Following the Edward Snowden leaks four years ago that revealed extensive and detailed information on the National Security Agency’s mass surveillance programs, media reports surfaced indicating that Russia’s Federal Guard Service was reverting to using typewriters and paper documents in an attempt to avoid the pervasive monitoring of the digital age.
But if Russia’s response to the Snowden disclosures seemed overzealous at the time, today it seems Moscow may have simply been ahead of the game. As the latest document dump from Wikileaks reveals, while the NSA’s dragnet surveillance programs vacuum up massive, population-level data sets, the Central Intelligence Agency has its own set of hacking capabilities tailored to targeting individuals — and they can hack into virtually any phone or computer, along with cameras and TVs, and possibly even your car.
The more than 8,000 documents published Tuesday, March 7, comprise what Wikileaks is calling “Year Zero,” the first installment in what the transparency activism group promises will be “the largest intelligence publication in history” and which it has dubbed “Vault 7.”
Ironically, while it was The Guardian and the Washington Post that originally broke the story of Snowden’s NSA leaks and published some of the biggest articles about them, both publications have since joined and often led the mainstream media chorus of sometimes dubious accusations of Russian meddling in the 2016 U.S. election. The Guardian, for example, characterizes the latest Wikileaks dump as the “most recent weapon in US-Russia battle” and describes the Wikileaks organization itself as “widely seen as sitting firmly in Moscow’s corner.”
Yet documents in the “Year Zero” dump appear to potentially call into question basic claims about the Russian “election hacking” that has received so much media attention in recent months.
When the accusations first started to fly with regards to Russian state actors being behind disclosures such as the Democratic National Committee leaks, the only real evidence being presented to the public, it seemed, were things like the style of smiley face emoticon used in a “Guccifer 2.0” blog post and a seemingly ironic reference to Soviet Secret Police founder “Iron Felix” Dzerzhinsky.
Following the election, the situation was not much improved with developments like the late December release of the so-called “Grizzly Steppe” report from the Department of Homeland Security and the FBI. That report was widely criticized for its lack of detail, although a longer “Enhanced Analysis” of the Grizzly Steppe report has since been published.
But documents from Wikileaks’ Year Zero release appear to cast the Russian election hacking narrative in a different light, given that they “suggest that one of the agency’s divisions – the Remote Development Branch’s UMBRAGE Group – may have been cataloguing hacking methods from outside hackers, including in Russia, that would have allowed the agency to mask their identity by employing the method during espionage,” according to USA Today. In other words, the evidence supporting the narrative that has been widely pushed by anonymous intelligence agents regarding Russian election hacking could conceivably have been planted by the CIA itself.
“The CIA’s Remote Devices Branch‘s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation,” according to Wikileaks’ own analysis of the material released Tuesday. “With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from.”
“UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.”
In fairness to the U.S. intelligence community, the CIA in particular, and media outlets such as the Washington Post that have aggressively pursued the Russian hacking angle in their election and post-election coverage, this could all conceivably be more Russian disinformation. The document dump is coming from Wikileaks, after all, which was included among more than 200 websites in the “PropOrNot” report controversially cited by the Post as evidence of Moscow-directed influence operations aimed at electing Donald Trump. Yet the documents appear to be legitimate.
“There was no public confirmation of the authenticity of the documents, which were produced by the C.I.A.’s Center for Cyber Intelligence and are mostly dated from 2013 to 2016,” the New York Times reported. “But one government official said the documents were real, and a former intelligence officer said some of the code names for C.I.A. programs, an organization chart and the description of a C.I.A. hacking base appeared to be genuine.”
“The agency appeared to be taken by surprise by the document dump on Tuesday morning. A C.I.A. spokesman, Dean Boyd, said, ‘We do not comment on the authenticity or content of purported intelligence documents.'”
Whether or not the targeting and timing of the document dump is meant as a political attack on the U.S. — and whether or not it was planned as part of an information warfare campaign aimed at benefiting Russia — the publication of these documents is a major development. It will take time for journalists to comb through just the initial “Year Zero” phase of the document dump, but what is immediately clear is that the disclosures prove what many privacy rights advocates have long feared: that the U.S. government has the means to access virtually any electronic communication if it really wants to, to log keystrokes, and to hijack devices such as phones and webcams and use them for surveillance.
In its analysis of the documents, Wikileaks notes that some of the techniques outlined “permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”
Reporters have disputed Wikileaks’ analysis on the issue of encrypted messaging apps being compromised. “The end-to-end encryption protocols underpinning these private messaging apps protect all communications as they pass between devices. No one, not even the companies providing the service, can read or see that data while it is in transit. Nothing in the CIA leak disputes that. The underlying software remains every bit as trustworthy now as it was before WikiLeaks released the documents,” writes Brian Barrett of Wired.
“Of course, the CIA can compromise the devices sending or receiving those messages. By taking control of a so-called end point, spies can access everything on a smartphone, be it texts, videos, the camera, or the microphone,” Barrett writes. But most of us need not worry about such a “total-device takeover,” he says, as the CIA’s use of such exploits is “largely limited to nation-state actors.”
In addition to being a resource for journalists, Wikileaks’ Vault 7 seems likely to prove useful not only to well-meaning security experts but also to potentially malicious hackers of all sorts, which is why Wikileaks is “avoiding the distribution of ‘armed’ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.” In what Wikileaks describes as an “astounding” move by the CIA, the agency chose to make the code for its hacking capabilities unclassified and non-proprietary.
“To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet,” according to Wikileaks’ analysis. “If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufactures and computer hackers can freely ‘pirate’ these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.”
The curtain has finally been pulled back, it seems, on the CIA’s Wizard-of-Oz-like smoke and mirrors show when it comes to hacking. Its secrets are spilling out into the open, with more apparently on the way. Stay tuned for more coverage of the collapsing plausible deniability surrounding the CIA’s hacking operations, and whatever else comes out of Wikileaks’ Vault 7.