WikiLeaks reveals CIA trove alleging wide-scale hacking

WikiLeaks publishes trove purportedly taken from CIA
This is Thursday, Jan. 12, 2017 file photo of the new CIA Director Michael Pompeo, as he testifies on Capitol Hill in Washington. WikiLeaks has published thousands of documents that it says come from the CIA's Center for Cyber Intelligence, a dramatic release that appears to give an eye-opening look at the intimate details of the agency's cyberespionage effort. (AP Photo/Manuel Balce Ceneta)

WikiLeaks published thousands of documents Tuesday described as secret files about CIA hacking tools the government employs to break into users' computers, mobile phones and even smart TVs from companies like Apple, Google, Microsoft and Samsung.

The documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features intended to keep the private information of citizens and corporations safe from prying eyes. U.S. government employees, including President Donald Trump, use many of the same products and internet services purportedly compromised by the tools.

The documents describe CIA efforts—cooperating with friendly foreign governments and the U.S. National Security Agency—to subvert the world's most popular technology platforms, including Apple's iPhones and iPads, Google's Android phones and the Microsoft Windows operating system for desktop computers and laptops.

The documents also include discussions about compromising some internet-connected televisions to turn them into listening posts. One document discusses hacking vehicle systems, indicating the CIA's interest in hacking modern cars with sophisticated on-board computers.

WikiLeaks has a long track record of releasing top secret government documents, and experts who sifted through the material said it appeared legitimate.

Jonathan Liu, a spokesman for the CIA, said: "We do not comment on the authenticity or content of purported intelligence documents." White House spokesman Sean Spicer also declined comment.

Missing from WikiLeaks' trove are the actual hacking tools themselves, some of which were developed by government hackers while others were purchased from outsiders. WikiLeaks said it planned to avoid distributing tools "until a consensus emerges" on the political nature of the CIA's program and how such software could be analyzed, disarmed and published.

Tuesday's disclosure left anxious consumers who use the products with little recourse, since repairing the software vulnerabilities in ways that might block the tools' effectiveness is the responsibility of leading technology companies. The revelations threatened to upend confidence in an Obama-era government program, the Vulnerability Equities Process, under which federal agencies warn technology companies about weaknesses in their software so they can be quickly fixed.

It was not immediately clear how WikiLeaks obtained the information, and details in the documents could not immediately be verified. WikiLeaks said the material came from "an isolated, high-security network" inside the CIA's Center for Cyber Intelligence but didn't say whether the files were removed by a rogue employee or whether the theft involved hacking a federal contractor working for the CIA or perhaps breaking into a staging server where such information might have been temporarily stored.

"The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive," WikiLeaks said in a statement.

Some technology firms on Tuesday said they were evaluating the information. Microsoft Corp. said it was looking into the report, while the maker of secure messaging app Signal said the purported CIA tools affected users' actual phones and not its software design or encryption protocols.

The tools described in the documents carried bizarre names, including Time Stomper, Fight Club, Jukebox, Bartender, Wild Turkey, Margarita and "RickyBobby," a racecar-driving character in the comedy film, "Talladega Nights."

That RickyBobby tool, the documents said, was intended to plant and harvest files on computers running "newer versions of Microsoft Windows and Windows Server." It operated "as a lightweight implant for target computers" without raising warnings from antivirus or intrusion-detection software. It took advantage of files Microsoft built into Windows since at least 10 years ago.

The files include comments by CIA hackers boasting in slang language of their prowess: "You know we got the dankest Trojans and collection tools," one reads.

The documents show broad exchanges of tools and information among the CIA, NSA and other U.S. intelligence agencies, as well as intelligence services of close allies Australia, Canada, New Zealand and the United Kingdom.

WikiLeaks claimed the CIA used both its Langley, Virginia, headquarters and the U.S. consulate in Frankfurt, Germany, as bases for its covert hackers. The AP found that one purported CIA hack that imitates the Domain Name System—the internet's phone book—traced to an internet domain hosted in Germany.

Jake Williams, a security expert with Augusta, Georgia-based Rendition Infosec who has experience dealing with government hackers, said the files' extensive references to operation security meant they were almost certainly government-backed. "I can't fathom anyone fabricated that amount of operational security concern," he said. "It rings true to me."

In an unusual move, WikiLeaks said it was withholding some secrets inside the documents. Among them, it said it had withheld details of tens of thousands of "CIA targets and attack machines throughout Latin America, Europe and the United States."

WikiLeaks also said its data included a "substantial library" of digital espionage techniques borrowed from other countries, including Russia.

If the authenticity of the documents is officially confirmed, it would represent yet another catastrophic breach for the U.S. intelligence community at the hands of WikiLeaks and its allies, which have repeatedly humbled Washington with the mass release of classified material, including from the State Department and the Pentagon.

Tuesday's documents purported to be from the CIA's "Embedded Development Branch" discuss techniques for injecting malicious code into computers protected by the personal security products of leading international anti-virus companies. They describe ways to trick anti-virus products from companies including Russia-based Kaspersky Lab, Romania-based BitDefender, Dutch-based AVG Technologies, F-Secure of Finland and Rising Antivirus, a Chinese company.

In the new trove, programmers also posted instructions for how to access user names and passwords in popular internet browsers like Microsoft Internet Explorer, Google Chrome and Mozilla Firefox. Under a list of references in one exchange, users were advised: "Be advised, the following may be low traffic sites, sites in which it might be a good idea to disable JavaScript, etc," referring to a widely used internet programming language. "Remember, practice safe browsing, kidz!" they were told.

Some documents were classified "secret" or "top secret" and not for distribution to foreign nationals. One file said those classifications would protect deployed hacks from being "attributed" to the U.S. government. The practice of attribution, or identifying who was behind an intrusion, has been difficult for investigators probing sophisticated hacks that likely came from powerful nation-states.

___

Satter reported from Paris. Associated Press writers Stephen Braun, Vivian Salama, Frank Bajak, Tammy Webber and Michael Liedtke contributed to this report.

___

Follow Jack Gillum on Twitter at twitter.com/jackgillum or Raphael Satter at twitter.com/razhael . Both can be reached at www.ap.org/tips .


Explore further

WikiLeaks to defy US demands on leaked cables

© 2017 The Associated Press. All rights reserved.

Citation: WikiLeaks reveals CIA trove alleging wide-scale hacking (2017, March 7) retrieved 19 October 2019 from https://phys.org/news/2017-03-wikileaks-publish-1000s-cia-documents.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
7 shares

Feedback to editors

User comments

Mar 07, 2017
Is there some conspiracy between WikiLeaks and ISIS? Since WikiLeaks has not revealed anything from ISIS?

Mar 07, 2017
LoL! More scare tactics to frighten the American population! Doesn't anybody realize how impossible it is to listen in on every citizen plus all of their computer devices. The NSA would need a staff that was 7x the population of the country! I know what you are thinking....the data sniffers look for key words. Ok, have fun sifting through those while the news is on. It is scientifically impossible for the NSA, even with the help of the CIA, to monitor every citizen's words, even if they were synced with our brains! This Snowden planned leak scam is getting way out of hand. It was bad enough when the NSA and Snowden started scaring people when they planned their fake leak! I can't believe people are so gullible. What do you think Charlie Brooker?

Mar 08, 2017
What scare? The constitution or it's amendments never mention privacy. The same court that ruled against gun rights and then for gun rights and are responsible for the murder of millions of our children are the same ones who said that privacy was implied in the constitution.

Mar 08, 2017
Doesn't anybody realize how impossible it is to listen in on every citizen plus all of their computer devices. The NSA would need a staff that was 7x the population of the country!

I don't think you're aware of the power of filtering that can bedone automatically (also a staff 7x the population of trhe country is cleraly idiotic. If you wanted to spy on everyone without the use of any computers you'd 'just' need a staff 1x as large as the population)

Checking for key words and phrases as well as correlating metadata (e.g. x calls y ...which in turn often results in a communication with z in short order means that x, y and z are organizationally connected, etc. ) is incredibly easy to perform from a mathematical standpoint.

Heck, even countries like former east germany managed almost total observation of the populace *without* using any computer analysis whatsoever. And their intelligence staff was only about 1 person for every 120 citizens.

Mar 08, 2017

Heck, even countries like former east germany managed almost total observation of the populace *without* using any computer analysis whatsoever. And their intelligence staff was only about 1 person for every 120 citizens
-This is because in soviet union was only 1 phone for 120 people. That was on purpose.

Mar 08, 2017
As for your quote: you might head over to wikipedia

https://en.wikipe...#Germany
"Graulich concluded that European government agencies were targeted massively and that Americans hence broke contractual agreements. He also found that German targets which received special protection from surveillance of of domestic intelligence agencies by Germany's Basic Law (Grundgesetz) − including numerous enterprises based in Germany − were featured in the NSA's wishlist in a surprising plentitude"

Mar 08, 2017
Oops, wrong rating for AA, but let's see what the Mossad has done, shall we? They have corrupted almost every major nation on Earth.

Mar 08, 2017
@STOLEN VALOR LIAR-kam
but let's see what the Mossad has done, shall we?
why is that relevant?
They have corrupted almost every major nation on Earth
false claim
you couldn't even check your facts first?
1- Mossad is responsible for intelligence collection, covert operations, and counterterrorism, as well as bringing Jews to Israel from countries where official Aliyah agencies are forbidden, and protecting Jewish communities http://www.global...ssad.htm

2- mossad works for the PM

3- they're not capable of corrupting a major nation unless said major nation is run by idiots like you who aren't capable of validating facts with their own CIA, NSA or google etc

that means Rule 37 as well as simple fact checking, as well as never taking what anyone says as valid without corroboration (you know, like the scientific method you ignore?)

per your own request ...


Mar 08, 2017
but let's see what the Mossad has done, shall we? They have corrupted almost every major nation on Earth.
Replaying the "Elders of Zion" Cher? Antisemitic any way you parse it.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more