Well, that didn’t take long.
Within hours of WikiLeaks publishing thousands of CIA documents on Tuesday, pro-Russian websites began pushing a new theory that absolves Russia of the cyberattacks that upended the Democratic Party last summer.
Among files that reveal how the Central Intelligence Agency is able to hack smartphones and internet-connected TVs, WikiLeaks disclosed that a subdivision of the CIA, known as “Umbrage,” maintains a catalog of malware derived from various sources, including foreign cyberespionage groups. This library of exploits may be used by CIA to “provide functional code snippets that can be rapidly combined into custom solutions,” one of the WikiLeaks-release documents says.
In other words—for the sake of expediency—the agency uses existing code from malicious tools discovered “in the wild” to piece together its own custom malware rather than create every tool it uses from scratch.
Umbrage is the first CIA operation highlighted by WikiLeaks in its press release under a section describing “examples” of “around 500 different projects” uncovered in the leak. (Only a fraction of the projects are disclosed in the first release, which WikiLeaks has dubbed “Year Zero.”)
WikiLeaks tweeted that this collection of malware must be used by the CIA to conduct “false flag” attacks because the borrowed code would contain “fingerprints” pointing forensic investigators towards the code’s creator rather than the CIA itself.
CIA steals other groups virus and malware facilitating false flag attacks #Vault7 https://t.co/K7wFTdlC82 pic.twitter.com/Z0nat1Lqsv
— WikiLeaks (@wikileaks) March 7, 2017
All of this immediately gave rise to a new conspiracy theory: the CIA must have hacked the Democratic National Committee itself and blamed Russia. The website Sputnik International, which is owned and operated by the Russian government, was happy to entertain this theory, as was the “citizen journalism” website Russia Insider, which asserted that any evidence of hacking that points to Russia “must now be dismissed as either fake or meaningless.”
Milo Yiannopoulos, the former Breitbart editor who resigned last month after a video circulated in which he appeared to endorse sexual relations with 13-year-old boys, also began pushing the theory on his personal website under the headline: “Did the CIA deliberately mimic Russian hacking protocols?”
(Disclosure: Yiannopoulos was the founder of the Kernel, a publication the Daily Dot acquired in 2014.)
Others joined suit on Twitter:
CIA uses techniques to make cyber attacks look like they originated from enemy state. It turns DNC/Russia hack allegation by CIA into a JOKE
— Kim Dotcom (@KimDotcom) March 7, 2017
Russia said they hacked nothing. Assange said Russia didn’t provide the emails. Now we learn CIA can make a hack “look” like Russia.
— Bill Mitchell (@mitchellvii) March 7, 2017
https://twitter.com/Potatomed/status/839198635271286784
https://twitter.com/lindsey_genung/status/839205053693116417
While the “component library” of the CIA files note that the code is “borrowed from in-the-wild malware”—meaning malware that has already been detected or exposed in some fashion—WikiLeaks described the tools as “attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.” WikiLeaks did not highlight in its press release any other countries from which the Umbrage malware supposedly originates.
Of course, there’s nothing particularly controversial about the CIA accumulating malware. Prior to the publication of the so-called “Vault 7” files, it was widely accepted that the CIA—like the National Security Agency—frequently uses hacking tools, including those not created by American coders. Any number of cybersecurity experts familiar with attacks by “state actors” would have gladly admitted as much, even before the WikiLeaks release.
While reporting in December that a U.S. cybersecurity firm was “highly confident” that Russia was behind the DNC attack, the Daily Dot noted that, “Attribution with regards to cyberattacks is difficult and often problematic,” adding: “Malware can be stolen; it can be re-packaged and sold on the black market; and it can be used as well to throw off investigators.”
That these new CIA documents help illustrate how nebulous cyberthreat attribution can be is a good thing. But ultimately, they offer no proof that the CIA had any hand in hacking the Democrats.