Anti-secrecy group WikiLeaks has published what it says is a secret stash of hacking tools used by the CIA and Britain’s MI5 to turn ordinary citizens’ phones, tablets and even TVs into bugging devices to record conversations and even take photos.
he group, led by campaigner Julian Assange, says the CIA has been able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal, by hacking phones that use Google’s Android platform to collect audio and message traffic before encryption is applied.
Several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.
The information, in what WikiLeaks said were 7,818 web pages with 943 attachments, represents the latest in a string of breaches in recent years of classified material from US intelligence agencies.
Stuart McClure, CEO of Californian cyber-security firm Cylance, said one of the most significant disclosures showed how CIA hackers covered their tracks by leaving trails suggesting they were from Russia, China and Iran rather than the US.
Other revelations show how the CIA took advantage of technical vulnerabilities that are known, if not widely publicised.
In one case, the documents say, US and British personnel, under a program known as Weeping Angel, developed ways to take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.
“You thought your technology was safe. It’s never been safe,” said James Lewis, cybersecurity expert at the Centre for Strategic and International Studies think-tank.
“We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said.
Google said it was investigating the matter.
Whistleblower Edward Snowden said on Twitter the files amounted to the first public evidence that the US government secretly buys software to exploit technology, referring to a table published by WikiLeaks that appeared to list various Apple iOS flaws bought by the CIA and other intelligence agencies.
The documents refer to means for accessing phones directly in order to catch messages before they are protected by end-to-end encryption tools like Signal.
The CIA in recent years underwent a restructuring to focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries. The spy agency is prohibited by law from collecting intelligence that details domestic activities of Americans and is generally restricted in how it may gather any US data for counterintelligence purposes.
The documents published yesterday appeared to supply specific details to what has been long-known in theory – that US and British intelligence agencies are constantly working to discover and exploit flaws in any manner of technology products.
Unlike the Snowden leaks, which revealed the NSA was secretly collecting details of telephone calls by ordinary Americans, the new WikiLeaks material did not appear to contain material that would fundamentally change what is publicly known about cyber espionage.
WikiLeaks said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA’s “entire hacking capacity.”
The documents do not include actual computer code needed to conduct the cyber exploits they describe.
WikiLeaks said it published the CIA documents “while avoiding the distribution of ‘armed’ cyber weapons until a consensus emerges on the technical and political nature of the CIA’s programme and how such ‘weapons’ should be analysed, disarmed and published”.
US intelligence agencies claim Wikileaks has ties to Russia’s security services.
During the 2016 US presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the agencies said were hacked by Moscow as part of a co-ordinated campaign to help Donald Trump win the presidency.
WikiLeaks has denied ties to Russian spy agencies.
In a press release, the group said: “The archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive.”