There's a shadow looming over WikiLeaks and, remarkably, the outline resembles Russian President Vladimir Putin. The whistleblowing website's latest release – a cache of CIA documents allegedly detailing its hacking capabilities – is leading to yet more speculation about suspected Kremlin ties.
Last year, the US repeatedly accused WikiLeaks of being part of a scheme to help elect Donald Trump using a mixture of cyber-espionage and misinformation. It said leaks – such as 19,000 emails from the Democratic National Committee (DNC) – were obtained from a Russian hacking group.
The source of the latest CIA disclosure remains unknown, but WikiLeaks, in an analysis released on 7 March, said the massive archive was likely stolen and provided by a "former US government hacker" or a rogue contactor. It painted the picture of an insider threat, not a nation-state government.
"I strongly doubt this is the case," wrote Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, California, in a blog post for Lawfare.
"It would be a pretty extreme violation for someone with a Top Secret clearance to spread this archive around, and it is exceedingly strange a 'whistleblower' would use WikiLeaks," he continued.
"To my mind, there are pretty limited suspects who would have both the capability of exfiltrating from a Top Secret CIA network and who would want to both boast about it and damage the CIA by releasing this archive to WikiLeaks. Presumably more information will emerge on this."
The leak consisted of over 8,000 files and documents – which WikiLeaks says is "less than 1%" of the total release.
However, as the dust settled and security experts poured over the stolen information, many quickly speculated on the true source – and motivation – of the person (or group) responsible for the publication that WikiLeaks dubbed "Vault 7". The website promised more leaks are incoming.
"The smoke keeps getting thicker and thicker and thicker," John McLaughlin, former acting director of the CIA told MSNBC on 8 March (Wednesday). "We have to understand that WikiLeaks is now an instrument of the Russian government," he asserted bluntly.
He added: "It's odd that an institution, WikiLeaks, which is clearly linked to Russia, takes this action during a week when the president has created yet another problem for himself with the nutty tweets that he did over the weekend that once again threw the spotlight on this Russia story.
"That's the thing that stands out most for me."
As McLaughlin noted, Trump has been dogged by accusations of links to Russia since entering the White House. Most recently, it emerged he had previously met with the Russian ambassador to the US during a VIP reception during his election campaign – despite previous denials.
On 5 March, he fuelled the Russia story, tweeting: "Is it true the DNC would not allow the FBI access to check server or other equipment after learning it was hacked? Who was it that secretly said to Russian President, 'Tell Vladimir that after the election I'll have more flexibility?'"
According to Bruce Schneier, a cryptography expert, the leak appears to have come from an outsider rather than a rogue CIA staffer. He said it had similarities to the 2016 leak of alleged National Security Agency (NSA) hacking tools by a mysterious group called Shadow Brokers.
He wrote: "My reasoning: One, there is absolutely nothing illegal in the contents of any of this stuff. It's exactly what you'd expect the CIA to be doing in cyberspace.
"That makes the whistleblower motive less likely.
"And two, the documents are a few years old, making this more like the Shadow Brokers than Edward Snowden. An internal leaker would leak quickly.
"A foreign intelligence agency – like the Russians – would use the documents while they were fresh and valuable, and only expose them when the embarrassment value was greater."
But Schneier admitted his thoughts – like anyone discussing the topic at this point – were largely speculation. Other prominent national security experts have different opinions on the source of the leaked information. Reuters has reported the agency itself has said it was likely a contractor.
Matt Tait, a former computer expert with UK intelligence service GCHQ, tweeted on 9 March: "Worth pointing out the docs leaked so far in 'Vault 7' are all from a single vantage point inside a capability development team."
Another tweeted added that this "tips [the] working hypothesis towards a malicious insider rather than a sustained hack against CIA with attackers moving round network."
In a statement, the CIA said it had no comment about the authenticity of the "purported intelligence documents" released by WikiLeaks but it did elaborate on a number of key points. The agency called out the whistleblowing website, indicating lives could be put at risk.
"The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Communities ability to protect America," a spokesperson said.
"Such disclosures not only jeopardise US personnel and operations but also equip our adversaries with tools and information to do us harm," the agency added.
The statement stressed it is the CIA's job to stay "innovative, cutting-edge and the first line of defence" in protecting the US against foreign enemies, and said it will continue to "aggressively collect" foreign intelligence information overseas.
It did not specifically mention Russia, or any other nation the statement branded as "hostile".
The US government shows no sign of changing its opinion that WikiLeaks is linked to the Kremlin's intelligence services. It is a claim that has been consistently denied by both the website's founder, Julian Assange, and Russian president Vladimir Putin.
"We assess with high confidence that the GRU relayed material it acquired from the DNC and senior Democratic officials to WikiLeaks. Moscow most likely chose WikiLeaks because of its self-proclaimed reputation for authenticity," US intelligence said in a statement back in January.
US press secretary, Sean Spicer, said Trump (despite previously tweeting "I love WikiLeaks") is taking the leaks seriously.
"There is a big difference between disclosing John Podesta's email accounts about a back and forth and his undermining of Hillary Clinton and his thoughts on her of a personal nature and the leaking of classified information," he said. "There is a massive, massive difference."