IS YOUR PHONE A SPY?
WikiLeaks claims CIA can crack electronics
The Central Intelligence Agency’s hackers have developed tools letting them break into devices from iPhones and Android phones to Samsung Smart TVs to monitor conversations and messages, according to antisecrecy group WikiLeaks.
WikiLeaks posted 8,761 documents and files Tuesday that it said came from the CIA’s Center for Cyber Intelligence.
The trove, if legitimate, discloses malware, viruses, security vulnerabilities known as “zero days” and several hundred million lines of code used by the CIA. It also reveals that the agency has the ability to break into devices and intercept messages before they can be encrypted by applications such as Facebook’s WhatsApp, Signal, Telegram and Confide.
“At first glance it is probably legit or contains a lot of legitimate stuff, which means somebody managed to extract a lot of data from a classified CIA system and is willing to let the world know that,” Nicholas Weaver, a senior researcher at the International Computer Science Institute at the University of California at Berkeley, said in an email.
WikiLeaks boasted Tuesday that its CIA leak “eclipses” the number of pages in Edward Snowden’s 2013 disclosures of National Security Agency programs.
“It could be potentially more dangerous than Snowden,” said Bob Stasio, a fellow at the Truman National Security Project. “The Snowden leaks were damaging but were never linked to an actual threat of life that we know of. If this leak turns out to be genuine, the lives of people who have worked with the CIA could be at risk.”
The documents show broad exchanges of tools and information among the CIA, NSA and other U.S. intelligence agencies, as well as intelligence services of close allies such as Canada, Australia, New Zealand and the United Kingdom.
In an analysis, WikiLeaks said the CIA’s Remote Devices Branch has a group called UMBRAGE, which maintains a “substantial library” of attack methods from malware produced in other countries, including Russia.
WikiLeaks said the CIA documents showed the agency is able to defeat encryption on popular applications such as WhatsApp by simply hacking into the devices “that they run on and collecting audio and message traffic before encryption is applied.”
WhatsApp has 1.2 billion monthly users.
WikiLeaks said the material it disclosed “appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
While the material may reveal sensitive CIA techniques, it doesn’t list “executables or exploits” — details on actual attacks that have been carried out and the targets — according to Weaver, who was beginning to analyze the documents.
Google’s Android runs more than 85 per cent of the world’s smartphones, while Apple’s iOS runs 13 per cent, according to research firm IDC.
The tools described in the documents carried bizarre names, including Time Stomper, Fight Club, Jukebox, Bartender, Wild Turkey, Margarita and “RickyBobby,” a race car-driving character in the comedy film, Talladega Nights.
That RickyBobby tool, the documents said, was intended to plant and harvest files on computers running “newer versions of Microsoft Windows and Windows Server.”
It operated “as a lightweight implant for target computers” without raising warnings from antivirus or intrusion-detection software. It took advantage of files Microsoft built into Windows since at least 10 years ago.
The files include comments by CIA hackers boasting in slang language of their prowess: “You know we got the dankest Trojans and collection tools,” one reads.
WikiLeaks said it redacted and removed some identifying information in the content, including tens of thousands of “CIA targets and attack machines’’ in Latin America, Europe, and the U.S.
The group said it has withheld releasing “armed” cyberweapons until “a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.”
The leaked documents show that the government has “deliberately maintained vulnerabilities in the most common devices used by hundreds of millions of people,” Ben Wizner, director of the ACLU Speech, Privacy and Technology Project, said in a statement.
“Those vulnerabilities will be exploited not just by our security agencies, but by hackers and governments around the world.”
Last year, WikiLeaks posted thousands of stolen emails to and from Democrat Hillary Clinton’s presidential campaign chairman. WikiLeaks has denied that it obtained the Clinton emails from Russia, which U.S. intelligence agencies have said was responsible for hacking during last year’s campaign to hurt Clinton and, ultimately, help Donald Trump win the White House.
CIA spokesman Jonathan Liu said in an email: “We do not comment on the authenticity or content of purported intelligence documents.”