11132019What's Hot:

C.I.A. Scrambles to Contain Damage From WikiLeaks Documents

The disclosures “equip our adversaries with tools and information to do us harm,” said Ryan Trapani, a spokesman for the C.I.A. He added that the C.I.A. is legally prohibited from spying on individuals in the United States and “does not do so.”

The leak was perhaps most awkward for the White House, which found itself criticizing WikiLeaks less than six months after the group published embarrassing emails from John D. Podesta, the campaign chairman for Hillary Clinton, prompting President Trump to declare at the time, “I love WikiLeaks.”

Sean Spicer, the White House spokesman, said the release of documents “should be something that everybody is outraged about in this country.”

There was, he added, a “massive, massive difference” between the leak of classified C.I.A. cyberspying tools and personal emails of political figures.

The documents, taken at face value, suggest that American spies had designed hacking tools that could breach almost anything connected to the internet — smartphones, computers, televisions — and had even found a way to compromise Apple and Android devices. But whether the C.I.A. had successfully built and employed them to conduct espionage remained unclear on Wednesday.

A number of cybersecurity experts and hackers expressed skepticism at the level of technical wizardry that WikiLeaks claimed to uncover, and pointed out that much of what was described in the documents was aimed at older devices that have known security flaws. One document, for instance, discussed ways to quickly copy 3.5-inch floppy disks, a storage device so out of date that few people younger than 35 have probably used one.

One indication that the documents did not contain information on the most highly sensitive C.I.A. cyberespionage programs was that none of them appeared to be classified above the level of “secret/noforn,” which is a relatively low-level of classification.

Some technical experts pointed out that while the documents suggest that the C.I.A. might be able to compromise individual smartphones, there was no evidence that the agency could break the encryption that many phone and messaging apps use.

If the C.I.A. or the National Security Agency could routinely break the encryption used on such apps as Signal, Confide, Telegram and WhatsApp, then the government might be able to intercept such communications on a large scale and search for names or keywords of interest. But nothing in the leaked C.I.A. documents suggests that is possible.

Instead, the documents indicate that because of encryption, the agency must target an individual phone and then can intercept only the calls and messages that pass through that phone. Instead of casting a net for a big catch, in other words, C.I.A. spies essentially cast a single fishing line at a specific target, and do not try to troll an entire population.

“The difference between wholesale surveillance and targeted surveillance is huge,” said Dan Guido, a director at Hack/Secure, a cybersecurity investment firm. “Instead of sifting through a sea of information, they’re forced to look at devices one at a time.”

Mr. Guido also said the C.I.A. documents did not suggest that the agency was far ahead of academic or commercial security experts. “They’re using standard tools, reading the same tech sites and blogs that I read,” he said.

Some of the vulnerabilities described by the C.I.A. have already been remedied, he said: “The holes have been plugged.”

But Joel Brenner, formerly the country’s top counterintelligence official, said he believed the leak was “a big deal” because it would assist other countries that were trying to catch up to the United States, Russia, China and Israel in electronic spying.

He added that the intelligence agencies would have to again assess the advisability of sharing secrets widely inside their walls. “If something is shared with hundreds or thousands of people, there’s a sense in which it’s already no longer a secret,” he said.

The WikiLeaks release included 7,818 web pages with 943 attachments. Many were partly redacted by the group, which said it wanted to to avoid disclosing the code for the tools.

But without the code, it was hard to assess just what WikiLeaks had obtained — and what it was sitting on. The documents indicated that the C.I.A. sought to break into Apple, Android and Windows devices — that is, the vast majority of the world’s smartphones, tablets and computers.

While the scale and nature of the C.I.A. documents appeared to catch government officials by surprise, there had been some signs a document dump was imminent. On Twitter, the organization had flagged for weeks that something big, under the WikiLeaks label “Vault 7,” was coming soon.

On Feb. 16, WikiLeaks released what appeared to be a C.I.A. document laying out intelligence questions about the coming French elections that agency analysts wanted answers to, either from human spies or eavesdropping. When WikiLeaks released the cyberspying documents on Tuesday, it described the earlier document as “an introductory disclosure.”

Source: NYT > World

comments powered by HyperComments

More on the topic