Wikileaks 'Vault 7' Dump Reveals the CIA's Automated Hacking Operation

Getty Images / Carl Court

On Tuesday, Wikileaks dumped a massive trove of leaked data from inside the CIA. It’s called Vault 7 and it reveals the existence of a sprawling hacking program that exists largely in parallel to the NSA’s controversial powers.

Throughout the documents, which will no doubt continue produce headlines for weeks, are references to a group called the Automated Impact Branch (AIB), which is dedicated to making CIA hacking an autonomous operation.

Details are still surfacing, but it’s clear that the AIB has developed a variety of tools for autonomously infecting a wide variety of systems and devices, and autonomously acting with those infected devices. Revelations of this dedicated group of coders could end up being far more explosive than the more predictable aggressive hacking tools and checklists for avoiding notice by the public.

According to the sparse documentation currently contained in the leak (more may be released later), the AIB’s mission is simple: “Develop and sustain a world class automated implant program.”

This goal reflects a shift in focus in cyber-security toward infecting systems to which no human agent can gain access.

The classic example of such a program is Stuxnet, the American-Israeli joint cyber weapon designed to cripple Iran’s nuclear program. Stuxnet infamously spread according to its own decision making processes, once released, and used an incredibly powerful array of zero-day exploits to do it; though Stuxnet did end up having some effect on Iran’s nuclear ambitions, it also autonomously infected computers all over the world, including many within the United States government.

Getty Images / Mark Wilson

On the other hand, there is also a growing preference (and perhaps even need) for the ability to launch cyber-attacks and responses far more quickly than any human. Of all the NSA hacking programs revealed by Edward Snowden, the one that the former intelligence contractor believed to be the most worrying was called MonsterMind. In his only unilateral leak thus far, Snowden revealed MonsterMind to be an automated platform designed to target and launch cyber-attacks without any human intervention — and now, the CIA has been revealed to be developing a suite of tools that could do much the same thing. Though it would presumably be targeted for intelligence gathering purposes, rather than pure national security, it could be just as unpredictable and unaccountable.


One of the revealed AIB programs is called Grasshopper, and it automatically surveys a target, picks its install route, and installs itself, allegedly impervious to virus scanners including 360 Safe, Kaspersky Internet Security Suite, Microsoft Security Essentials, Rising Internet Security, and Symantec End Point Protection. Once there, the Grasshopper documentation claims that it “shall provide a global rule that is evaluated to determine whether to run.”

In a February 2015 discussion of how to avoid the detections that plagued NSA’s Equation Group, one unnamed CIA participant said that, “I think we should try to think of ways to automate a lot of our code/technique tracking.”

Inverse will keep reporting on these leaks, as more information and analysis becomes available.