Wikileaks claims CIA 'lost control' of its hacking arsenal

UVU teaches cybersecurity amid threats of CIA spying through televisions, phones (Photo: KUTV)

Wikileaks founder Julian Assange made a broadcast appearance on Thursday to discuss the release of Vault 7, what the group has called the largest ever publication of classified CIA documents detailing the agency's hacking tools and techniques.

According to Assange, the Central Intelligence Agency produced a large set of cyber weapons and then "lost control" of its arsenal. The agency, he said, was aware that its cyber weapons were loose, but failed to inform the companies who were vulnerable to attack. While some of the companies have developed countermeasures to defend their systems against the hacking tools, others have not been able to provide fixes based on the information available, specifically defenses for the Apple iPhone, Samsung TVs, Google's Android phones, and Microsoft products.

"Why has the Central Intelligence Agency not acted with speed to come together with Apple, Microsoft and other manufacturers to defend us all from its own weapons systems?" Assange asked. The tools released earlier this week represent only 1 percent of the data the group has access to.

Assange announced that Wikileaks would be sharing additional, not-yet-released information with the tech companies affected by the hacking tools, "to give them some exclusive access to the technical details we have so that fixes can be developed and pushed out, so people can be secured."

The U.S. government issued a strong response in reaction to the leaks in a move that some have read as confirmation that the disclosed content is authentic. The information released shows the CIA was able to break into smartphones, computers, internet-connected televisions, and even take control of self-driving cars. In total, Wikileaks released approximately 8,000 pages of classified information and millions of lines of code reportedly used in CIA hacking operations.

The CIA stated on Wednesday that the American public should be "deeply concerned" about Wikileaks actions, adding, "Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm."

White House press secretary Sean Spicer told reporters on Thursday that President Trump has "grave concern" about the the release of classified information that "undermines our national security." Based on the leaks, Trump believes "the systems at CIA are outdated and need to be updated," according to Spicer.

Objectively, the loss of this information represents a notable failure for America's spy agency. If the data was taken by someone working within the agency itself or a CIA contractor, it would mark the third time in recent years that the intelligence community has been victim to an insider an attack. In 2012, Army intelligence analyst Bradley Manning (now Chelsea Manning) leaked millions of pages of classified documents to Wikileaks. In 2013, former NSA contractor Edward Snowden teamed up with journalists to release a trove of materials related to U.S. government mass surveillance.

Another possibility is that the information was stolen from CIA by a nation state actor. This possibility is increasingly relevant in light of the declassified report on Russian election meddling, which implied close connections and possibly a working relationship between the Russian government and Wikileaks. Both Wikileaks and the Russian government have publicly denied any collaboration.

"This is a catastrophic leak of intelligence information," said Mike Allen, a former National Security Council official under George W. Bush. "The community is just finishing the damage assessment from Snowden. To have another gigantic leak is a catastrophe that raises all kinds of issues about how do we protect against insider threats, are our own classified systems secure? It questions everything."

The cascade of damaging leaks coming out of the intelligence community also raises the prospect of investigations, Allen said, not just criminal investigations for those responsible for the breach, but looking at the governance of the intelligence community as a whole.

On Capitol Hill there are rumblings of a possible oversight investigation to figure out what went wrong that led to the disclosure of numerous tools in the CIA's cyber arsenal and why these leaks keep happening. A handful of senators on the Intelligence Committee would not comment on the CIA leaks, staying tight-lipped about what they know now and what might come next.

Sen. John McCain (R-Ariz.) characterized the leak as a "devastating blow." He blasted the intelligence community saying these breaches continue to occur because the intelligence community has not put in place sufficient measures to prevent them. "That requires congressional oversight."

McCain went on to insist that the incident be examined and procedures reviewed within the intelligence community and its network of contractors. "Something has gone wrong ... We need to stop this and we need to look at who has access to all of this information."

The ranking Democrat on the committee, Sen. Mark Warner (Va.) would not comment on the possible damage caused by the disclosure, but affirmed, "There is a great deal of evidence, and even in the declassified section of the Russia report, that Wikileaks is not friend of the United States. And I think there are a lot of things that need to be pursued against Mr. Assange."

Assange has been holed up in the Ecuadorian Embassy in London since 2012, claiming diplomatic immunity against those who sought to prosecute him for disclosing classified government information, and an unrelated case of alleged sexual assault. Former President Barack Obama actively sought criminal prosecution of Assange and his associates, even though he commuted Chelsea Manning's sentence in the final week of his presidency.

On Thursday, Sean Spicer indicated that the new Trump administration had not changed the U.S. government position on Assange, and any further comments would have to come from the Justice Department.

Yet while government officials and members of the intelligence community sound the alarms over the latest breach, cyber practitioner and technologist Bruce Schneier believes releasing some of the attack tools could actually make the average person safer.

"It is definitely better for us if these vulnerabilities are disclosed to the vendors," Schneier said, noting that many of the tools that were published in the leak were old and had already been patched. "We were probably in more danger before they were released," he added, "because remember, if the CIA has them, other countries probably do too."

In a statement on Tuesday, Apple told its users that it had already patched many of the security vulnerabilities identified in the Wikileaks disclosure. Google also released a statement notifying its users that it had fixed the vulnerabilities outlined in the leaked documents related to the Android phone.

The real concern is not in the material that was released. That material was selectively redacted by Wikileaks, a new practice for the group that usually dumps data with little discretion. The concern is about the information that is still "sloshing around the community," Schneier said, information, code, and tools that could be released in un-redacted form.

According to Wikileaks, the trove of materials "appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."

"What other stuff is out there that has been seen by other intelligence agencies and random people that haven't been made public and haven't been fixed? I'm worried about that stuff," he said.

The FBI is reportedly beginning an investigation to determine the source of the unauthorized disclosure, but there is still triage for the intelligence community to do in the short-term.

"It's going to take forever to unpack all of this. Imagine how many people are working right now to trying to figure out what was leaked, how many of these [tools] were active, which ones didn't leak and which are coming next. It's a complete Snowden-like catastrophe," Allen said.

But unlike the information Snowden disclosed, which included sources, methods, targets and even the specific content of NSA intercepts, what was released from Vault 7 was a toolkit that could potentially be used by anyone.

"This is like the how-to book. This is your manual getting out the door and examples of how you put it into practice," Allen explained.

The political ramifications of the leak could be challenging for the Trump administration, especially after Trump heaping praise on Wikileaks during the presidential campaign after the group released hacked emails from the Democratic National Committee and top Hillary Clinton aide, John Podesta.

Clinton's former running-mate and Virginia Senator Tim Kaine urged the White House to "call Wikileaks out for what it is." Based on its role releasing hacked DNC email, the senator charged, Wikileaks is "a propaganda arm of the Russian government."

"They [the Trump administration] were openly consorting with Wikileaks during the campaign," Kaine continued. "At a minimum they were incredibly naive, and I hope they are wiser now."

Reports are still circulating about Donald Trump's combative relationship with the intelligence community after making disparaging remarks about the IC during the transition period, and more recently accusing the FBI of wiretapping Trump Tower. While the intelligence community has left itself wide open for criticism, at the least for failing to protect its own secrets, Trump has not yet taken aim at them for this latest breach of national security.

"Obviously his relationship with the community is evolving," Allen explained. "It takes every president awhile to understand the relationship with this vast community. I expect his view of Wikileaks is going to evolve, if it hasn't already then because of this."

close video ad
Unmutetoggle ad audio on off