scoop messages up before they leave the phone.

Open Whisper Systems, the company behind Signal, said that it saw the CIA's efforts as "confirmation that what we're doing is working" since the spy agency has to to rely on "expensive, high-risk, targeted attacks" to get at encrypted messages.

Another CIA project, codenamed “Weeping Angel,” described how the agency worked with British security agency MI5 to hack Samsung TVs and covertly record audio. According to notes on the effort, the CIA and MI5 figured out in 2014 how to disable the TV's LED lights to improve the illusion that it was powered down, when in fact it was conducting surveillance.

The CIA also apparently developed ways, through its “Sontaran” project, to hack into phones that transmit calls over the internet.

Other research efforts, codenamed DerStarke and YarnBall, explored ways to exploit Apple computers’ boot-up process. Malware deployed at earlier stages of a computer’s start-up routine is harder to detect and remove.

Anticipating Americans' fears that these snooping tools are being used on them, Hayden cautioned that the techniques illustrated in the files would have been used for foreign intelligence collection.

"This doesn't invoke the privacy rights of Americans, and isn't it surprising that WikiLeaks, this transparency engine, seems to be focused on transparency only about the United States of America and its friends, not totalitarian regimes around the world," said Hayden, who also previously helmed the NSA.

The civil liberties community struck a different tone, arguing that the release showed the urgent need to revise the country's surveillance laws.

"Hacking is one of the most invasive activities governments can engage in, yet it occurs in the dark, without public debate," said Nathan White, senior legislative manager at Access Now, a digital rights advocate. "Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them."

On Capitol Hill, cyber-focused lawmakers were distressed at the implications of releasing details about such powerful tools to the public.

"The potential privacy concerns are mind-boggling," said Rep. Ted Lieu (D-Calif.), one of the few members of Congress with a computer science degree.

In its description of the documents, WikiLeaks said it had redacted information in the files about CIA targets and specific attack techniques so people couldn't replicate the hacking tools. But the activist group didn't rule out eventually releasing the actual code.

"The ramifications could be devastating," Lieu said, calling for a congressional probe. "We need to know if the CIA lost control of its hacking tools, who may have those tools and how do we now protect the privacy of Americans."

McCain argued the incident should serve as a wakeup call for congressional committees to better coordinate their oversight of how the government secures its most valuable information.

"Congress has got to pay more attention to it, and they have to stop [the] stove piping that goes on with the different committees," he told reporters. "This is of the utmost importance. If they can hack into CIA, they can hack anybody."

It's unclear how WikiLeaks obtained the purported clandestine documents, although some have already started speculating about a potential Russia link.

During the recent U.S. presidential race, WikiLeaks made headlines when it published internal emails from the Democratic National Committee and Hillary Clinton's campaign. Intelligence officials believe Moscow-backed hackers stole those communications and laundered them through WikiLeaks as part of a broader campaign to meddle in the election.

There is no evidence yet of a similar connection with the CIA files.

Morning Cybersecurity A daily briefing on politics and cybersecurity — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

For its part, WikiLeaks said it got the cache after the trove "circulated among former U.S. government hackers and contractors in an unauthorized manner."

One of those people provided WikiLeaks "with portions of the archive," the organization said.

The group said the source “wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber weapons.”

Regardless, the dump could create another standoff between President Donald Trump and the intelligence community. During the campaign, Trump regularly praised WikiLeaks for publishing Democrats' emails, while assailing the CIA for its conclusion that Moscow had deployed its hackers to help Trump win.

Since entering the Oval Office, Trump has continued to blast intelligence staffers for leaking internal details to the media.

On Tuesday, White House press secretary Sean Spicer declined to comment on the WikiLeaks release.

"Obviously, that’s something that has not been fully evaluated, and if it was, I would not comment from here on that," he told reporters during briefing at the White House.

Martin Matishak contributed to this report.