Renewing concerns about the security of consumer electronics and embarrassing yet another U.S. intelligence agency, anti-secrecy group WikiLeaks published what it said were thousands of pages of internal CIA discussions about hacking techniques used over several years.
In order to capture text and voice messages before they were encrypted with sophisticated software, CIA hackers could get into Apple Inc iPhones, Google Inc Android devices and other gadgets, the discussion transcripts showed.
Cyber security experts said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage but disagreed about the extent of the fallout from the data dump.
The documents included correct “cover” terms describing active cyber programs, said news agency Reuters quoting a longtime intelligence contractor with expertise in U.S. hacking tools.
The encryption on popular messaging apps such as WhatsApp, Telegram and Signal, has been able to be bypassed by the Central Intelligence Agency, in partnership with other U.S. and foreign agencies, and this was among the most noteworthy of the WikiLeaks’ claims.
Compromise of the actual encryption of Signal or other secure messaging apps were not indicated by the files.
Appearing to represent the latest breach in recent years of classified material from U.S. intelligence agencies, the information was contained in what WikiLeaks said were 7,818 web pages with 943 attachments.
Questions on how much the disclosures could damage U.S. cyber espionage was disagreed by security experts.
“This is a big dump about extremely sophisticated tools that can be used to target individual user devices … I haven’t yet come across the mass exploiting of mobile devices,” said Tarah Wheeler, senior director of engineering and principal security advocate for Symantec.
How CIA hackers cover their tracks by leaving electronic trails suggesting they are from Russia, China and Iran rather than the United States is one of the most significant disclosures, says Stuart McClure, CEO of Cylance, an Irvine, California, cyber security firm.
How the CIA took advantage of vulnerabilities that are known, if not widely publicized was shown in other revelations.
To focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries, the CIA in recent years underwent a restructuring. The spy agency is generally restricted in how it may gather any U.S. data for counterintelligence purposes and is prohibited by law from collecting intelligence that details domestic activities of Americans.
But constantly working to discover and exploit flaws in any manner of technology products is the U.S. intelligence agencies, like their allies and adversaries, and the documents published appeared to supply specific details to this which has been long-known in the abstract.
The new WikiLeaks material did not appear to contain material that would fundamentally change what is publicly known about cyber espionage unlike the Snowden leaks, which revealed the NSA was secretly collecting details of telephone calls by ordinary Americans.
Drawing from a data set that includes several hundred million lines of code and includes the CIA’s “entire hacking capacity”, WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases.
(Adapted from Reuters)