The CIA’s cyber espionage toolkit made public by WikiLeaks has been linked to 40 spying operations in 16 countries, an early public assessment of the intelligence agency’s global hacking operations, computer security company Symantec said today. In a blog post published , the California-based Symantec Corp. said the tools in WikiLeaks’ recent releases have been linked to the electronic infiltration of international, financial, energy and aerospace organisations across the world. Like many security firms, Symantec draws on data supplied by its clients. Researcher Dick O’Brien declined to provide further details, saying it might prompt speculation as to the identity of the people or organisations involved.
“I will say, in terms of the regions, the largest region represented in terms of those targets was the Middle East,” O’Brien said in a telephone interview.
You may also like to watch:
The word ‘CIA’ was mentioned nowhere in Symantec’s post, but few, if any, doubt that that’s where the tools come from. When WikiLeaks began releasing them in early March, it gave an unusually explicit account of how the tools had been taken from the CIA’s Center for Cyber Intelligence. The US government has since all but publicly accepted the embarrassing claim; about a week later, President Donald Trump told a television host: “I just want people to know the CIA was hacked, and a lot of things taken.”
O’Brien said that while Symantec didn’t dispute that assessment, pinning the tools on a specific government agency was “straying outside our area of expertise”.
Intriguingly, O’Brien said one CIA tool was discovered breaking into an US computer, only to uninstall itself almost immediately afterward.
“That, to us, smacks of an accidental compromise,” he said. “Our assessment is it was likely a mistake.”