The material includes the secret source code of an “obfuscation” technique used by the CIA so its malware can evade detection by antivirus systems. The technique is used by all professional hackers, whether they work for the National Security Agency, Moscow’s FSB or the Chinese military. But because the code contains a specific algorithm, a digital fingerprint of sorts, it can now be used to identify CIA hacking operations that had previously been detected but not attributed.
“It’s one thing to say, ‘I got hacked.’ It’s another thing to say, ‘I got hacked by the CIA,’” said Jake Williams, founder of Rendition InfoSec, a cybersecurity firm. “I suspect this could cause some foreign policy issues down the road.”
If this source code is used in a majority of CIA hacking operations, Williams said, the release could be “devastating.”