Nevertheless, WikiLeaks claims it might have evidence that the agency spied on targets in the U.S. From the stolen documents, it's found 22,000 IP addresses that allegedly correspond to computers systems within the country. However, so far, WikiLeaks has yet to release more details.
Until it does, it's hard to say what any of those addresses might signify, said Alex Heid, chief research officer at Security Scorecard.
"Just because the IP address is being hosted within the USA, doesn't mean an American citizen was making use of it," he said.
However, the CIA certainly has a history of domestic spying in the U.S., Heid added. The CIA itself was involved in the illegal surveillance of journalists, antiwar protestors, and suspected communists from the 1950s to the 1970s.
Since then, the CIA has undergone reforms. And the agency has said it's "legally prohibited" from conducting electronic surveillance targeting anyone in the country.
But that doesn't mean the CIA can't find ways to work around those restrictions. The agency can actually request the FBI collect data in the U.S. for it. In fact, it can lend the FBI hand with the surveillance by offering "specialized equipment and technical knowledge," according to a government executive order.
There isn’t much information on how the CIA follows these rules in practice, said Nate Cardozo, a staff attorney with privacy advocate the Electronic Frontier Foundation. But he wonders if these leaked CIA hacking tools were also in the hands of other federal U.S. agencies, such as the FBI and Department of Homeland Security, which can investigate U.S. citizens.
Given that WikiLeaks obtained a copy, it's also unclear if any foreign government or malicious hackers might have this hacking tech as well.
"The CIA developed these powerful tools and lost control of them," Cardozo said. "So who knows who else has control over these tools? That's the most frightening thing to me."
Sign up for CIO Asia eNewsletters.