Wednesday, March 08, 2017

C.I.A. Scrambles to Contain Damage From WikiLeaks Documents
By MATTHEW ROSENBERG, SCOTT SHANE and ADAM GOLDMAN
New York Times
MARCH 8, 2017

WASHINGTON — The C.I.A. scrambled on Wednesday to assess and contain the damage from the release by WikiLeaks of thousands of documents that cataloged the agency’s cyberspying capabilities, temporarily halting work on some projects while the F.B.I. turned to finding who was responsible for the leak.

Investigators say that the leak was the work not of a hostile foreign power like Russia but of a disaffected insider, as WikiLeaks suggested when it released the documents Tuesday. The F.B.I. was preparing to interview anyone who had access to the information, a group likely to include at least a few hundred people, and possibly more than a thousand.

An intelligence official said the information, much of which appeared to be technical documents, may have come from a server outside the C.I.A. managed by a contractor. But neither he nor a former senior intelligence official ruled out the possibility that the leaker was a C.I.A. employee.

The officials spoke on the condition of anonymity to discuss an ongoing investigation into classified information. The C.I.A. has refused to explicitly confirm the authenticity of the documents, but it all but said they were genuine Wednesday when it took the unusual step of putting out a statement to defend its work and chastise WikiLeaks.

The disclosures “equip our adversaries with tools and information to do us harm,” said Ryan Trapani, a spokesman for the C.I.A. He added that the C.I.A. is legally prohibited from spying on individuals in the United States and “does not do so.”

The leak was perhaps most awkward for the White House, which found itself criticizing WikiLeaks less than six months after the group published embarrassing emails from John D. Podesta, the campaign chairman for Hillary Clinton, prompting President Trump to declare at the time, “I love WikiLeaks.”

Sean Spicer, the White House spokesman, said the release of documents “should be something that everybody is outraged about in this country.”

There was, he added, a “massive, massive difference” between the leak of classified C.I.A. cyberspying tools and personal emails of political figures.

The documents, taken at face value, suggest that American spies had designed hacking tools that could breach almost anything connected to the internet — smartphones, computers, televisions — and had even found a way to compromise Apple and Android devices. But whether the C.I.A. had successfully built and employed them to conduct espionage remained unclear on Wednesday.

A number of cybersecurity experts and hackers expressed skepticism at the level of technical wizardry that WikiLeaks claimed to uncover, and pointed out that much of what was described in the documents was aimed at older devices that have known security flaws. One document, for instance, discussed ways to quickly copy 3.5-inch floppy disks, a storage device so out of date that few people younger than 35 have probably used one.

One indication that the documents did not contain information on the most highly sensitive C.I.A. cyberespionage programs was that none of them appeared to be classified above the level of “secret/noforn,” which is a relatively low-level of classification.

Some technical experts pointed out that while the documents suggest that the C.I.A. might be able to compromise individual smartphones, there was no evidence that the agency could break the encryption that many phone and messaging apps use.

If the C.I.A. or the National Security Agency could routinely break the encryption used on such apps as Signal, Confide, Telegram and WhatsApp, then the government might be able to intercept such communications on a large scale and search for names or keywords of interest. But nothing in the leaked C.I.A. documents suggests that is possible.

Instead, the documents indicate that because of encryption, the agency must target an individual phone and then can intercept only the calls and messages that pass through that phone. Instead of casting a net for a big catch, in other words, C.I.A. spies essentially cast a single fishing line at a specific target, and do not try to troll an entire population.

“The difference between wholesale surveillance and targeted surveillance is huge,” said Dan Guido, a director at Hack/Secure, a cybersecurity investment firm. “Instead of sifting through a sea of information, they’re forced to look at devices one at a time.”

Mr. Guido also said the C.I.A. documents did not suggest that the agency was far ahead of academic or commercial security experts. “They’re using standard tools, reading the same tech sites and blogs that I read,” he said.

Some of the vulnerabilities described by the C.I.A. have already been remedied, he said: “The holes have been plugged.”

But Joel Brenner, formerly the country’s top counterintelligence official, said he believed the leak was “a big deal” because it would assist other countries that were trying to catch up to the United States, Russia, China and Israel in electronic spying.

He added that the intelligence agencies would have to again assess the advisability of sharing secrets widely inside their walls. “If something is shared with hundreds or thousands of people, there’s a sense in which it’s already no longer a secret,” he said.

The WikiLeaks release included 7,818 web pages with 943 attachments. Many were partly redacted by the group, which said it wanted to to avoid disclosing the code for the tools.

But without the code, it was hard to assess just what WikiLeaks had obtained — and what it was sitting on. The documents indicated that the C.I.A. sought to break into Apple, Android and Windows devices — that is, the vast majority of the world’s smartphones, tablets and computers.

While the scale and nature of the C.I.A. documents appeared to catch government officials by surprise, there had been some signs a document dump was imminent. On Twitter, the organization had flagged for weeks that something big, under the WikiLeaks label “Vault 7,” was coming soon.

On Feb. 16, WikiLeaks released what appeared to be a C.I.A. document laying out intelligence questions about the coming French elections that agency analysts wanted answers to, either from human spies or eavesdropping. When WikiLeaks released the cyberspying documents on Tuesday, it described the earlier document as “an introductory disclosure.”

Follow Matthew Rosenberg on Twitter @AllMattNYT

No comments: