Anti-secrecy organization Wikileaks published Thursday another trove of files purported to be from the United States Central Intelligence Agency. While the documents have historically shown the agency’s capabilities to spy on individuals and targets, the latest release shows how the CIA spied on other intelligence agencies.

The release focuses on a CIA program called ExpressLane, which can collect data from other intel organizations without their knowledge. Wikileaks suggests those partners may include the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS) and National Security Agency (NSA), though the documentation for the program does not name targets.

Those agencies, along with a number of other liaison services around the world, use a biometric collection system provided by the CIA’s Office of Technical Services (OTS).

STRUCTURE SECURITY -- USE THIS ONE
Newsweek is hosting a Structure Security Event in San Francisco, Sept. 26-27. Newsweek Media Group

The system—which is based on products from Cross Match, a U.S.-based company that manufactures biometric software for law enforcement and the intelligence community—is designed to share biometric data throughout the organizations using the system in order to broaden the collective database.

The sharing part of the program is optional and voluntary—which is where ExpressLane comes into play. If the CIA is suspicious that its partner organizations are holding out information, it can access that data on its own by deploying the ExpressLane program.

ExpressLane is disguised to appear like a software update, which the CIA will deliver in person with technicians on hand to install it. However, the supposed update make no changes to the program itself.

Instead, it operates as a siphon for data collected by the organization. ExpressLane records all data collected by the CIA partner and saves it to a thumb drive, which the CIA technicians can then use to compare to the shared database to see if the organization is holding back any information.

Anyone who has been prompted with a system update knows how easy it can be to put it off, and intelligence organizations are no exception to such practices. Should one of the agency’s partners decline the fake update, the CIA can trigger a kill switch that shuts down the biometrics program for a period of time. To get it back up and running, a CIA technician must visit the partner organization—at which point they can run ExpressLane.

The most recent user guide for the tool published by Wikileaks was dated May 11, 2009, with several older versions of the field guide also published without a date. It is not clear if the tool has undergone additional updates or is still in use by the CIA.

The release is the latest from WikiLeaks as part of its Vault 7 series, which has focused on releasing leaked documents from the CIA detailing the government agency’s technical capabilities.

Previous leaks have shown the intelligence group’s ability to compromise Apple devices, Windows machines, launch malware attacks, obfuscate the origins of an attack to hide its tracks, compromise Wi-Fi routers to track a target’s activity online, attack air-gapped computer networks, track the location of a target via Wi-Fi and intercept text messages sent on Android devices.