The FBI and CIA have launched a criminal investigation after confidential documents were published by WikiLeaks on Tuesday. Federal authorities plan to interview hundreds of agents as part of their search to find the person responsible for providing a huge cache of top secret documents to the whistleblowing site, with initial investigations focusing on the possibility that an insider was responsible for the leaks.
The U.S. intelligence community is scrambling to find the source of the massive leak of classified CIA documents, which lay out, in detail, the tools the agency uses to conduct covert monitoring of electronic devices — everything from iPhones to smart televisions.
According to sources speaking to the New York Times, investigators say the data published by Julian Assange's organization may have been stolen from a server outside the CIA, managed by a contractor — but it is not ruling out the possibility of a CIA employee being responsible.
Reuters reports the investigators believe a CIA contractor may be responsible for the leak, and that they have been aware of the breach since last year. According to CNN's sources, the investigation is also seeking to establish what other material WikiLeaks may have in its possession.
Here's what you need to know:
- On Tuesday, WikiLeaks published what amounts to the biggest trove of leaked documents in the CIA's history. Dubbed "Vault 7, Year Zero," the 8,761 leaked documents show the range of hacking tools the agency uses to spy on targets.
- WikiLeaks said the archive was circulated "among former U.S. government hackers and contractors," before one of them passed it onto the whistleblowing group – suggesting it was an insider similar to Edward Snowden who handled the documents. This appears to be where investigators are now focusing their attention.
- Investigators are asking companies that work with the CIA to check which of their employees had access to the data published by WikiLeaks, according to Reuters. The companies are also scouring computer logs, emails and other communications to try and find some smoking gun.
- To date, neither the CIA nor the White House has confirmed the authenticity of the leaks, though sources speaking to CNN confirmed the leaks were accurate for the most part. It is possible that some documents may have been altered.
- The group said the files published Tuesday represent just 1 percent of the entire cache of stolen material, and the New York Times reports that the FBI are trying to establish just how much more information WikiLeaks has in its possession.
- Of most concern for intelligence agencies will be whether WikiLeaks is planning on publishing the actual code for the hacking tools described in this week's release. By doing so, WikiLeaks would be handing hackers a powerful set of tools which would allow them compromise smartphones, laptops, PCs and televisions.
- In a surprise move Wednesday, the CIA issued a statement about the leak, though it stopped short of confirming the authenticity of the material. "The American public should be deeply troubled by any Wikileaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries," CIA spokesman Ryan Tripani said. "Such disclosures not only jeopardise US personnel and operations, but also equip our adversaries with tools and information to do us harm."
- Donald Trump, who has previously expressed his love of WikiLeaks, has remained silent on the CIA dump. On Wednesday, White house press secretary Sean Spicer said his boss was "extremely concerned," and that the leak "should be something that everybody is outraged about in this country."
Many tech giants quickly sought to reassure the public about the security of their devices — including Apple, Samsung, and Microsoft — with Google initially missing from the list. On Thursday it did finally issue a statement, saying it has already patched many of the flaws detailed in the documents: "We're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities," the company said.