The anti-secrecy organization WikiLeaks posted thousands of documents Tuesday purporting to reveal CIA hacking secrets, including suggestions that the spy agency is able to turn smart televisions into listening devices and defeat encrypted communications apps such as Signal or WhatsApp.
NBC News has not verified the authenticity of the documents, but computer experts and former intelligence officials were treating them as real. A CIA spokesman declined to comment.
“We do not comment on the authenticity or content of purported intelligence documents,” the CIA’s Jonathan Liu told NBC News.
As part of its release, WikiLeaks made the extraordinary claim that the CIA “lost control of the majority of its hacking arsenal,” including a series of tools that experts say could be turned against Americans. U.S. officials would neither confirm nor deny that allegation.
“This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA,” WikiLeaks said in a news release. “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
“The real story here is the government cannot secure these tools,” said Mark Rasch, a former Justice Department computer crimes prosecutor. “This is akin to anthrax the government has in a lab somewhere. If it gets out, it’s dangerous to all of us.”
WikiLeaks founder Julian Assange said in a statement that the files in its possession are the most comprehensive release of U.S. spying documents ever, even more significant than the huge trove of National Security Agency secrets exposed by former agency contractor Edward Snowden. Assange said the documents came to WikiLeaks from a U.S. intelligence contractor. WikiLeaks redacted the names of purported CIA officers and withheld the actual hacking tools it said might allow hackers to seize control of machines.
Some experts who began examining the documents are not so sure of their significance.
“Even if it’s real, I’m not sure how damaging it is,” said Matthew Green, a computer science professor at Johns Hopkins University. “It seems to be an indication that the CIA does things we assumed it was doing.”
Jeremy Bash, a former chief of staff at the CIA, said he was skeptical that the agency’s entire hacking operation had been exposed.
And, he said, “once the makers of consumer devices know what’s out there, they can build the right defenses.”
“Some of this stuff looks real, but there are a lot of discrepancies,” said James Lewis, a cyber security expert with the Center for Strategic and International Studies. He added that it’s unlikely that so many classified CIA hacking programs would be available to the same person. “This stuff is usually compartmentalized and it’s unusual to have all the compartments put together.”
“The alternative hypothesis is that the Russians have done it again to confuse the story in the U.S. I find that at least as persuasive as the one WikiLeaks is peddling.”
Still, if secret CIA hacking information came into the possession of WikiLeaks, a group the U.S. says has cooperated closely with Russian intelligence, it represents yet another serious breach of sensitive U.S. intelligence data after the case of Snowden and the subsequent charges against Harold Martin, an NSA contractor accused of taking home a huge tranche of secrets.
WikiLeaks has more than 8,700 documents created from 2013 to 2016 that were housed in a database belonging to the CIA’s Center for Cyber Intelligence, says Assange.
The documents, which he described as the CIA’s hacking “arsenal,” purport to show how Britain’s MI5 and the CIA collaborated to take control of microphones on Samsung Smart TVs, found ways around anti-virus software, and got access to the iPhone and Android phone platforms, among many other revelations.
Samsung said in a statement that it’s “urgently” looking into the reports and “protecting consumers’ privacy and the security of our devices is a top priority.”
Even though the CIA’s focus is human spying, the agency has expanded its cyber capabilities in recent years to enhance that mission. Recruiting sources and deploying undercover operatives in the digital age requires an aggressive hacking operation, current and former officials say.
Former CIA Deputy Director David Cohen, an NBC News consultant, said he could not confirm or deny the authenticity of the newly disclosed documents, but, “Everything that we did when I was there — we did it all in strict adherence to the law, and we didn’t spy on Americans.”
One disclosure that may draw attention is a program code named “Umbrage,” which describes an effort to mask the source of a cyber attack by planting false digital fingerprints. The CIA maintains a database of such fingerprints, WikiLeaks said, “including from the Russian Federation.” Those who wish to cast doubt on the U.S. intelligence conclusion that Russia hacked U.S. political institutions may cite these documents.
While the trove includes several documents marked “TOP SECRET” and several labeled “SECRET,” a majority of the data has no classification marking. Many of the files point to common web utilities, including “how-to’s” on installing software and operating systems.
For instance, the documents discuss the U.S. Center for Cyber Intelligence in Europe, which is based in Frankfurt, Germany. Several posts provide helpful travel trips and information about travelling to the CCIE, including which airlines to fly (Lufthansa because they have “free booze”), when and how to send cables, and cautions about maintaining a cover story.
The documents are replete with colorful CIA codewords. Software called the “RickyBobby,” for example, is said to behave in a way similar to how Will Ferrell’s character in “Talladega Nights” behaves when he’s racing.
Regarding encrypted apps, WikiLeaks says that the CIA has the ability to bypass the encryption programs by infiltrating individual devices, thereby obtaining access to communications before they are encrypted.
That appears to mean the phone or other device has to be specifically targeted, not that the CIA has a way of universally bypassing the encryption used by Signal, WhatsApp, and other applications.