views
Anti-secrecy group WikiLeaks published what it said were thousands of pages of internal CIA discussions about hacking techniques used over several years, renewing concerns about the security of consumer electronics and embarrassing yet another U.S. intelligence agency.
The discussion transcripts showed that CIA hackers could get into Apple Inc iPhones, Google Inc Android devices and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.
Read more: WikiLeaks Publishes CIA Trove Alleging Wide-scale Hacking
Cyber security experts disagreed about the extent of the fallout from the data dump, but said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage.
Read more: China Set to Launch World's First Hack-Proof Quantum Communication Satellite
Reuters could not immediately verify the contents of the published documents, but several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.
The files did not indicate the actual encryption of Signal or other secure messaging apps had been compromised.
The information in what WikiLeaks said were 7,818 web pages with 943 attachments appears to represent the latest breach in recent years of classified material from U.S. intelligence agencies.
"This is a big dump about extremely sophisticated tools that can be used to target individual user devices ... I haven’t yet come across the mass exploiting of mobile devices," said Tarah Wheeler, senior director of engineering and principal security advocate for Symantec.
Stuart McClure, CEO of Cylance, an Irvine, California, cyber security firm, said that one of the most significant disclosures shows how CIA hackers cover their tracks by leaving electronic trails suggesting they are from Russia, China and Iran rather than the United States.
Other revelations show how the CIA took advantage of vulnerabilities that are known, if not widely publicised.
The CIA and White House declined to comment. "We do not comment on the authenticity or content of purported intelligence documents," CIA spokesman Jonathan Liu said in a statement.
Snowden on Twitter said the files amount to the first public evidence that the U.S. government secretly buys software to exploit technology, referring to a table published by WikiLeaks that appeared to list various Apple iOS flaws purchased by the CIA and other intelligence agencies.
Apple Inc (AAPL.O) did not respond to a request for comment.
The documents refer to means for accessing phones directly in order to catch messages before they are protected by end-to-end encryption tools like Signal.
Signal inventor Moxie Marlinspike said he took that as "confirmation that what we’re doing is working." Signal and the like are "pushing intelligence agencies from a world of undetectable mass surveillance to a world where they have to use expensive, high-risk, extremely targeted attacks."CIA CYBER PROGRAMS
The CIA in recent years underwent a restructuring to focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries. The spy agency is prohibited by law from collecting intelligence that details domestic activities of Americans and is generally restricted in how it may gather any U.S. data for counterintelligence purposes.
The documents published Tuesday appeared to supply specific details to what has been long-known in the abstract: U.S. intelligence agencies, like their allies and adversaries, are constantly working to discover and exploit flaws in any manner of technology products.
WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA's "entire hacking capacity."
The documents only include snippets of computer code, not the full programs that would be needed to conduct cyber exploits.
WikiLeaks said it was refraining from disclosing usable code from CIA's cyber arsenal "until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analysed, disarmed and published."
U.S. intelligence agencies have said that Wikileaks has ties to Russia's security services. During the 2016 U.S. presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the agencies said were hacked by Moscow as part of a coordinated influence campaign to help Republican Donald Trump win the presidency.
WikiLeaks said on Tuesday that the documents showed that the CIA hoarded serious security vulnerabilities rather than share them with the public, as called for under a process established by President Barack Obama.
Rob Knake, a former official who dealt with the issue under Obama, said he had not seen evidence in what was published to support that conclusion.
In a press release, the group said, "The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive."
U.S. intelligence agencies have suffered a series of security breaches, including Snowden's.
In 2010, U.S. military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to Wikileaks.
Comments
0 comment