Does WikiLeaks C.I.A. Dump Suggest Cybersecurity is Largely Futile?

Thus far, WikiLeaks has redacted the actual codes used in C.I.A. cyber attacks, citing a type of ethics review. But the fear is the organization could choose to release the powerful, weaponized exploits at any time.

Aldrin Brown, Editor-in-Chief

March 9, 2017

3 Min Read
Does WikiLeaks CIA Dump Suggest Cybersecurity is Largely Futile

This week’s WikiLeaks disclosure essentially confirms the harsh reality that all of the endpoints IT professionals work so hard to secure have long been cracked and rendered wide open to intrusion by the U.S. government – at least.

Tuesday’s document dump by the famous leak-disseminating online publication lays out several hundred million lines of code that appear to confirm sensitive C.I.A. methods for hacking into an unnerving array of electronic devices, including smartphones, computers and smart TVs.

Thus far, WikiLeaks has redacted sufficient portions of the actual code used in C.I.A. cyber attacks, citing a type of ethics review. But the fear is the organization could choose to release details of the powerful, weaponized exploits at any time.

“The…site didn’t’ release the code, saying it was postponing release ‘until a consensus emerges on the technical and political nature of the C.I.A.’s program,’ and how the cyberweapons could be disarmed,” USA Today reported in an article.

A worst-case scenario has U.S. intelligence agencies eavesdropping on anyone, anywhere, so long as an Internet-enabled electronic device is situated nearby. 

“In one revelation that may especially trouble the tech world if confirmed, WikiLeaks said that the C.I.A. and allied intelligence services have managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram,” according to an article in the New York Times. “According to WikiLeaks, government hackers can penetrate smartphones and collect ‘audio and message traffic before encryption is applied.’”

That report also describes some of the other exploits:

“A program called Wrecking Crew explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer,” the New York Times article states. “Other programs were called CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.”

In a “press release” accompanying the document dump, WikiLeaks said the 8,761 files released this week comprise just the first portion of records and documents stolen from one of the U.S.’s most important intelligence agencies.

“Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation,” the WikiLeaks statement said. 

“This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA,” it continued. “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

WikiLeaks said the source seeks to stoke a public debate about cyberweapons.

But while the revelations clearly mark an upending of the cybersecurity world, multiple experts said the dump offered little in the way of surprises.

“The types of capabilities described in the WikiLeaks (files) are not new and many of the exploits were demonstrated as technically possible for a while now," Slawek Ligier, vice president of security engineering at Barracuda Networks, told the U.K. publication IT Pro.

Matthew Ravden, a vice president at security systems specialist Balabit, told IT Pro that: “Assuming these revelations are true (and they certainly appear to be authentic), it's probably fairly shocking to the general public to see the lengths to which a sophisticated government-sponsored organization will go to find ways of 'listening in,’ through TVs, smart-phones or other 'connected' devices.”

“For those of us in the security industry, however, none of this is particularly surprising,” Ravdin continued. “The resources available to the CIA, (British) MI5, or the (Russian) FSB are such that they can do pretty much anything; they live by a different set of rules from the rest of us."

 

 Send tips and news to [email protected].

Read more about:

AgentsMSPsVARs/SIs

About the Author

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.

 

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like