Here is the CIA’s incomplete organizational chart via Wikileaks: “The organizational chart corresponds to the material published by WikiLeaks so far. Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.”

Wikileaks: “Vault 7: CIA Hacking Tools Revealed”

1) One notable part of this revelation is another admission of the ability to conduct cyber false flags by a third Five Eyes member. The ability to do something is not indicative of whether one has done something, but it would be intellectual dishonesty to pretend the ability/possibility does not exist. In fact, two Five Eyes agencies have directly admitted the intent to conduct false flags, not just having the ability to do so. First it was the UK’s GCHQ, then it was Canada’s CSE, and now the CIA has shown its ability to do so. This aspect of whether the document explicitly states this or simply implies that it is a possibility has been debated.  Here’s the relevant section of Wikileaks’ summary:

“The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a ‘fingerprint’ that can be used by forensic investigators to attribute multiple different attacks to the same entity. This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution. The CIA’s Remote Devices Branch‘s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from. UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.”

2) The CIA, for legal reasons, could not classify their massive cyberarsenal — an arsenal so large and powerful that it’s essentially the CIA’s “own NSA,” with more code used than the entirety of Facebook. Why would an intelligence agency do that when they’re notorious for having  legal layering to insulate itself from long overdue legal prosecution — both domestically and internationally? Unlike conventional physical weapons, cyberweapons don’t destroy themselves when fired into ‘enemy’ (in cyberspace, that’s everyone: “collect it all“) territory. In cyberwar, copies of would-be classified malware would have to be copied directly for long durations of time on unauthorized servers, etc. This combined with that the CIA did not copyright the cyberweapons created a what Julian Assange called “one of the most astounding intelligence own goals in living memory.”

3) The CIA’s already aggressively started infiltrating the IoT (internet of things). Here’s the relevant except from Wikileaks’ summary of their ‘Vault 7’ files: “The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server. As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

4) Cyberweapons are exceptionally difficult to keep from proliferating, as explained by Julian Assange here: “While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber ‘weapons’, once developed, are very hard to retain. Cyber ‘weapons’ are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost. Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global ‘vulnerability market’ that will pay hundreds of thousands to millions of dollars for copies of such ‘weapons.’ Similarly, contractors and companies who obtain such ‘weapons’ sometimes use them for their own purposes, obtaining advantage over their competitors in selling ‘hacking’ services. Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booz Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers. A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents. Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information. The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking toolsOnce a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike. … The CIA made these systems unclassified. Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the ‘battlefield’ of cyber ‘war.’ To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufactures and computer hackers can freely ‘pirate’ these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets. Conventional weapons such as missiles may be fired at the enemy (i.e into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts. Ordnance will likely explode. If it does not, that is not the operator’s intent. Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams. For instance, attempted ‘malware injections’ (commercial jargon) or ‘implant drops’ (NSA jargon) are being called ‘fires’ as if a weapon was being fired. However the analogy is questionable. Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its ‘target.’ CIA malware does not ‘explode on impact’ but rather permanently infests its target. In order to infect target’s device, copies of the malware must be placed on the target’s devices, giving physical possession of the malware to the target. To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers. But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.”

5) The US Consulate in Frankfurt, Germany is the CIA’s secondary hacking base for Africa, the Middle East, and Europe: “CIA hackers operating out of the Frankfurt consulate ( ‘Center for Cyber Intelligence Europe‘ or CCIE) are given diplomatic (‘black’) passports and State Department cover. The instructions for incoming CIA hackers make Germany’s counter-intelligence efforts appear inconsequential: ‘Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport.’ … Two earlier WikiLeaks publications give further detail on CIA approaches to customsand secondary screening procedures. Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area — including France, Italy and Switzerland.”

Special Collection Service (SCS) is a joint CIA-NSA surveillance collaboration. Here are slides, operations in 80 US embassies, old news, locations of the 80 embassies, the surveillance ‘sheds’ on said embassies, and more on embassy spying.

More from Wikileaks on the cyberoperations (warfare and surveillance):

NSA Helped CIA Outmanoeuvre Europe on Torture” (2014)

Target Tokyo” (2015)

Espionnage Élysée” (2015)

Bugging Brazil” (2015)

German BND-NSA Inquiry Exhibits” (2016)

NSA Targets World Leaders for US Geopolitical Interests” (2016)

CIA espionage orders for the 2012 French Election” (2017)

Vault7: CIA Hacking Tools Revealed” (2017)

Here are some articles/documents on cyberwar, the CIA’s cyber reorganization, and the IoT (internet of things):

CIA Chief: We’ll Spy on You Through Your Dishwasher” (2012; WIRED)

The Government Is Spying On Us Through Our Computers, Phones, Cars, Buses, Streetlights, At Airports And On The Street, Via Mobile Scanners And Drones, Through Our Smart Meters, And In Many Other Ways” (2013; Washington’s Blog)

The NSA Uses Powerful Toolbox in Effort to Spy on Global Networks” (2013; Der Spiegel)

U.S. Cyber Command Presentation: Assessing Actions Along the Spectrum of Cyberspace Operations” (2013; Public Intelligence)

U.S. Strategic Command: The Vocabulary of Cyber War” (2014; Public Intelligence)

Exclusive: Snowden Docs Show British Spies Used Sex and ‘Dirty Tricks’” (2014; Matthew Cole & Glenn Greenwald, NBC)

What Exactly Are the Spy Agencies Actually Doing with their Bag of Dirty Tricks?” (2014; Washington’s Blog)

Washington’s Blog Interviews Senior NSA Executive Thomas Drake” (2014; Washington’s Blog)

An Unprecedented Look at Student, the World’s First Digital Weapon” (2014; WIRED)

What Snowden Told Me About Cyberweapons” (2015; James Bamford, Foreign Policy)

Missed Calls: The NSA and 9/11” (2015; James Bamford, Foreign Policy)

U.S. tried Stuxnet-style campaign against North Korea but failed – sources” (2015; Reuters)

CIA plans major reorganization and a focus on digital espionage” (2015; Washington Post)

Deputy Director Cohen Delivers Remarks on CIA of the Future at Cornell University” (2015;

Controversial GCHQ Unit Engaged in Domestic Law Enforcement, Online Propaganda, Psychology Research” (2015; Glenn Greenwald, The Intercept)

The CIA Campaign to Steal Apple’s Secrets” (2015; Jeremy Scahill, The Intercept)

Apple’s App Store Got Infected With the Same Type of Malware the CIA Developed” (2015; Micah Lee, The Intercept)

NSA Looking to Exploit Internet of Things, Including Biomedical Devices, Official Says” (2016; The Intercept)

The Whole Point of the Internet of Things Is So Big Brother Can Spy On You” (2016; Washington’s Blog)

Nitro Zeus: The Terrifying U.S.-Israeli Computer Worm That Could Cause WWIII” (2016; The Daily Beast)

The government just admitted it will use smart home devices for spying” (2016; Trevor Timm, The Guardian)

Adm. Rogers Talks about Buying Cyberweapons” (2017; Bruce Schneier)

Connected Devices Give Spies a Powerful Way to Surveil” (2017; WIRED)

Here is a repository of the Snowden documents released so far by IC Off the Record, which clearly contains information on cyberwarfare as well as surveillance; here’s a repository of academic papers about cybersecurity; and here’s a repository of declassified US cyberwar/surveillance documents.

Here are some documentaries to watch on cyberwar:

Citizenfour” (2014; Laura Poitras)

Zero Days: Security Leaks for Sale” (2015; VPRO)

Cyberwar” (2016; VICE)

Zero Days” (2016; Alex Gibney)

Wikileaks, Edward Snowden, and Glenn Greenwald 0n Wikileaks’ new release:



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s