Did WikiLeaks just unmask CIA cyberoperations?
Nearly four years after Edward Snowden leaked top-secret details exposing National Security Agency surveillance programs, the US intelligence community is facing another crisis that could change the face of modern espionage.
On Tuesday, the antisecrecy site WikiLeaks began posting what it claims to be "the largest ever publication of confidential documents" on the CIA. The documents appear to reveal the agency's vast and technically sophisticated methods for exploiting security vulnerabilities in iPhones, Android devices, Samsung TV sets, and Microsoft systems to carry out covert cyberoperations.
"If this is what it pretends to be, it looks like a very extensive file of the tactics, techniques, procedures, targets, and political rules under which the Central Intelligence Agency conducts its computer network exploitation and other activities," Michael Hayden, former head of the CIA and National Security Agency, told NBC News on Tuesday.
For its part, a CIA spokesperson said, "We do not comment on the authenticity or content of purported intelligence documents."
WikiLeaks says its first batch from the CIA tranche includes 8,761 documents obtained from inside the agency's Center for Cyber Intelligence and "the majority of its hacking arsenal."
While many experts say it's too early to say for certain that all of the leaked computer programs are genuine, there's a growing consensus among cybersecurity experts that the leak has indeed exposed critical agency hacking tools.
Leaking the computer code and methods, many experts say, could have far-reaching and potentially devastating ramifications not just for agency operations, but for companies and consumers because of the number of digital flaws revealed in the leaks, which WikiLeaks has dubbed Vault 7.
"I liken it to people handing out Kalashnikovs and grenades on the street," says Tom Kellermann, chief executive officer at Strategic Cyber Ventures. "It's not only about undermining confidence. These weapons can now be turned against US corporations and civilians."
The Vault 7 dump also appears to show the considerable efforts the agency has gone to compromise cybersecurity and antivirus software with high-grade software tools. For instance, previously unknown software flaws revealed in the leak – known as zero-day vulnerabilities – indicate the agency could intercept private chats by compromising iPhones and Android-enabled devices, nabbing messages that would be secured by apps such as Signal, WhatsApp, and Telegram before they are encrypted.
Other tools revealed in the dump provided various techniques for the agency to infect systems and swipe sensitive documents. One tool, referred to as "HammerDrill," could apparently let CIA operatives break into "air gapped" facilities that are physically isolated from insecure networks.
Another flaw in Samsung smart TVs, called "Weeping Angel," purportedly developed in tandem with British intelligence, could allow snoopers to listen in on conversations by appearing to power off the device while secretly uploading recordings to a remote server.
The documents, that WikiLeaks says originate from 2013 to 2016, indicate that the CIA allowed agents to use the US consulate in Frankfurt as a base for digital espionage efforts around the globe, including in Europe, the Middle East, and Africa, providing a diplomatic cover and guises to get past customs.
"The stuff that's represented in the documents – there's even source code – these are things that are effectively burned," says Jake Williams, a former Pentagon software analyst who currently works at the cybersecurity firm Rendition Infosec.
Now that the vulnerabilities have been revealed, tech companies will begin updating their systems to repair their vulnerabilities. "People will start pushing out antivirus signatures by tomorrow," he says.
The intelligence community has long relied on faulty software in consumer and corporate networks to carry out espionage operations. Yet it remains unclear how much the WikiLeaks dump – if legitimate – will impact the agency's secret stockpile of zero days.
In 2015, NSA Director Adm. Michael Rogers said his agency disclosed more than 90 percent of the software vulnerabilities it found to software vendors and developers. A Columbia University study last summer estimated that the NSA's vulnerability stockpile was "in the dozens," though it didn't offer a figure for the CIA. The White House has its own process by which it can disclose or retain software vulnerabilities used by intelligence and law enforcement agencies – but it is not required to make those decisions public.
"The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open," Mr. Snowden tweeted Tuesday. "Reckless beyond words."
Snowden's leaks in 2013 exposed a variety of top-secret NSA digital surveillance efforts, including the PRISM program that allowed agents to search internet data from around the world. As a result of those disclosures, President Obama signed the USA Freedom Act that limited intelligence agencies' ability to obtain data from communications providers.
WikiLeaks has not revealed the source of the Vault 7 leaks but appeared to indicate the leaks came from an agency insider, raising new questions about questions about the security of sensitive cyberintelligence efforts.
Earlier this year, former NSA contractor Harold Martin was charged with unlawfully retaining classified information for walking out of the agency with an extensive trove of top-secret documents.
"After Snowden, there was a huge effort to lock down this kind of information," says James Lewis, a senior fellow at the Center for Strategic and International Studies, a Washington think tank. "If it failed, they're going to want to know why."
