USA TODAY International Edition
WIKILEAKS: CIA CAN HACK INTO PHONES, TVS — EVERYTHING
Intelligence agency has now ‘ lost control’ of most of its cyberattack arsenal, anti- secrecy site says
The crusading website WikiLeaks published thousands of documents Tuesday it says detail CIA tools for hacking into Web servers, computers, smartphones and even TVs that can be turned into covert microphones.
The website claims the CIA Center for Cyber Intelligence “lost control of the majority of its hacking arsenal,” more than several hundred million lines of code that provide “the entire hacking capacity of the CIA.”
Jake Williams, a security expert with the Georgia- based security firm Rendition Infosec, said the information will be used within days or weeks by hackers and the security firms that combat them.
“My first thought was ‘ Wow!’ quickly followed by the realization that this is a treasure trove of information,” he said. “We are regularly dealing with corporations being attacked by nation- state hacking groups. This gives us a lot of insight into how they do it.”
White House spokesman Sean Spicer, questioned at a news briefing, declined to comment on the release.
“These ( leaks) appear to be very, very serious,” House Intelligence Committee Chairman Devin Nunes, R- Calif., told reporters at a briefing. “We are extremely concerned, and we are following it closely.”
The documents indicate developers created programs in homage to popular culture, such as an implant for computers running Microsoft Windows dubbed “RickyBobby” after the Will Fer- rell character in the 2006 film Talladega Nights. A trojan spread via thumb drives was named “Fight Club,” a refer-
“The potential privacy concerns are mindboggling.” Rep. Ted Lieu, D- Calif.
ence to the 1996 novel and 1999 movie starring Brad Pitt. A smart TV project was called Weeping Angel — recurring villains in the
Doctor Who series who move only when no one is watching.
The CIA issued a statement declining comment on the “purported” documents. USA TODAY has not been able to confirm the authenticity of the documents nor seen anything in them to indicate the tools were used in the U. S. — or at all.
Rep. Ted Lieu, D- Calif., called for a congressional investigation into the details contained in the files. “The potential privacy concerns are mind- boggling,” said Lieu, who has a degree in computer science. “We need to know if the CIA lost control of its hacking tools, who may have those tools, and how do we now protect the privacy of Americans.”
WikiLeaks says the archive appears to have been circulated among former government hackers and contractors, one of whom provided WikiLeaks with por- tions of it. The website says the CIA hacking division involved “more than 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other ‘ weaponized’ malware.”
“Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook,” WikiLeaks says. “The CIA had created, in effect, its ‘ own NSA’ with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”
The source of the information, which WikiLeaks did not name, hopes the document dump will initiate “a public debate about the security, creation, use, proliferation and democratic control of cyberweapons,” the website says.
According to WikiLeaks, Apple’s iPhone, Google’s Android, Microsoft’s Windows and Samsung smart TVs were among the CIA’s targets. The TVs can be placed in a “fake off” mode so the owner believes the TV is off when it is on, the documents say. “In ‘ fake off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server,” WikiLeaks says.
Microsoft, Google and WhatsApp were among tech firms saying they were looking into the WikiLeaks report. Scott Vernick, a partner with the data security law firm of Fox Rothschild in Philadelphia, said the documents raise the question of whether the CIA shared its tools with the FBI for use in domestic investigations.
WikiLeaks released thousands of hacked Democratic National Committee emails ahead of last year’s presidential election in a cyberattack the U. S. intelligence community concluded was carried out by Russia in an attempt to interfere in the race. WikiLeaks has denied getting the emails from Russia, which also said it was not involved in the hacking.
Timothy Carone, a Notre Dame professor who specializes in data science, says the release reinforces the idea that all information in our lives can be acquired and leveraged in ways most people don’t even think about.
“Probably the most disturbing part of the story,” he says, “was that this information was being shared between former U. S. government hackers and contractors with no oversights and no authorization.”