WASHINGTON — WikiLeaks on Tuesday released thousands of documents that it said described sophisticated software tools used by the Central Intelligence Agency to break into smartphones, computers and even Internet-connected televisions.
If
the documents are authentic, as appeared likely at first review, the
release would be the latest coup for the anti-secrecy organization and a
serious blow to the C.I.A., which maintains its own hacking
capabilities to be used for espionage.
The
initial release, which WikiLeaks said was only the first part of the
document collection, included 7,818 web pages with 943 attachments, the
group said. The entire archive of C.I.A. material consists of several
hundred million lines of computer code, it said.
Among
other disclosures that, if confirmed, would rock the technology world,
the WikiLeaks release said that the C.I.A. and allied intelligence
services had managed to bypass encryption on popular phone and messaging
services such as Signal, WhatsApp and Telegram. According to the
statement from WikiLeaks, government hackers can penetrate Android
phones and collect “audio and message traffic before encryption is
applied.”
Continue reading the main story
ADVERTISEMENT
Continue reading the main story
The
source of the documents was not named. WikiLeaks said the documents,
which it called Vault 7, had been “circulated among former U.S.
government hackers and contractors in an unauthorized manner, one of
whom has provided WikiLeaks with portions of the archive.”
WikiLeaks
said the source, in a statement, set out policy questions that
“urgently need to be debated in public, including whether the C.I.A.’s
hacking capabilities exceed its mandated powers and the problem of
public oversight of the agency.” The source, the group said, “wishes to
initiate a public debate about the security, creation, use,
proliferation and democratic control of cyberweapons.”
The
documents, from the C.I.A’s Center for Cyber Intelligence, are dated
from 2013 to 2016, and WikiLeaks described them as “the largest ever
publication of confidential documents on the agency.” One former
intelligence officer who briefly reviewed the documents on Tuesday
morning said some of the code names for C.I.A. programs, an organization
chart and the description of a C.I.A. hacking base appeared to be
genuine.
A C.I.A. spokesman, Dean Boyd, said, “We do not comment on the authenticity or content of purported intelligence documents.”
WikiLeaks,
which has sometimes been accused of recklessly leaking information that
could do harm, said it had redacted names and other identifying
information from the collection. It said it was not releasing the
computer code for actual, usable cyberweapons “until a consensus emerges
on the technical and political nature of the C.I.A.’s program and how
such ‘weapons’ should be analyzed, disarmed and published.”
Some
of the details of the C.I.A. programs might have come from the plot of a
spy novel for the cyberage, revealing numerous highly classified — and
in some cases, exotic — hacking programs. One, code-named Weeping Angel,
uses Samsung “smart” televisions as covert listening devices. According
to the WikiLeaks news release, even when it appears to be turned off,
the television “operates as a bug, recording conversations in the room
and sending them over the internet to a covert C.I.A. server.”
The release said the program was developed in cooperation with British intelligence.
If
C.I.A. agents did manage to hack the smart TVs, they would not be the
only ones. Since their release, internet-connected televisions have been
a focus for hackers and cybersecurity experts, many of whom see the
sets’ ability to record and transmit conversations as a potentially
dangerous vulnerability.
In
early 2015, Samsung appeared to acknowledge the televisions posed a
risk to privacy. The fine print terms of service included with its smart
TVs said that the television sets could capture background
conversations, and that they could be passed on to third parties.
The
company also provided a remarkably blunt warning: “Please be aware that
if your spoken words include personal or other sensitive information,
that information will be among the data captured and transmitted to a
third party through your use of Voice Recognition.”
Another
program described in the documents, named Umbrage, is a voluminous
library of cyberattack techniques that the C.I.A. has collected from
malware produced by other countries, including Russia. According to the
WikiLeaks release, the large number of techniques allows the C.I.A. to
mask the origin of some of its cyberattacks and confuse forensic
investigators.
Assuming
the release is authentic, it marks the latest in a series of huge leaks
that have changed the landscape for government and corporate secrecy.
In
scale, the Vault 7 archive appears to fall into the same category as
the biggest leaks of classified information in recent years, including
the quarter-million diplomatic cables taken by Chelsea Manning, the
former Army intelligence analyst, and given to WikiLeaks in 2010, and
the hundreds of thousands of documents taken from the National Security
Agency by Edward J. Snowden and given to journalists in 2013.
In
the business world, the so-called Panama Papers and several other
large-volume leaks have laid bare the details of secret offshore
companies used by wealthy and corrupt people to hide their assets.
Both
government and corporate leaks have been made possible by the ease of
downloading, storing and transferring millions of documents in seconds
or minutes, a sea change from the use of slow photocopying for some
earlier leaks, including the Pentagon Papers in 1971.
The
National Security Agency and the military’s closely related Cyber
Command have the most extensive capabilities for breaking into foreign
communications and computer networks and, if required, destroying them.
But the C.I.A. maintains a parallel set of programs, mainly for
gathering information.
A
set of N.S.A. hacking tools, evidently leaked from the agency or stolen
in an electronic break-in, was put up for auction on the web last
summer by a group calling itself the Shadow Brokers. Those tools were
among the N.S.A.’s arsenal for penetrating foreign computer networks. At
first glance the Vault 7 programs appeared to be aimed at smaller,
individual targets rather than large networks.
No comments:
Post a Comment