The Wikileaks CIA Stash May Prove Interesting, But Not Necessarily for the Hacks
The software tools revealed by the leak are sinister, unsurprising—and potentially politically explosive.
Wikileaks has released a huge number of files that it claims to be the “largest ever publication of confidential documents” from the U.S. Central Intelligence Agency. It includes details of a number of hacking tools, though at first blush they don’t appear to be as incendiary as their potential political ramifications.
Recommended for You
The controversial organization published the first tranche of what it says will become a vast collection called Vault 7 on the morning of March 7. The first wave, called Year Zero, contains 8,761 documents and files from between 2013 and 2016.
At this point in time it’s impossible to have scoured the entire database. But Wikileaks claims that it contains descriptions of tools from the CIA’s hacking program. They are said to include malware that can turn Samsung TVs into covert listening posts, tools to remotely control vehicles, and a number of means to render encrypted messaging apps like WhatsApp and Signal redundant.
None of these approaches are particularly earth-shattering. Samsung had already admitted that its smart TVs could effectively spy on you. Security consultants showed that they could remotely control a Jeep Cherokee two years ago. And as Edward Snowden points out, the files don’t reveal a problem with encrypted messaging services themselves, though they do reveal that the CIA has a number of targeted exploits that allow them to gain partial remote access to iOS and Android.
To be sure, such hacks are sinister. But if we learned anything from Snowden’s disclosure of National Security Agency surveillance programs in 2013, it’s that government agencies feel it necessary to hack any technology the public chooses to use. And, unsurprisingly, little seems to have changed four years on. If the tools that Wikileaks is choosing to highlight in its first announcement of the new files are the most explosive, then the rest look set to underwhelm.
That’s not to say that the publication of the files won’t cause a stir. First, there are bound to be some juicy details lurking among the 8,761 files—but someone needs to find and make sense of them. Second, the files suggest that the CIA was in the practice of stockpiling zero-day vulnerabilities, so called because they give the author of a piece of software zero days to identify and distribute a solution. That may have run counter to processes initiated by the Obama administration in 2013, which demanded all departments follow procedures to decide whether it was reasonable to keep such vulnerabilities secret.
But perhaps most important is the timing. WikiLeaks claims that the files were “published as soon as its verification and analysis were ready.” But the leak comes at a moment when Donald Trump is railing against U.S. intelligence agencies, and it could, perhaps, provide a means for him to attack their intelligence gathering. WikiLeaks has previously dropped leaked files, such as the Hillary Clinton e-mail archive, at politically sensitive moments.
In other words: the political fallout of the leak looks set to outweigh the technical revelations, at least for now.
Keep up with the latest in detecting computer hackers at EmTech MIT.
Discover where tech, business, and culture converge.
September 11-14, 2018
MIT Media Lab