Anti-secrecy group WikiLeaks on Tuesday published what it said were thousands of pages of internal CIA discussions about hacking techniques used over several years, renewing concerns about the security of consumer electronics and embarrassing yet another U.S. intelligence agency.
The discussion transcripts showed that CIA hackers could get into Apple Inc iPhones, Google Inc Android devices and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software. Cyber security experts disagreed about the extent of the fallout from the data dump, but said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage.
WASHINGTON – REUTERS
Anti-secrecy group WikiLeaks on Tuesday said it had obtained a top-secret trove of hacking tools used by the CIA to break into phones, communication apps and other electronic devices, and published confidential documents on those programs.
Among the most noteworthy WikiLeaks claims are that the Central Intelligence Agency, in partnership with other U.S. and foreign agencies, has been able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal, by hacking phones that use Google’s Android platform to collect audio and message traffic before encryption is applied.
Google declined to comment but said it was investigating the matter.
If verified, the information in the documents would amount to yet another breach of classified material stolen in recent years from U.S. intelligence agencies. U.S. officials said they were unaware of where WikiLeaks might have obtained the material.
Reuters could not immediately verify the contents of the published documents.
WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA’s “entire hacking capacity.”
WikiLeaks said it published the CIA documents “while avoiding the distribution of ‘armed’ cyber-weapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should be analyzed, disarmed and published.”
U.S. intelligence agencies have said that Wikileaks has ties to Russia’s security services. During the 2016 U.S. presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the U.S. agencies said were hacked by Moscow as part of a coordinated influence campaign to help Donald Trump win the presidency.
WikiLeaks has denied ties to Russian spy agencies.
It was not immediately clear how much damage publication of the documents – should they be legitimate – might do to the spy agency’s cyber programs.
“We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in a statement.
Several cyber security consultants and contractors said the documents obtained by Wikileaks, dated between 2013 and 2016, appear legitimate.
A longtime intelligence contractor with expertise in U.S. hacking tools told Reuters the documents included correct “cover” terms describing active cyber programs.
“People on both sides of the river are furious,” he said, referring to the CIA and the eavesdropping National Security Agency based in Fort Meade, Maryland. “This is not a Snowden-type situation. This was taken over a long term and handed over to WikiLeaks.”
Beginning in 2013, former NSA contractor Edward Snowden revealed highly classified details of that agency’s surveillance programs.
“While we are still assessing the contents of the leak … the source appears legitimate,” said Brian Hein, Director of Strategic Initiatives at Flashpoint, a cyber intelligence firm.
“The files within the leak contain a number of documents that appear to be from the CIA and NSA, with information on programs to bypass encryption,” Hein said in an email.
WikiLeaks also said the documents showed CIA operatives had researched how to hack and take control of devices other than computers and smart phones connected to the Internet.
In one case, it said, U.S. and British personnel, under a program known as Weeping Angel, had developed ways to take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.
This could be the latest of several breaches. In 2010, U.S. military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to Wikileaks. President Barack Obama shortened her prison sentence in January.
Last month, former NSA contractor Harold Thomas Martin was indicted on charges of taking highly sensitive government material over a course of 20 years, storing the trove of secrets in his home.
(Reporting by Dustin Volz and Warren Strobel; additional reporting by Joe Menn, Mark Hosenball, Jonathan Landay and Jim Finkle; Editing by Bill Trott and Grant McCool)