Files re­veal CIA hack­ing tools, Wik­iLeaks says

In­ter­net-con­nected TVs, smart­phones, com­put­ers re­port­edly vul­ner­a­ble.

Austin American-Statesman - - FRONT PAGE - Scott Shane, Mark Mazzetti and Matthew Rosen­berg

WASH­ING­TON — Wik­iLeaks on Tues­day re­leased thou­sands of doc­u­ments that it said de­scribed so­phis­ti­cated soft­ware tools used by the CIA to break into smart­phones, com­put­ers and even In­ter­net-con­nected tele­vi­sions.

If the doc­u­ments are au­then­tic, the re­lease would be the lat­est coup for the anti-se­crecy or­ga­ni­za­tion and a se­ri­ous blow to the CIA.

The ini­tial re­lease, which Wik­iLeaks said was only the first part of the doc­u­ment col­lec­tion, in­cluded 7,818 web pages with 943 at­tach­ments, the group said. The en­tire ar­chive of CIA ma­te­rial con­sists of sev­eral hun­dred mil­lion lines of com­puter code, it said.

Among other dis­clo­sures that, if con­firmed, would rock the tech­nol­ogy world, the Wik­iLeaks re­lease said that the CIA and al­lied in­tel­li­gence ser­vices had man­aged to by­pass en­cryp­tion on pop­u­lar phone and mes­sag­ing ser­vices such as Sig­nal, What­sApp and Tele­gram. Ac­cord­ing to the state­ment from Wik­iLeaks, gov­ern­ment hack­ers can pen­e­trate An­droid phones and col­lect “au­dio and mes­sage traf­fic be­fore en­cryp­tion is ap­plied.”

It also said they can even use turned-off TVs as mon­i­tor­ing de­vices.

Miss­ing from Wik­iLeaks’ trove are the ac­tual hack­ing tools them­selves, some of which were de­vel­oped by gov­ern­ment hack­ers while oth­ers were pur­chased from out­siders. Wik­iLeaks said

it planned to avoid dis­tribut­ing tools “un­til a con­sen­sus emerges” on the po­lit­i­cal na­ture of the CIA’s pro­gram and how such soft­ware could be an­a­lyzed, dis­armed and pub­lished.

Tues­day’s dis­clo­sure left anx­ious con­sumers who use the prod­ucts with lit­tle re­course, since re­pair­ing the soft­ware vul­ner­a­bil­i­ties in ways that might block the tools’ ef­fec­tive­ness is the re­spon­si­bil­ity of lead­ing tech­nol­ogy com­pa­nies.

The source of the doc­u­ments was not named. Wik­iLeaks said the doc­u­ments, which it called Vault 7, had been “cir­cu­lated among for­mer U.S. gov­ern­ment hack­ers and con­trac­tors in an unau­tho­rized man­ner, one of whom has pro­vided Wik­iLeaks with por­tions of the ar­chive.”

Wik­iLeaks said the source, in a state­ment, set out pol­icy ques­tions that “ur­gently need to be de­bated in pub­lic, in­clud­ing whether the CIA’s hack­ing ca­pa­bil­i­ties ex­ceed its man­dated pow­ers and the prob­lem of pub­lic over­sight of the agency.” The source, the group said, “wishes to ini­ti­ate a pub­lic de­bate about the se­cu­rity, cre­ation, use, pro­lif­er­a­tion and demo­cratic con­trol of cy­ber­weapons.”

The doc­u­ments, from the CIA’s Cen­ter for Cy­ber In­tel­li­gence, are dated from 2013 to 2016 and Wik­iLeaks de­scribed them as “the largest ever pub­li­ca­tion of con­fi­den­tial doc­u­ments on the agency.” One for­mer in­tel­li­gence of­fi­cer who briefly re­viewed the doc­u­ments on Tues­day said some of the code names for CIA pro­grams, an or­ga­ni­za­tion chart and the de­scrip­tion of a CIA hack­ing base ap­peared to be gen­uine.

CIA spokesman Dean Boyd said, “We do not com­ment on the au­then­tic­ity or con­tent of pur­ported in­tel­li­gence doc­u­ments.”

Some of the de­tails of the CIA pro­grams might have come from the plot of a spy novel for the cy­ber­age, re­veal­ing nu­mer­ous highly clas­si­fied hack­ing pro­grams. One, code-named Weep­ing An­gel, uses Sam­sung “smart” tele­vi­sions as covert lis­ten­ing de­vices. Ac­cord­ing to the Wik­iLeaks news re­lease, even when it ap­pears to be turned off, the tele­vi­sion “op­er­ates as a bug, record­ing con­ver­sa­tions in the room and send­ing them over the in­ter­net to a covert CIA server.”

The re­lease said the pro­gram was de­vel­oped in co­op­er­a­tion with Bri­tish in­tel­li­gence.

If CIA agents did man­age to hack the smart TVs, they would not be the only ones. Since their re­lease, in­ter­net-con­nected tele­vi­sions have been a fo­cus for hack­ers and cy­ber­se­cu­rity ex­perts, many of whom see the sets’ abil­ity to record and trans­mit con­ver­sa­tions as a po­ten­tially dan­ger­ous vul­ner­a­bil­ity.

In early 2015, Sam­sung ap­peared to ac­knowl­edge the tele­vi­sions posed a risk to pri­vacy. The fine print terms of ser­vice in­cluded with its smart TVs said that the tele­vi­sion sets could cap­ture back­ground con­ver­sa­tions, and that they could be passed on to third par­ties.

The com­pany also pro­vided a re­mark­ably blunt warn­ing: “Please be aware that if your spo­ken words in­clude per­sonal or other sen­si­tive in­for­ma­tion, that in­for­ma­tion will be among the data cap­tured and trans­mit­ted to a third party through your use of Voice Recog­ni­tion.”

An­other pro­gram de­scribed in the doc­u­ments, named Um­brage, is a vo­lu­mi­nous li­brary of cy­ber­at­tack tech­niques that the CIA has col­lected from mal­ware pro­duced by other coun­tries, in­clud­ing Rus­sia. Ac­cord­ing to the Wik­iLeaks re­lease, the large num­ber of tech­niques al­lows the CIA to mask the ori­gin of some of its cy­ber­at­tacks and con­fuse foren­sic in­ves­ti­ga­tors.

As­sum­ing the re­lease is au­then­tic, it marks the lat­est in a se­ries of huge leaks that have changed the land­scape for gov­ern­ment and cor­po­rate se­crecy.

In scale, the Vault 7 ar­chive ap­pears to fall into the same cat­e­gory as the big­gest leaks of clas­si­fied in­for­ma­tion in re­cent years, in­clud­ing the quar­ter-mil­lion diplo­matic ca­bles taken by Chelsea Man­ning, the for­mer Army in­tel­li­gence an­a­lyst, and given to Wik­iLeaks in 2010, and the hun­dreds of thou­sands of doc­u­ments taken from the Na­tional Se­cu­rity Agency by Ed­ward Snow­den and given to jour­nal­ists in 2013.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.