WikiLeaks indicated that it obtained the files from a current or former CIA contractor, saying that "the archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive".
"At first glance," the data release "is probably legitimate or contains a lot of legitimate stuff, which means somebody managed to extract a lot of data from a classified CIA system and is willing to let the world know that," said Nicholas Weaver, a computer security researcher at the University of California at Berkeley.
Faking a large quantity of data is difficult, but not impossible, he noted. Weaver said he knows of one case of WikiLeaks deliberately neglecting to include a document in a data release and one case of WikiLeaks deliberately mislabelling stolen data, "but no cases yet of deliberately fraudulent information."
US officials also allege WikiLeaks has ties to Russian intelligence agencies. The website posted thousands of emails stolen from Democratic Party computer networks during the 2016 presidential campaign, files that US intelligence agencies concluded were obtained and turned over to WikiLeaks as part of a cyber campaign orchestrated by the Kremlin.
US intelligence officials appeared to have been caught off guard by today's disclosure. Senior White House and Pentagon officials had not been aware of the breach.
One US official said investigators were only beginning to look at the files being posted online and declined to say whether the CIA had anticipated the leak or warned other agencies.
"We'll see what it is whenever they release the codes," said the official.
WikiLeaks said the trove comprised tools - including malware, viruses, trojans and weaponised "zero day" exploits - developed by a CIA entity known as the Engineering Development Group, part of a sprawling cyber directorate created in recent years as the agency shifted resources and attention to online espionage.
The digital files are designed to exploit vulnerabilities in consumer devices including Apple's iPhone, Google's Android software and Samsung television sets, according to WikiLeaks, which labelled the trove "Year Zero."
In its news release, WikiLeaks said the files enable the agency to bypass popular encryption-enabled applications - including WhatsApp, Signal and Telegram - used by millions of people to safeguard their communications.
But experts said that rather than defeating the encryption of those applications, the CIA's methods rely on exploiting vulnerabilities in the devices on which they are installed, a method referred to as "hacking the endpoint".
WikiLeaks said the files were created between 2013 and 2016, and that it would only publish a portion of the archive - redacting some sensitive samples of code - "until a consensus emerges on the technical and political nature of the CIA's programme."
The data release alarmed cybersecurity experts.
"This is explosive," said Jake Williams, founder of Rendition Infosec, a cybersecurity firm. The material highlights specific anti-virus products that can be defeated, going further than a release of NSA hacking tools last year, he said. The CIA hackers, according to WikiLeaks, even "discussed what the NSA's . . . hackers did wrong and how the CIA's malware makers could avoid similar exposure."
