https://www.washingtonpost.com/world/national-security/wikileaks-says-it-has-obtained-trove-of-cia-hacking-tools/2017/03/07/c8c50c5c-0345-11e7-b1e9-a05d3c21f7cf_story.html?utm_term=.5a262021a1df
WikiLeaks says it has obtained trove of CIA hacking tools
WikiLeaks says it has the CIA’s hacking secrets. Here's what you need to know.
Embed
Share
Play Video2:15
WikiLeaks says it has a trove on the CIA’s
hacking secrets. Washington Post national security reporter Greg Miller
explains what these documents reveal.
(Dalton Bennett, Greg Miller/The Washington Post)
A
vast portion of the CIA’s computer hacking arsenal appeared to have
been exposed Tuesday by the anti-secrecy organization WikiLeaks, which
posted thousands of files revealing secret cyber-tools used by the
agency to convert cellphones, televisions and other ordinary devices
into implements of espionage.
The trove appeared to lay
bare the design and capabilities of some of the U.S. intelligence
community’s most closely guarded cyberweapons, a breach that is likely
to cause immediate damage to the CIA’s efforts to gather intelligence
overseas and place new strain on the U.S. government’s relationship with
Silicon Valley giants including Apple and Google.
WikiLeaks,
which claimed to have gotten the files from a current or former CIA
contractor, touted the trove as comparable in scale and significance to
the collection of National Security Agency documents exposed by former
U.S. intelligence contractor Edward Snowden.
Checkpoint newsletter
Military, defense and security at home and abroad.
But
while the Snowden files revealed massive surveillance programs that
gathered data on millions of Americans, the CIA documents posted so far
by WikiLeaks appear mainly to unmask hacking methods that many experts
already assumed the agency had developed.
U.S.
intelligence officials and experts said details contained in the newly
released documents suggest that they are legitimate, although that could
not be independently verified, raising new worries about the U.S.
government’s ability to safeguard its secrets in an era of cascading
leaks of classified data.
Wikileaks posts alleged trove of CIA hacking tools
Embed
Share
Play Video1:29
Anti-secrecy group Wikileaks on Tuesday said
it had obtained a top-secret trove of hacking tools used by the CIA to
break into phones, communication apps and other electronic devices, and
published confidential documents on those programs.
(Reuters)
The files mention pieces of malware with
names like “Assassin” and “Medusa” that seem drawn from a spy film,
describing tools that the CIA uses to steal data from iPhones, seize
control of Microsoft-powered computers or even make Internet-connected
Samsung television sets secretly function as microphones.
The
release of so many sensitive files appeared to catch the CIA, the White
House and other government entities off-guard. A CIA spokesman would
say only that “we do not comment on the authenticity of purported
intelligence documents.”
In a statement, WikiLeaks
indicated that the initial stockpile it put online was part of a broader
collection of nearly 9,000 files that would be posted over time
describing code developed in secret by the CIA to steal data from a
range of targets. WikiLeaks said it redacted lists of CIA surveillance
targets, though it said they included targets and machines in Latin
America, Europe and the United States.
The release was
described as a huge loss to the CIA by security experts and former U.S.
intelligence officials. “It looks like really the backbone of their
network exploitation kit,” said a former hacker who worked for the
National Security Agency and, like others, spoke on the condition of
anonymity, citing the sensitivity of the subject.
The
breach could undermine the CIA’s ability to carry out key parts of its
mission, from targeting the Islamic State and other terrorist networks
to penetrating the computer defenses of sophisticated cyber-adversaries
including Russia, China and Iran, former officials and tech specialists
said.
“Any exposure of these tools is going to cause
grave if not irreparable damage to the ability of our intelligence
agencies to conduct our mission,” a former senior U.S. intelligence
official said.
If legitimate, the release represents the
latest major breach of sensitive U.S. government data to be put on
global display in humiliating fashion by WikiLeaks, which came to
prominence in 2010 with the exposure of thousands of classified U.S.
diplomatic cables and military files. WikiLeaks founder Julian Assange
has engaged in an escalating feud with the United States while taking
refuge at the Ecuadoran Embassy in London from Swedish sexual assault
allegations.
WikiLeaks’ latest assault on
U.S. secrets may pose an early, potentially awkward security issue for
President Trump, who has repeatedly praised WikiLeaks and disparaged the
CIA.
Trump declared “I love WikiLeaks” last October
during a campaign rally when he read from a trove of stolen emails about
his Democratic opponent, Hillary Clinton, that had been posted to the
organization's website.
White House press secretary Sean Spicer declined to comment when asked about the CIA breach during a news briefing Tuesday.
[Why the CIA is using your TVs, smartphones and cars for spying]
WikiLeaks
indicated that it obtained the files from a current or former CIA
contractor, saying that “the archive appears to have been circulated
among former U.S. government hackers and contractors in an unauthorized
manner, one of whom has provided WikiLeaks with portions of the
archive.”
But the counterintelligence investigation
underway at the CIA is also likely to search for clues to whether Russia
had any role in the theft of the agency’s digital arsenal. U.S.
intelligence officials allege that WikiLeaks has ties to Russian
intelligence services. The website posted thousands of emails stolen
from Democratic Party computer networks during the 2016 presidential
campaign, files that U.S. intelligence agencies concluded were obtained
and turned over to WikiLeaks as part of a cyber-campaign orchestrated by
the Kremlin.
Experts and former intelligence officials
said the latest files appear to be authentic in part because they refer
to code names and capabilities known to have been developed by the CIA’s
cyber-branch.
“At first glance,” the data release “is
probably legitimate or contains a lot of legitimate stuff, which means
somebody managed to extract a lot of data from a classified CIA system
and is willing to let the world know that,” said Nicholas Weaver, a
computer security researcher at the University of California at
Berkeley.
Faking a large quantity of data is difficult
but not impossible, he noted. Weaver said he knows of one case of
WikiLeaks deliberately neglecting to include a document in a data
release and one case of WikiLeaks deliberately mislabeling stolen data,
“but no cases yet of deliberately fraudulent information.”
[WikiLeaks releases thousands of documents about Clinton and internal deliberations]
WikiLeaks said the trove comprised tools — including malware, viruses, trojans and weaponized “zero day”
exploits — developed by a CIA entity known as the Engineering
Development Group, part of a sprawling cyber-directorate created in
recent years as the agency shifted resources and attention to online
espionage.
WikiLeaks labeled the trove “Vault 7” and
said that it contains several hundred million lines of code, many of
which are designed to exploit vulnerabilities in everyday consumer
devices.
In a statement, WikiLeaks said the files enable the agency to bypass popular encryption-enabled applications — including WhatsApp, Signal and Telegram — used by millions of people to safeguard their communications.
But
experts said that rather than defeating the encryption of those
applications, the CIA’s methods rely on exploiting vulnerabilities in
the devices on which they are installed, a method referred to as
“hacking the endpoint.”
[Why understanding cyberspace is key to defending against digital attacks]
WikiLeaks
said that the files were created between 2013 and 2016 and that it
would publish only a portion of the archive — redacting some sensitive
samples of code — “until a consensus emerges on the technical and
political nature of the CIA’s program.”
The organization
did not clarify what achieving such a consensus would entail, but for
now it appeared to be withholding fully formed pieces of ready-made code
that could be used by other intelligence services or even novice
hackers.
Still, the data release alarmed cybersecurity
experts, who said the files contain snippets of code that could enable
adversaries to replicate CIA capabilities or identify and root out CIA
“implants” currently in place.
“This is explosive,”
said Jake Williams, founder of Rendition InfoSec, a cybersecurity firm.
The material highlights specific anti-virus products that can be
defeated, going further than a release of NSA hacking tools last year,
he said. The CIA hackers, according to WikiLeaks, even “discussed what
the NSA’s . . . hackers did wrong and how the CIA’s malware makers could
avoid similar exposure.”
Hackers who worked at the
NSA’s Tailored Access Operations unit said the CIA’s library of tools
looked comparable. The implants — software that enables hackers to
remotely control a compromised device — are “very, very complex” and “at
least on par with the NSA,” said one former TAO hacker.
Beyond
hacking weapons, the files also purportedly reveal information about
the organization of the CIA’s cyber-directorate and indicate that the
agency uses the U.S. Consulate in Frankfurt, Germany, as a hacking hub
for operations in Europe, the Middle East and Africa.
Though
primarily thought of as an agency that recruits spies, the CIA has
taken on a larger role in electronic espionage over the past decade. In
2015 the agency created the Directorate of Digital Innovation, a
division that puts cyber-work on equal footing with long-standing
directorates devoted to conventional spying and analysis.
The
CIA’s focus is more narrow and targeted than that of the NSA, which is
responsible for sweeping up electronic communications on a large scale
around the globe. By contrast, CIA efforts mainly focus on “close in”
operations in which the agency at times relies on individuals carrying
thumb drives or other devices to implant code on computer systems not
connected to the Internet.
One of the most intriguing
tools described in the files, called “Weeping Angel,” can apparently be
used to put certain television sets into a fake “off” mode while
activating a microphone that enables the CIA to capture any
conversations in the surrounding space.
Ashkan Soltani and Julie Tate contributed to this report.
Fundraised income not growing so fast
A victim of Wednesday’s terror attack in London receives assistance from a woman on Westminster Bridge. Reuters
