While the intelligence community is busy assessing the leaked CIA documents, saying the release isn't as big as WikiLeaks made it look like, there is one question that is disturbing everyone - how could the agency let such a massive trove of information get out of its hands. Snowden's NSA leaks were surprising to Americans, but they also shocked the surveillance-friendly agency. But, the Central Intelligence Agency did have a precedent and should have been more careful.
A Reuters report further adds to the fire reporting that the law enforcement and intelligence officials knew of the breach since late last year. Citing intelligence officials, the report added that the agency was "focusing on contractors as the likeliest source of the leak".
On Tuesday, WikiLeaks published over 8,700 files documenting CIA's covert spying and hacking operations. The organization claimed it is only the start as it plans to leak even more such documents. The documents labeled "confidential" detailed how the agency used exploits to target Android, iOS, Windows, Linux, and macOS devices, along with targeting Samsung TVs.
WikiLeaks' focus on Russia
WikiLeaks has been speculative about these documents in its statement, presenting theories that the CIA could be using vehicle hacks to carry out assassinations and that the agency was repurposing hacking code to frame Russia - the latter of which has been proven false based on the documents leaked by the organization itself. A report by The Intercept detailed how hackers everywhere use publicly available code to save time.
"What we can conclusively say from the evidence in the documents is that they’re creating snippets of code for use in other projects and they’re reusing methods in code that they find on the internet,” Robert Graham, CEO of Errata Security, told the publication. “Elsewhere they talk about obscuring attacks so you can’t see where it’s coming from, but there’s no concrete plan to do a false flag operation. They’re not trying to say ‘We’re going to make this look like Russia’".
While it is not unlike the CIA to try placing the blame for a particular hacking attack on another group or nation state, WikiLeaks' emphasis of accusing a US agency trying to frame Russia - and Russia alone - adds to the suspicion that was already aimed at the group.
We have contacted WikiLeaks and will update when the organization responds to our request for comment.
CIA lost control of its hacking arsenal, but the agency is very proud of itself...
Whatever WikiLeaks' intentions, the released documents did confirm that intelligence agencies have tools to spy on any device they may want to. For a long time, the security industry and tech companies have criticized how the US intelligence agencies sit on a stockpile of exploits, risking user security.
But, the CIA doesn't think of this as bad at all. In fact, the agency is very proud of using zero-day exploits as the "first line of defense".
"It is CIA's job to be innovative, cutting edge, and the first line of defense in protecting this country from enemies abroad," Jonathan Liu, a CIA spokesman said in a statement. "America deserves nothing less."
"The CIA's mission is to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries."
While the agency doesn't confirm or deny if the documents are authentic, it argues that hacking and collecting intel is exactly what it's supposed to be doing.
The CIA however, did add that Americans don't need to worry about these tools being used against them. "It is also important to note that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so."
The agency wants you to trust it when it comes to using hacking and spying tools "legally", but definitely hates WikiLeaks and want everyone else to hate it too. "The American public should be deeply troubled by any Wikileaks disclosures designed to damage the intelligence community's ability to protect America against terrorists and other adversaries."
"Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm," the agency added.
CIA may be worried about its tools and tactics being followed by its adversaries, but the leaks have certainly further damaged the world's trust in information security of American companies and businesses.
