WASHINGTON — The Central Intelligence Agency’s hackers have developed tools letting them break into devices to monitor conversations and messages, according to documents released by WikiLeaks that — if true — could expose U.S. operations in countries from North Korea to Iran.
“If they can hack into the CIA they can hack into anyone,” Republican Sen. John McCain, chairman of the Senate Armed Services Committee, said of WikiLeaks. “This is very, very serious.”
WikiLeaks, which specializes in disclosing government secrets, posted 8,761 documents and files Tuesday that it said came from the CIA’s Center for Cyber Intelligence. The group said the center developed ways to hack into devices, from Apple Inc.’s iPhones and phones based on Google’s Android system to Samsung “smart” televisions, in order to monitor conversations and messages.
The trove, if legitimate, discloses malware, viruses and security vulnerabilities known as “zero days.” It also reveals that the agency has the ability to break into devices and intercept messages before they can be encrypted by applications such as Facebook Inc.’s WhatsApp, Signal, Telegram and Confide.
‘Probably Legit’
“At first glance it is probably legit or contains a lot of legitimate stuff, which means somebody managed to extract a lot of data from a classified CIA system and is willing to let the world know that,” Nicholas Weaver, a senior researcher at the International Computer Science Institute at the University of California at Berkeley, said in an email.
CIA spokesman Jonathan Liu said in an email, “We do not comment on the authenticity or content of purported intelligence documents.”
Foreign governments that think their computers and devices have been infiltrated could follow the digital trail to pinpoint exactly where the CIA has been — and potentially track down insiders who may have aided in those intelligence operations, according to a former U.S. intelligence official who asked not to be identified discussing sensitive matters.
In the worst case, some of the agency’s most sensitive operations could be exposed in countries such as North Korea, Iran, and Russia, setting back U.S. intelligence efforts, the former official said.
Hard to Replace
The types of hacking capabilities purportedly disclosed by WikiLeaks aren’t easily replaced once they are disclosed, and targets can develop defenses against them, according to a former National Security Agency cyber engineer, who asked not to be identified because of the sensitivity of the information. The alleged leaks are a reminder of how important, yet difficult, data protection is for intelligence agencies, added the former official, who said there appears to be a crisis in operational security over maintaining confidentiality.
But a technology entrepreneur, who asked not to be identified discussing sensitive matters, said that nothing in the WikiLeaks documents would allow for the mass interception of communications. The executive said the material is malware, mostly for older operating systems, and isn’t especially advanced technically.
WikiLeaks boasted Tuesday that its CIA leak “eclipses” the number of pages in Edward Snowden’s 2013 disclosures of National Security Agency programs. But its posting Tuesday disclosed mostly instructions about how to deploy hacking tools rather than the specifics that would be most useful to the CIA’s adversaries.
Redacted Information
WikiLeaks said it redacted and removed some identifying information from the content, including the names of CIA employees and tens of thousands of “CIA targets and attack machines” in Latin America, Europe and the U.S. The group said it obtained portions of the CIA’s hacking archive, which has several hundred million lines of code. WikiLeaks said it withheld releasing “armed” cyberweapons until “a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should be analyzed, disarmed and published.”
“It could be potentially more dangerous than Snowden,” said Bob Stasio, a fellow at the Truman National Security Project. “The Snowden leaks were damaging but were never linked to an actual threat of life that we know of. If this leak turns out to be genuine, the lives of people who have worked with the CIA could be at risk.”
Last year, WikiLeaks posted thousands of stolen emails to and from Democrat Hillary Clinton’s presidential campaign chairman. WikiLeaks has denied that it obtained the Clinton emails from Russia, which U.S. intelligence agencies have said was responsible for hacking during last year’s campaign to hurt Clinton and, ultimately, help Donald Trump win the White House.
In an analysis it released Tuesday, WikiLeaks said the CIA’s Remote Devices Branch has a group called UMBRAGE, which maintains a “substantial library” of attack methods from malware produced in other countries, including Russia.
WikiLeaks said the CIA documents showed the agency is able to defeat encryption on popular applications such as WhatsApp and Signal by simply hacking into the devices ”that they run on and collecting audio and message traffic before encryption is applied.”