WikiLeaks: CIA can hack into servers, phones, TVs
Documents that purportedly detail methods published
crusading website WikiLeaks published thousands of documents Tuesday it says detail CIA tools for hacking into web servers, computers, smartphones and even TVs that can be turned into covert microphones.
The website claims the CIA Center for Cyber Intelligence “lost control of the majority of its hacking arsenal,” more than several hundred million lines of code that provide “the entire hacking capacity of the CIA.”
Jake Williams, a security expert with the Georgia-based security firm Rendition Infosec, said the information will be used within days or weeks by hackers and the security firms that combat them.
“My first thought was ‘Wow!’ quickly followed by the realization that this is a treasure trove of information,” he said. “We are regularly dealing with corporations being attacked by nation-state hacking groups. This gives us a lot of insight into how they do it.”
White House spokesman Sean Spicer, questioned at a press briefing, declined to comment on the release. Rep. Ted Lieu, D-Calif., issued a statement calling for a congressional investigation.
“The potential privacy concerns are mind-boggling,” said Lieu, who has a degree in computer science. “We need to know if the CIA lost control of its hacking tools, who may have those tools, and how do we now protect the privacy of Americans.”
The documents indicate developers created programs in homage to popular culture, such as an implant for computers running Microsoft Windows dubbed “RickyBobby” after the Will Ferrell character in the 2006 film “Talladega Nights.” A trojan spread via thumb drives was named “Fight Club,” a reference to the 1996 novel and 1999 movie with Brad Pitt. A smart TV project was called Weeping Angel — recurThe ring villains in the “Doctor Who” series.
The CIA issued a statement declining to comment on the “purported” documents. USA TODAY has not yet been able to confirm the authenticity of the documents nor seen anything in them to indicate the tools were used in the U.S. — or at all.
WikiLeaks says the archive appears to have been circulated among former government hackers and contractors, one of whom provided WikiLeaks with portions of it. The website says the CIA hacking division involved “more than 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other ‘weaponized’ malware.”
“Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook,” WikiLeaks claims. “The CIA had created, in effect, its ‘own NSA’ with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”
The source of the information, which WikiLeaks did not name, hopes the document dump will initiate “a public debate about the security, creation, use, proliferation and democratic control of cyberweapons,” the website says.
According to WikiLeaks, Apple’s iPhone, Google’s Android, Microsoft’s Windows and Samsung smart TVs were among CIA targets. The TVs can be placed in a “fake off” mode, so the owner falsely believes the TV is off when it is on, the documents say. “In ‘fake off’ mode the TV operates as a bug, recording conversations in the room and sending them over the internet to a covert CIA server,” WikiLeaks says.
The notes indicate one of the developers’ major challenges was maintaining an internet connection for long periods of time after the TVs were shut off by owners. There are notes indicating the teams hoped to extend that period to as long as 24 to 72 hours.
The tech firms looking into the WikiLeaks report included Microsoft, Google and WhatsApp.