Thursday, March 9, 2017
CIA blasts WikiLeaks for publishing secret documents
A CIA spokeswoman would not confirm the authenticity of the materials published by WikiLeaks, which said they were leaked from the spy agency's hacking operations.
Nevertheless, said spokeswoman Heather Fritz Horniak, "The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries."
"Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm," she said.
Horniak defended the CIA's cyber operations, which the WikiLeaks materials showed focused heavily on breaking into personal electronics using a wide range of malware systems.
"It is CIA's job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad," she said.
- Massive leak -
On Tuesday, WikiLeaks published nearly 9,000 documents it said were part of a huge trove leaked from the CIA, describing it as the largest-ever publication of secret intelligence materials.
"This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA," it said.
The documents showed that CIA hackers can turn a TV into a listening device, bypass popular encryption apps, and possibly control one's car.
Most experts believe the materials to be genuine, and US media said Wednesday that the Federal Bureau of Investigation is opening a criminal probe into the leak.
The source of the materials remained unclear. The investigation could focus on whether the CIA was sloppy in its controls, or, as The Washington Post reported, it could be "a major mole hunt" for a malicious leaker or turncoat inside the agency.
WikiLeaks itself said the documents, hacking tools and code came from an archive that had circulated among US government hackers and private contractors.
An investigation would come as the CIA is already enmeshed in a politically-charged probe into Russia's alleged interference in the US election last year in support of President Donald Trump's campaign.
WikiLeaks, which has stunned the US government with a series of publications of top secret political, diplomatic and intelligence materials, said the publication Tuesday was only the first of a series of releases of CIA hacking materials.
That raised concerns that the site could release the actual hacking tools it obtained along with the documents. Experts worry those could fall into the hands of anyone, including US enemies and criminals.
- Tech sector scrambles for fixes -
The WikiLeaks documents detailed the CIA's practice of exploiting vulnerabilities in hardware and software, without ever informing producers of them.
The CIA allegedly found ways to hack into personal electronics from leading companies like Apple and Samsung, Android phones, popular Microsoft software, and crucial routers from major manufacturers.
The documents suggest it can also infiltrate smartphones in a way that allows it to get around popular messaging encryption apps.
The tech sector was scrambling to understand how their products were at risk.
"While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities," Apple said in an emailed statement.
"We're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities," Google director of information security and privacy Heather Adkins said in a released statement.
"Our analysis is ongoing and we will implement any further necessary protections."
Samsung and Microsoft both said they were "looking into" what WikiLeaks revealed.
- Encryption apps safe-
Joseph Hall, a technologist with the Center for Democracy and Technology, a digital rights organization, said the documents raise questions about the US government's pledge last year to disclose vulnerabilities to technology firms.
That pledge means "security flaws should get back to the companies so they can get fixed, and not languish for years," he said.
The American Civil Liberties Union commented in a tweet: "When the govt finds software security holes, it should help fix them, not hoard them and leave everyone vulnerable."
Companies that make encryption programs and apps targeted by the CIA said the revelations show the agency has not been able to break their software.
Open Whisper Systems, which developed the technology for the Signal encryption app, said the CIA documents showed that Signal works.
"None of the exploits are in Signal or break Signal Protocol encryption," the group said in a tweet.
"The existence of these hacking tools is a testimonial to the strength of the encryption," said Steve Bellovin, a Columbia University computer science researcher, in a blog post.