WikiLeaks on Tuesday released a trove of 8,700 documents, which it claims originated at the CIA’s Center for Cyber Intelligence, that describe, in detail, the agency’s hacking abilities and techniques.
Among the more interesting revelations of the so-called “Vault 7” documents, assuming they’re legitimate, is the sheer breadth of devices government hackers could possibly compromise.
That includes just about everything powered by Microsoft Windows, Android and iOS, such as smartphones, computers and even Samsung smart TVs, which it allegedly figured out how to turn into hidden recording devices under an effort code-named “weeping angel.”
Using those operating system hacks, the CIA could potentially also gain access to information generated by encrypted messaging apps, like Signal and WhatsApp. It’s critical to note, however, that the CIA apparently hasn’t hacked the apps themselves. In other words, unless you’re a high-value target and the CIA has compromised your phone’s operating system, you’re probably not on its radar.
“These kinds of exploits don’t just let them read everyone’s traffic over the ‘net at the push of a button.”
Matt Blaze, a computer scientist and cryptography researcher, encouraged everyone to take today’s news with a grain of salt.
“Large software systems often have exploitable bugs, as everyone already knew,” Blaze wrote on Twitter. “The trove released today seems to be mostly about exploiting platforms.”
“The bad news is that platform exploits are very powerful,” he added. “The good news is that they have to target you in order to read your messages. These kinds of exploits don’t just let them read everyone’s traffic over the ‘net at the push of a button.”
The most effective way to protect yourself, said Blaze, is to stay on top of the “boring stuff,” like promptly installing software updates and steering clear of unneeded apps. Again, if you’re a CIA target, then maybe it should cause concern.
It’s unclear how WikiLeaks obtained the documents. And, as one would expect, the CIA doesn’t have much to say about their existence, much less whether or not the programs they describe are legitimate.
“We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu told Reuters in a statement.
Former National Security Agency contractor Edward Snowden vouched for their authenticity, noting that the names of programs and offices they reference are real and that “only a cleared insider could know them.”
According to Clint Watts, a national security policy expert at the Foreign Policy Research Institute and former FBI special agent, the more frightening implications of this data dump are geopolitical in nature, given the close links between Russia and WikiLeaks and Russia’s increasingly adversarial relationship with the West.
Watts speculated that the curiously timed release ― as conflict between President Donald Trump and the intelligence community comes to a head over an unsubstantiated wiretapping claim ― is intended to further divide Americans while simultaneously weakening America’s relationship with other Western allies.
Trump hasn’t commented on Tuesday’s release, though he has frequently praised WikiLeaks. Earlier this week, Trump campaign adviser Roger Stone acknowledged on Twitter that he had a “back channel” to WikiLeaks founder Julian Assange, though he deleted the admission shortly after.