Counter-intelligence investigators are scrambling to figure out how classified CIA hacking tools were stolen from the CIA — and whether an agency employee, contractors, Russian hackers or some combination of the three is to blame, U.S. officials told NBC News.
A senior intelligence official confirmed to NBC News that the more than 8,000 documents posted by WikiLeaks include authentic material about CIA hacking methods, some of it classified Top Secret. And the CIA is not denying the WikiLeaks claim that it has a much larger archive of material it has yet to publish.
“The damage assessment isn’t completed yet,” said Juan Zarate, a former senior U.S. counterterrorism official and NBC News consultant. “The intelligence community doesn’t know yet what the effects are and the implications of this revelation. But if these documents are authentic, it does reveal CIA capabilities.”
WikiLeaks has claimed it has an even larger trove of documents and computer code that represents a portion of the CIA’s “hacking arsenal.” A former senior official at the National Security Agency told NBC News that may be exaggerated.
“But I also think there is a pile of stuff in – that looks like the real deal. I imagine the toolset is in the hundreds,” he said.
Still, he said, “it’s not the whole wad. Not the stuff that I would say is ‘Level 10 crown jewels.'”
Outside experts say the CIA has suffered a loss.
“There’s been real harm to the CIA’s ability to collect intelligence against difficult targets, like terrorists and foreign spies,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington.
Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said that many of the hints of exploits contained in the documents were less impressive than they first seemed. The actual malware — the computer code that hackers use to infiltrate phones, smart TVs and computers — was not released by WikiLeaks, he pointed out.
“The remarkable thing is NOT the technical content — but that somebody managed to extract at least 500 megabytes of information from a top secret CIA network,” he said.
In a statement, CIA spokesman Dean Boyd declined to confirm details, but said, “The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists and other adversaries. Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm.”
The FBI has begun a criminal investigation while the CIA conducts its damage assessment, officials say. Investigators are trying to narrow the list of suspects by pouring over computer and travel records.
Meanwhile, the CIA will try to reboot its cyber operations.