US Spy Agency Staggers, But Still Standing After Latest WikiLeaks Dump
By Jamie Dettmer, Jeff Seldin March 07, 2017
The latest alleged bombshell meant to send shockwaves through the U.S. intelligence community is stoking renewed fears about the ability to secure classified information. But former intelligence officials say, at least for now, it is unlikely the apparent leak will do significant damage to U.S. cyber capabilities.
The online whistleblower organization WikiLeaks Tuesday published thousands of pages of what it described as "the entire hacking capacity" of the U.S. Central Intelligence Agency.
VOA was unable to independently verify the authenticity of the 8,771 documents published on the WikiLeaks website, but cybersecurity experts and former intelligence officials said many of the documents appeared to be real.
In a statement, WikiLeaks said the CIA "lost control of the majority of its hacking arsenal." The group added the spy agency's cybertools had been disseminated among some former U.S. government hackers and that one then shared them with WikiLeaks.
A U.S. intelligence official, speaking on the condition of anonymity, told VOA that a CIA contractor is suspected of being the source of the leak.
Scramble to find leak
Another recently retired U.S. intelligence official told VOA that the CIA is scrambling to find out who leaked the trove and how.
"Langley is in full damage assessment mode," he said.
U.S. lawmakers are, likewise, alarmed.
"This is early on into the investigation but these appear to be very, very serious," House Intelligence Committee chairman Devin Nunes, a Republican, told reporters late Tuesday. "We are extremely concerned and we are following it closely."
Some of the WikiLeaks documents describe how the CIA sought to exploit so-called "zero-days" – undetected flaws in the software that runs smartphones such as Apple's iPhone and Google's Android. Electronic devices that run Microsoft's Windows were also targeted.
According to the documents, CIA hackers discovered some of the vulnerabilities on their own. Others were sold to the CIA by third parties.
There allegedly was also collaboration with other intelligence agencies.
In one program, dubbed "Weeping Angel," the U.S. and Britain's MI-5 security service agency worked to secretly turn on so-called smart televisions made by Samsung in order to turn them into listening devices.
Like their U.S. counterparts, British officials refused to confirm or deny the charges.
"It is longstanding policy that we do not comment on intelligence matters," a British government spokesperson said.
"I think this is pretty legitimate," said Alex McGeorge, the head of Threat Intelligence at Immunity Inc., a security firm that works with major companies, financial institutions and government agencies.
"There are some techniques that are very specific," he said. "This is years of development and trade craft and work."
Difficult to fabricate
McGeorge said there appears to be a consistency throughout the documents that would be difficult to fabricate and that clearly show the efforts of an intelligence agency with an international focus.
But he questioned how much CIA efforts would be damaged by the disclosures.
"There are some techniques that are very specific … but it's not earth-shattering," McGeorge said. "This is certainly not all of CIA's advanced cyber capability."
Still, former intelligence officials worry that even if the documents prove to be real, it is the political fallout that will cause the most harm.
One cause for concern is the claim by WikiLeaks that the CIA possesses a library of hacking malware employed by other states that it can use to run so-called false flag operations. In essence, the U.S. would be able to carry out cyberespionage or cyberattacks but leave a trail of evidence that point to U.S. adversaries, such as Russia.
U.S. allies and their relationships with Washington could also be impacted.
In addition to cyber operations located at the CIA's headquarters in Virginia, the files released by WikiLeaks reveal the agency has been using the U.S. consulate in Frankfurt, Germany, as a covert base.
WikiLeaks claims the consulate, one of the largest American consulates in the world, housed CIA hackers working deep undercover who helped develop malicious software for attacks and eavesdropping on targets in Europe, the Middle East and Africa.
In one document, the CIA instructed employees: "Do not leave anything electronic or sensitive unattended in your room. (Paranoid, yes, but better safe than sorry.)" It advised them also to enjoy Lufthansa's free alcohol "in moderation."
The consulate, located in the northern part of the city and surrounded by high, reinforced perimeter walls, was the focus of German investigations into U.S. intelligence activities following the 2013 revelation, which also came from WikiLeaks, that the U.S. National Security Agency had tapped German Chancellor Angela Merkel's mobile phone, which prompted sharp and highly public disputes between Washington and Berlin.
The WikiLeaks release of the trove of alleged CIA hacking files also comes at an especially sensitive point, with the U.S. intelligence community involved in a confrontation with the administration of President Donald Trump over claimed Russian hacking aimed at influencing last year's U.S. election.
During his campaign, Trump, at times, defended WikiLeaks. And since taking office, Trump has derided such concerns as "fake news."
Still, a report by the Office of the Director of National Intelligence earlier this year concluded with "high confidence" that Russian military intelligence "relayed material it acquired from the DNC and senior Democratic officials to WikiLeaks."
Some former officials see the potential for Moscow's fingerprints to be on this latest WikiLeaks document dump as well, noting Russia is on the short list of countries capable of foiling the CIA's cyber efforts.
"It is in Russia's interest to see the CIA discredited," said Jonathan Shaw, who until 2012 was responsible for developing Britain's policy on cybersecurity. He added: "It is in the interests of Donald Trump, too."
Yet former officials caution there is still more reason to worry.
While WikiLeaks did not publish the codes for the cyberweapons themselves, it warned it might do so at a later date. And there is a good chance others may already have them.
"This is like finding a whole cache of weapons on the battlefield and taking it in," said Jeff Bardin, who worked in intelligence with the U.S. Air Force.
"It really comes down to the fact that our adversaries know what we're doing, what we're using," said Bardin, now CIO of the cybersecurity firm Treadstone 71. "It's pretty disappointing that we would allow this to get out."
That disappointment has been magnified following efforts to tighten security after the 2013 disclosures about U.S. National Security Agency contractor Edward Snowden, who promptly fled to Russia.
Another NSA contractor, Harold Martin, was indicted earlier this year on charges related to what officials described as possibly the largest heist of classified government information in history.
Yet Terry Roberts, a former deputy director of U.S. Naval Intelligence, said the biggest risk is not so much the exposure of the cyberweapons themselves, but the extent to which the WikiLeaks document dumps might reveal how U.S. intelligence thinks.
"This is an environment that is never static," Roberts said. "You're always creating a tool that's going to be overcome by another tool that's going to be overcome by another tool.
"The expertise and the environment of how you develop these tools and deploy them at speed and with effectiveness is truly the secret sauce," she said.
|Join the GlobalSecurity.org mailing list|