Of course, the CIA will not confirm or deny the nearly 10,000 pages of documents that were published by Wikileaks purportedly showing how the agency hacks into electronic devices, such as smart TVs, mobile phones, and messaging applications, even those with encryption technology. It could be one of the biggest breaches in the agency’s history, with some sources speaking to The New York Times and The Wall Street Journal noting that a) the documents looks authentic and b) it could be worse than the Snowden leak. We don’t know if these techniques have been used to spy on American citizens, but it could show how the government deliberately kept mobile phone devices vulnerable to cyber threats to ensure easier surveillance. On the other hand, some groups, like Cyber Statecraft Initiative at the Atlantic Council who are mentioned in the NYT piece, had hoped the CIA was investing in these types of methods since other nations and private actors were going to make the effort. Sort of a grim confirmation story (via NYT):
In what appears to be the largest leak of C.I.A documents in history, WikiLeaks released on Tuesday thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected televisions.The documents amount to a detailed, highly technical catalog of tools. They include instructions for compromising a wide range of common computer tools for use in spying: the online calling service Skype; Wi-Fi networks; documents in PDF format; and even commercial antivirus programs of the kind used by millions of people to protect their computers.
[…]
In one revelation that may especially trouble the tech world if confirmed, WikiLeaks said that the C.I.A. and allied intelligence services have managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram. According to WikiLeaks, government hackers can penetrate smartphones and collect “audio and message traffic before encryption is applied.”
[…]
There is no evidence that the C.I.A. hacking tools have been used against Americans. But Ben Wizner, the director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project, said the documents suggest that the government has deliberately allowed vulnerabilities in phones and other devices to persist to make spying easier.
“Those vulnerabilities will be exploited not just by our security agencies, but by hackers and governments around the world,” Mr. Wizner said. “Patching security holes immediately, not stockpiling them, is the best way to make everyone’s digital life safer.”
[…]
One program, code-named Weeping Angel, uses Samsung “smart” televisions as covert listening devices. According to the WikiLeaks news release, even when it appears to be turned off, the television “operates as a bug, recording conversations in the room and sending them over the internet to a covert C.I.A. server.”
The release said the program was developed in cooperation with British intelligence.
If C.I.A. agents did manage to hack the smart TVs, they would not be the only ones. Since their release, internet-connected televisions have been a focus for hackers and cybersecurity experts, many of whom see the sets’ ability to record and transmit conversations as a potentially dangerous vulnerability.
Recommended
Yet, the Times also noted another theory from James Lewis, a cybersecurity expert from the Center for Strategic and International Studies, who said that this was a hack from a foreign state, like Russia, who took the documents and gave them to Wikileaks for publication. We’ll see how that turns out.
Over at The Wall Street Journal, their sources said if authentic, this leak could be worse than when Edward Snowden, a former NSA employee, disclosed the programs and companies that assisted the National Security Agency in metadata collection:
One intelligence source said some of the information WikiLeaks released pertains to tools that the CIA uses to hack computers and other devices. This person said disclosing the information would jeopardize ongoing intelligence-gathering operations.The revelations were considered by many experts to be potentially more significant than the leaks by Mr. Snowden.
[…]
In one sense, Mr. Snowden provided a briefing book on U.S. surveillance, but the CIA leaks could provide the blueprints.
[…]
WikiLeaks said the information on CIA hacking came from an unidentified source who believes the spy agency’s hacking authorities “urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.”
The debate over whether Snowden is a patriot or a traitor rages on to this day. But in the meantime—the former NSA worker, who is currently living in Russia, said that the documents look genuine.
PSA: This incorrectly implies CIA hacked these apps / encryption. But the docs show iOS/Android are what got hacked - a much bigger problem. https://t.co/Bw9AkBpOdt
— Edward Snowden (@Snowden) March 7, 2017
If you're writing about the CIA/@Wikileaks story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe. pic.twitter.com/kYi0NC2mOp
— Edward Snowden (@Snowden) March 7, 2017
Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.
— Edward Snowden (@Snowden) March 7, 2017
Join the conversation as a VIP Member