ExpressLane: WikiLeaks' latest dump reveals CIA's covert tool used to steal data from intel allies

WikiLeaks published another cache of CIA documents on Thursday (24 August) that detail the agency's program called "ExpressLane", which allegedly allows the agency to collect biometric data from other intelligence partners without their knowledge.

The documents, which date back to 2009, highlight how the CIA's secret cyber operation is designed to be deployed alongside a biometric collection system that is provided to its partner agencies and liaison services around the world.

"The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world – with the expectation for sharing of the biometric takes collected on the systems," WikiLeaks said in a release.

"But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services."

According to the user manual, ExpressLane v3.1.1 was created to support the OTS/I2C [Office of Technical Service/Identity Intelligence Center] system to verify that biometric data was being shared with the CIA.

It also "provides an ability to disable the biometric software if the liaison doesn't provide the Agency with continued access."

ExpressLane can be installed in advance before the biometric system is delivered to a partner agency or as part of a later system update.

If installed under the guise of a software update, the program is delivered by the CIA's OTS officers who maintain the system. However, the apparent update itself makes no changes to the original program.

"Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen," WikiLeaks notes.

The program secretly relays the targeted systems' data to a thumb drive that the CIA can later examine to see if a partner agency has been holding back any information.

If a partner agency refuses to "upgrade" its system or meet the terms of their agreement, ExpressLane comes with a hidden kill-switch that can shut down the entire system by a specified "kill date".

The partner agency must then call the CIA back to fix the software or no longer use it altogether.

The OTS system's core components are based on products from Cross Match, a US-based firm that specialises in biometric software for law enforcement and the intelligence community.

It is not clear which intelligence partners the program has been used on, if the program is still being used by the CIA or if it has undergone additional updates.

According to WikiLeaks, the program has been used against a number of US agencies, including the FBI, Department of Homeland Security and the National Security Agency (NSA), "among many others".

The latest trove of documents, which date back to 2009, released by WikiLeaks marks the 20th instalment in the whistleblowing outfit's "Vault 7 series" of leaks. Since March, the organisation founded by Julian Assange has been steadily releasing alleged CIA documents that details the agency's wide array of hacking and cyberspying tools and capabilities.

The new dump also comes as a bill is being proposed by the US Senate Intelligence Committee that aims to officially label WikiLeaks as a "non-state hostile intelligence service".

Assange slammed the "absurd" move. "It is equivalent to suggesting that the CIA is a media organisation. Publishers publish what they obtain. Intelligence agencies do not," Assange said in a statement via Twitter.

"At their best, media organisations publish boldly and accurately and do not hide what they discover from the public. In contrast, intelligence agencies conceal information and spread propaganda. There is a clearly discernible spectrum. WikiLeaks resides on the very most 'publishing' end."