Modern field guide to security and privacy

Did WikiLeaks just unmask CIA cyberoperations?

The antisecrecy site released a trove of alleged CIA hacking tools to break into iPhones, Android devices, and connected TV sets to carry out espionage operations.

|
Larry Downing/REUTERS
The lobby of the CIA Headquarters Building in Langley, Virginia, U.S. on August 14, 2008.

Nearly four years after Edward Snowden leaked top-secret details exposing National Security Agency surveillance programs, the US intelligence community is facing another crisis that could change the face of modern espionage.

On Tuesday, the antisecrecy site WikiLeaks began posting what it claims to be "the largest ever publication of confidential documents" on the CIA. The documents appear to reveal the agency's vast and technically sophisticated methods for exploiting security vulnerabilities in iPhones, Android devices, Samsung TV sets, and Microsoft systems to carry out covert cyberoperations.

"If this is what it pretends to be, it looks like a very extensive file of the tactics, techniques, procedures, targets, and political rules under which the Central Intelligence Agency conducts its computer network exploitation and other activities," Michael Hayden, former head of the CIA and National Security Agency, told NBC News on Tuesday.

For its part, a CIA spokesperson said, "We do not comment on the authenticity or content of purported intelligence documents."

WikiLeaks says its first batch from the CIA tranche includes 8,761 documents obtained from inside the agency's Center for Cyber Intelligence and "the majority of its hacking arsenal."

While many experts say it's too early to say for certain that all of the leaked computer programs are genuine, there's a growing consensus among cybersecurity experts that the leak has indeed exposed critical agency hacking tools. 

Leaking the computer code and methods, many experts say, could have far-reaching and potentially devastating ramifications not just for agency operations, but for companies and consumers because of the number of digital flaws revealed in the leaks, which WikiLeaks has dubbed Vault 7.

"I liken it to people handing out Kalashnikovs and grenades on the street," says Tom Kellermann, chief executive officer at Strategic Cyber Ventures. "It's not only about undermining confidence. These weapons can now be turned against US corporations and civilians."

The Vault 7 dump also appears to show the considerable efforts the agency has gone to compromise cybersecurity and antivirus software with high-grade software tools. For instance, previously unknown software flaws revealed in the leak – known as zero-day vulnerabilities – indicate the agency could intercept private chats by compromising iPhones and Android-enabled devices, nabbing messages that would be secured by apps such as Signal, WhatsApp, and Telegram before they are encrypted.

Other tools revealed in the dump provided various techniques for the agency to infect systems and swipe sensitive documents. One tool, referred to as "HammerDrill," could apparently let CIA operatives break into "air gapped" facilities that are physically isolated from insecure networks.

Another flaw in Samsung smart TVs, called "Weeping Angel," purportedly developed in tandem with British intelligence, could allow snoopers to listen in on conversations by appearing to power off the device while secretly uploading recordings to a remote server.

The documents, that WikiLeaks says originate from 2013 to 2016, indicate that the CIA allowed agents to use the US consulate in Frankfurt as a base for digital espionage efforts around the globe, including in Europe, the Middle East, and Africa, providing a diplomatic cover and guises to get past customs.

"The stuff that's represented in the documents – there's even source code – these are things that are effectively burned," says Jake Williams, a former Pentagon software analyst who currently works at the cybersecurity firm Rendition Infosec.

Now that the vulnerabilities have been revealed, tech companies will begin updating their systems to repair their vulnerabilities. "People will start pushing out antivirus signatures by tomorrow," he says. 

The intelligence community has long relied on faulty software in consumer and corporate networks to carry out espionage operations. Yet it remains unclear how much the WikiLeaks dump – if legitimate – will impact the agency's secret stockpile of zero days.

In 2015, NSA Director Adm. Michael Rogers said his agency disclosed more than 90 percent of the software vulnerabilities it found to software vendors and developers. A Columbia University study last summer estimated that the NSA's vulnerability stockpile was "in the dozens," though it didn't offer a figure for the CIA. The White House has its own process by which it can disclose or retain software vulnerabilities used by intelligence and law enforcement agencies – but it is not required to make those decisions public. 

"The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open," Mr. Snowden tweeted Tuesday. "Reckless beyond words."  

Snowden's leaks in 2013 exposed a variety of top-secret NSA digital surveillance efforts, including the PRISM program that allowed agents to search internet data from around the world. As a result of those disclosures, President Obama signed the USA Freedom Act that limited intelligence agencies' ability to obtain data from communications providers. 

WikiLeaks has not revealed the source of the Vault 7 leaks but appeared to indicate the leaks came from an agency insider, raising new questions about questions about the security of sensitive cyberintelligence efforts.

Earlier this year, former NSA contractor Harold Martin was charged with unlawfully retaining classified information for walking out of the agency with an extensive trove of top-secret documents. 

"After Snowden, there was a huge effort to lock down this kind of information," says James Lewis, a senior fellow at the Center for Strategic and International Studies, a Washington think tank. "If it failed, they're going to want to know why."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Did WikiLeaks just unmask CIA cyberoperations?
Read this article in
https://www.csmonitor.com/World/Passcode/2017/0307/Did-WikiLeaks-just-unmask-CIA-cyberoperations
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe