WikiLeaks published thousands of documents on 7 March 2017. The documents reveal several hacking and surveillance tools employed by the Central Investigation Agency (CIA), the foreign intelligence agency of the United States of America.
This was the largest leak of documents relating to the intelligence agency.
The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia. The documents cover the period between 2013 to 2016.
They were preceded by a WikiLeaks exposé last month on how the CIA ordered the spying of all major political parties during the 2012 French Presidential election.
In its press release, WikiLeaks said that recently the CIA lost control of the majority of its hacking arsenal. This extraordinary collection (which amounts to more than several hundred million lines of code) involved the entire hacking capacity of the CIA. “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive.”
All the documents are accessible here.
What do the documents reveal?
The documents reveal, among other things, the following:
- The tools used by the CIA to break into users’ computers, mobile phones, and smart TVs from companies like Apple, Google, Microsoft, and Samsung.
- The methods used for bypassing antivirus software and protective security features intended to keep the private information of citizens and corporations safe from prying eyes.
- How the CIA coordinated with friendly foreign governments and the National Security Agency (NSA) to enhance their spying and purview.
- One leaked file describes how the CIA writes its malware code to obscure its origin.
- Furthermore, the documents shed further light on how the CIA and the Federal Bureau of Investigation (FBI) knew about the catastrophic weaknesses in popular smartphones but did not act to close the loopholes so that they could spy on through them. This showed that the CIA was willing to risk third-party hackers hacking into the smartphones of individuals through loopholes the Agency already knew about.
- The CIA uses the US consulate in Frankfurt, Germany as a covert base for its hackers covering Europe, the Middle-east, and Africa.
Is the security of WhatsApp chats compromised?
There were several reports that the CIA had “bypassed” the encryption technology used by popular messaging services like WhatsApp. This is not entirely true as it makes it seem as if the CIA was targeting these services in particular. The reality is that by exploiting the glitches it discovered in smartphone systems, the CIA could take control of entire phones, thereby accessing encrypted chats including those of WhatsApp. Thus the social media compromises are a security implication of the fact that the CIA has ways of hacking and controlling smartphones.
As WikiLeaks itself noted in its analysis, “Techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Weibo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”
Since 2001, the CIA has gained notoriety even as its political clout increased. The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force – its own substantial fleet of hackers. The Agency’s hacking division freed it from having to disclose its often controversial operations to the NSA, giving it a free hand.
“There is an extreme proliferation risk in the development of cyber ‘weapons’. Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of “Year Zero” goes well beyond the choice between cyber war and cyber peace. The disclosure is also exceptional from a political, legal and forensic perspective.” – Julian Assange, WikiLeaks editor.
Former CIA Director Mike Hayden told MSNBC he had undertaken only a cursory review of the documents, but that if they were what they were purported to be, it would amount to a “very extensive file of the tactics, techniques, procedures, targets and other political rules. If it is that, it would be very, very damaging,” he said.
Jonathan Liu, a spokesman for the CIA, said, “We do not comment on the authenticity or content of purported intelligence documents.” White House spokesman Sean Spicer also declined comment.
Meanwhile, in a statement, human rights watchdog Privacy International said it had long warned about government hacking powers. “Insufficient security protections in the growing amount of devices connected to the internet or so-called ‘smart’ devices, such as Samsung smart TVs, only compound the problem, giving governments easier access to our private lives.”