WikiLeaks dump first big test for new CIA head

AP17066538069685.jpg

This is Thursday, Jan. 12, 2017 file photo of the new CIA Director Michael Pompeo, as he testifies on Capitol Hill in Washington. WikiLeaks has published thousands of documents that it says come from the CIA's Center for Cyber Intelligence, a dramatic release that appears to give an eye-opening look at the intimate details of the agency's cyberespionage effort. (AP Photo/Manuel Balce Ceneta)

The WikiLeaks release poses one of the first big tests for Mike Pompeo, a former GOP congressman from Kansas, who is President Donald Trump’s new CIA director.

During his confirmation hearing, just two months ago, Pompeo was asked to assess America’s preparedness in the cyber domain.

More: Inside Vault7: Digging into WikiLeaks ‘Year Zero’ trove of CIA hacking docs
More: WikiLeaks claims to publish CIA cyber espionage toolkit

“We have an awful lot of work to do,” Pompeo told members of the Senate intelligence committee. He said there is “no reason to expect that this threat is going to diminish” and that work was needed by all of government to “achieve better cybersecurity for the national infrastructure, as well.”

Among the confidential documents published by WikiLeaks were a series of files purportedly attached to the CIA’s Operational Support Branch. They described tools and projects with exotic names, among them Time Stomper, Fight Club, Jukebox, Bartender, Wild Turkey and Margarita. Many of those tools contained no additional data, so it was unclear what the projects were designed to do.

But a separate accompanying file contains a welcome statement that hinted at the malware and intrusion instruments at the agency’s command: “Ah yeah, OSB Projects y’all! You know we got the dankest Trojans and collection tools for all your windows asset assist and ORC needs.”

It was not immediately clear what “ORC” stood for, although the acronym frequently refers to “Old Red Cracker,” a mysterious, early hacking pioneer who openly published directions for reverse-engineering software blueprints in efforts to identify vulnerabilities in them.