Anti-secrecy group WikiLeaks on Tuesday published what it said were thousands of pages of internal CIA discussions about hacking techniques used over several years, renewing concerns about the security of consumer electronics and embarrassing yet another U.S. intelligence agency.
The discussion transcripts showed that CIA hackers could get into Apple Inc iPhones, Google Inc Android devices and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.
Cyber security experts disagreed about the extent of the fallout from the data dump, but said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage.
Reuters could not immediately verify the contents of the published documents, but several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.
A longtime intelligence contractor with expertise in U.S. hacking tools told Reuters the documents included correct "cover" terms describing active cyber programs.
Among the most noteworthy WikiLeaks claims is that the Central Intelligence Agency, in partnership with other U.S. and foreign agencies, has been able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal.
The files did not indicate the actual encryption of Signal or other secure messaging apps had been compromised.
The information in what WikiLeaks said were 7,818 web pages with 943 attachments appears to represent the latest breach in recent years of classified material from U.S. intelligence agencies.
Security experts differed over how much the disclosures could damage U.S. cyber espionage. Many said that, while harmful, they do not compare to former National Security Agency contractor Edward Snowden's revelations in 2013 of mass NSA data collection.
"This is a big dump about extremely sophisticated tools that can be used to target individual user devices ... I haven’t yet come across the mass exploiting of mobile devices," said Tarah Wheeler, senior director of engineering and principal security advocate for Symantec.
Stuart McClure, CEO of Cylance, an Irvine, California, cyber security firm, said that one of the most significant disclosures shows how CIA hackers cover their tracks by leaving electronic trails suggesting they are from Russia, China and Iran rather than the United States.
Other revelations show how the CIA took advantage of vulnerabilities that are known, if not widely publicized.
In one case, the documents say, U.S. and British personnel, under a program known as Weeping Angel, developed ways to take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.
The CIA and White House declined comment. "We do not comment on the authenticity or content of purported intelligence documents," CIA spokesman Jonathan Liu said in a statement.
Google declined to comment on the purported hacking of its Android platform, but said it was investigating the matter.
Snowden on Twitter said the files amount to the first public evidence that the U.S. government secretly buys software to exploit technology, referring to a table published by WikiLeaks that appeared to list various Apple iOS flaws purchased by the CIA and other intelligence agencies.
Apple Inc did not respond to a request for comment.
The documents refer to means for accessing phones directly in order to catch messages before they are protected by end-to-end encryption tools like Signal.
Signal inventor Moxie Marlinspike said he took that as "confirmation that what we’re doing is working." Signal and the like are "pushing intelligence agencies from a world of undetectable mass surveillance to a world where they have to use expensive, high-risk, extremely targeted attacks."
CIA CYBER PROGRAMS
The CIA in recent years underwent a restructuring to focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries. The spy agency is prohibited by law from collecting intelligence that details domestic activities of Americans and is generally restricted in how it may gather any U.S. data for counterintelligence purposes.
The documents published Tuesday appeared to supply specific details to what has been long-known in the abstract: U.S. intelligence agencies, like their allies and adversaries, are constantly working to discover and exploit flaws in any manner of technology products.
Unlike the Snowden leaks, which revealed the NSA was secretly collecting details of telephone calls by ordinary Americans, the new WikiLeaks material did not appear to contain material that would fundamentally change what is publicly known about cyber espionage.
WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA's "entire hacking capacity."
The documents only include snippets of computer code, not the full programs that would be needed to conduct cyber exploits.
WikiLeaks said it was refraining from disclosing usable code from CIA's cyber arsenal "until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analysed, disarmed and published."
U.S. intelligence agencies have said that Wikileaks has ties to Russia's security services. During the 2016 U.S. presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the agencies said were hacked by Moscow as part of a coordinated influence campaign to help Republican Donald Trump win the presidency.
WikiLeaks has denied ties to Russian spy agencies.
Trump praised WikiLeaks during the campaign, often citing hacked emails it published to bolster his attacks on Democratic Party candidate Hillary Clinton.
WikiLeaks said on Tuesday that the documents showed that the CIA hoarded serious security vulnerabilities rather than share them with the public, as called for under a process established by President Barack Obama.
Rob Knake, a former official who dealt with the issue under Obama, said he had not seen evidence in what was published to support that conclusion.
The process "is not a policy of unilateral disarmament in cyberspace. The mere fact that the CIA may have exploited zero-day [previously undisclosed] vulnerabilities should not surprise anyone," said Knake, now at the Council on Foreign Relations.
U.S. officials, speaking on condition of anonymity, said they did not know where WikiLeaks might have obtained the material.
In a press release, the group said, "The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."
U.S. intelligence agencies have suffered a series of security breaches, including Snowden's.
In 2010, U.S. military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to Wikileaks.
Last month, former NSA contractor Harold Thomas Martin was indicted on charges of taking highly sensitive government materials over a course of 20 years, storing the secrets in his home.
Reuters
Tue Mar 07 2017
![WikiLeaks says it releases files on CIA cyber spying tools WikiLeaks says it releases files on CIA cyber spying tools](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/http://img.astroawani.com/2017-03/71488929649_CIAHeadquarters.jpg)
FILE PHOTO - The lobby of the CIA Headquarters Building is pictured in Langley, Virginia, U.S. on August 14, 2008. REUTERS/Larry Downing
![PAC akan mulakan prosiding isu dibangkit LKAN Siri 2/2024 PAC akan mulakan prosiding isu dibangkit LKAN Siri 2/2024](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-03/61710922383_MasErmieyatiSamsud.jpg)
PAC akan mulakan prosiding isu dibangkit LKAN Siri 2/2024
Jawatankuasa Kira-Kira Wang Negara (PAC) akan memulakan prosiding bagi empat isu yang dibangkitkan dalam Laporan Ketua Audit Negara (LKAN) Siri 2/2024.
AWANI Ringkas: Kes bunuh Nur Farah Kartini | Skandal LCS
Ikuti rangkuman berita utama yang menjadi tumpuan sepanjang hari di Astro AWANI menerusi AWANI Ringkas.
ADUN Rembia sertai Pas, kenapa tak umum tahun lepas? - MP Kampar
Chong Zhemin, tindakan tersebut seolah-olah satu penghinaan paling besar kepada Parlimen yang telah meluluskan pindaan Perlembagaan Persekutuan berkait Akta Antilompat Parti.
Masuk Pas untuk sama-sama susah dengan rakyat - ADUN Rembia
Muhamad Jailani berkata, sebelum ini beliau pernah menghantar surat kepada Lembaga Disiplin UMNO memohon untuk memecat keahliannya daripada parti Melayu itu.
[TERKINI] Astro dipilih sebagai penyiar rasmi Olimpik Paris 2024
Astro dipilih sebagai penyiar rasmi bagi Sukan Olimpik Paris 2024 bermula hujung bulan ini.
[TERKINI] Speaker DUN Melaka tunggu surat rasmi Muhammad Jailani
DUN Melaka masih menunggu surat rasmi daripada Pas berhubung tindakan ADUN Rembia, Datuk Muhamad Jailani Khamis yang menyertai Pas.
Sasar sumbang RM500 bilion kepada kdnk tempoh tiga tahun
Selangor perlu merancakkan semula kapasiti pembuatan untuk tidak hanya memenuhi keperluan tempatan, tetapi menjadikan negeri itu sebagai asas kepada pelan peluasan ke rantau Asia Tenggara dan Asia.
![Wanita dihempap kayu balak mula sedarkan diri Wanita dihempap kayu balak mula sedarkan diri](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/61720789446_Wanitadihempapkay.jpg)
Wanita dihempap kayu balak mula sedarkan diri
Wanita yang nyaris maut akibat dihempap kayu balak dalam kejadian di lampu isyarat di Persimpangan Bendahara, Jalan Gua Musang-Kuala Krai di sini 9 Julai lepas, kini dilaporkan mula sedarkan diri.
Sah suspek anggota polis
Ketua Polis Selangor, Datuk Hussein Omar Khan mengesahkan suspek bunuh Nur Farah Kartini, ialah anggota polis.
Suspek juga yang dipercayai teman lelaki mangsa dan bertugas di Perak.
Suspek juga yang dipercayai teman lelaki mangsa dan bertugas di Perak.
Suspek dibawa ke lokasi kejadian di ladang kelapa sawit
Suspek kes pembunuhan bekas penuntut UPSI Nur Farah Kartini Abdullah dibawa ke lokasi kejadian di ladang kelapa sawit di Kampung Sri Keledang, Hulu Bernam, Selangor.
![Kakitangan Microsoft di China diwajibkan guna iPhone Kakitangan Microsoft di China diwajibkan guna iPhone](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/41720496836_KakitanganMicrosoft.jpg)
Kakitangan Microsoft di China diwajibkan guna iPhone
Pengharaman penggunaan peranti Android turut berkuat kuasa ke atas kakitangan yang bekerja di Hong Kong.
![Google Circle to Search bakal sokong imbasan kod QR Google Circle to Search bakal sokong imbasan kod QR](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/61719818992_GoogleCircle.jpg)
Google Circle to Search bakal sokong imbasan kod QR
Buat masa ini, ciri ini masih dalam peringkat pembangunan kerana ia masih tersembunyi dalam aplikasi Google versi 15.25.32.
![Chrome di Android kini tampil ciri baca laman web Chrome di Android kini tampil ciri baca laman web](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-06/81718621135_ChromeDiAndroid.jpg)
Chrome di Android kini tampil ciri baca laman web
Ciri yang diberi nama 'Listen to this page' ini mula diberikan secara berperingkat sejak semalam dengan akses menerusi menu dalam aplikasi.
![Google uji ciri AI antikecurian bagi telefon pintar Android di Brazil Google uji ciri AI antikecurian bagi telefon pintar Android di Brazil](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-05/51714623217_Googlejpg.jpg)
Google uji ciri AI antikecurian bagi telefon pintar Android di Brazil
Mulai Julai, pengguna di Brazil yang memiliki peranti Android yang bersesuaian akan dapat mengakses versi beta kunci pengesanan kecurian Google, kunci peranti luar talian dan kunci jarak jauh.
![Google kembali guna jenama ‘Google Cast’ sebagai pengganti Chromecast Google kembali guna jenama ‘Google Cast’ sebagai pengganti Chromecast](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-05/51716784671_TBChromecastGoogle.jpg)
Google kembali guna jenama ‘Google Cast’ sebagai pengganti Chromecast
Google Cast bukanlah nama baharu. Pada bulan Mac 2016, Chromecast pernah ditukar kepada Google Cast tetapi ditukar kembali kepada Chromecast kerana populariti dongel keluaran Google yang mampu
![Android akan tambah ciri kenal pasti kejadian ragut, kunci peranti Android akan tambah ciri kenal pasti kejadian ragut, kunci peranti](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-05/61715827335_Sekuriti.jpg)
Android akan tambah ciri kenal pasti kejadian ragut, kunci peranti
Menerusi kemas kini terbaharu, peranti Android akan dapat mengenal pasti telefon sekiranya diragut perompak dan mengunci akses.
![Huawei akan beralih sepenuhnya kepada sistem operasi sendiri tahun ini Huawei akan beralih sepenuhnya kepada sistem operasi sendiri tahun ini](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-05/71715416413_HarmonyOSNEXT.jpg)
Huawei akan beralih sepenuhnya kepada sistem operasi sendiri tahun ini
Dinamakan HarmonyOS Next, ia dibangunkan sepenuhnya dari awal, dan bebas daripada penggunaan sistem Android.
![Adobe tamatkan penawaran Photoshop Mix, Fix untuk Android Adobe tamatkan penawaran Photoshop Mix, Fix untuk Android](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-05/61714986795_tbAdobe.jpg)
Adobe tamatkan penawaran Photoshop Mix, Fix untuk Android
Pengguna boleh menggunakan Photoshop Express yang menyertakan pelbagai ciri-ciri yang terdapat pada kedua-dua aplikasi tersebut.
![Play Store kini benarkan muat turun dua aplikasi serentak Play Store kini benarkan muat turun dua aplikasi serentak](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-04/61714360481_PlayStorejpg.jpg)
Play Store kini benarkan muat turun dua aplikasi serentak
Berdasarkan laporan 9to5Google, ciri ini diberikan secara berperingkat kepada pengguna Android bermula dengan peranti\
![Pengesahan pembayaran Google Play Store kelak akan buang sokongan kata laluan Pengesahan pembayaran Google Play Store kelak akan buang sokongan kata laluan](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-04/61713410565_TBPlayStorejpg.jpg)
Pengesahan pembayaran Google Play Store kelak akan buang sokongan kata laluan
Google dilihat akan membuang sokongan kata laluan bagi menggalakkan pengguna mengesahkan pembayaran dengan sistem biometri.