CIA hacking dump by Wikileaks sends tech firms scrambling for fixes

Leaks could expose US spying operations in countries from North Korea to Iran

The lobby of CIA headquarters in Langley, Virginia: WikiLeaks released a trove of documents detailing the CIA’s capacity to hack all manner of devices. Photograph: Saul Loeb/AFP/Getty
The lobby of CIA headquarters in Langley, Virginia: WikiLeaks released a trove of documents detailing the CIA’s capacity to hack all manner of devices. Photograph: Saul Loeb/AFP/Getty

Tech companies must rapidly step up information sharing to protect users from prying eyes, a security software executive said on Wednesday after WikiLeaks released a trove of documents detailing the CIA’s capacity to hack all manner of devices.

Dozens of firms rushed to contain the damage from possible security weak points following the anti-secrecy organisation’s revelations, although some said they needed more detailed information on what the US intelligence agency was up to before they can thwart suspected, but previously hidden attacks.

If confirmed, the leaks could expose US operations in countries from North Korea to Iran.

“If they can hack into the CIA they can hack into anyone,” Republican Senator John McCain, chairman of the Senate Armed Services Committee, said of WikiLeaks. “This is very, very serious.”

READ MORE

The leaks – which Wikileaks described as the biggest in the Central Intelligence Agency’s history – had enough technical details for security experts and product vendors to recognise widespread compromises exist. However, they provided few specifics needed to offer quick fixes.

Reuters could not immediately verify the validity of the published documents, but several contractors and private cyber security experts said the materials appear to be legitimate.

Security attacks

The 8,761 leaked documents list a wealth of security attacks on Apple and Google Android smartphones carried by billions of consumers, as well as top computer operating systems – Windows, Linux and Apple Mac – and six of the world’s main web browsers.

Apple said in a statement that nearly 80 percent of iPhone users run its current iOS software with the latest security patches.

“Many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” Apple said on Tuesday. The statement made no reference to attacks on its computer software.

Google did not immediately respond to a request for comment, while a Microsoft spokeswoman said: “We’re aware of the report and are looking into it.”

Widely used routers from Silicon Valley-based Cisco were listed as targets, as were those supplied by Chinese vendors Huawei and ZTE and Taiwanese supplier Zyxel for their devices used in China and Pakistan.

Cisco security team members said in a blog post that because WikiLeaks has not released any of the actual hacking exploits “the scope of action that can be taken by Cisco is limited”.

Omar Santos, a principal engineer in Cisco’s security response unit, said malware appears to be targeting whole families of Cisco devices but is designed to remain hidden so as to steal data unnoticed. He said Cisco assumes WikiLeaks will eventually disclose the hacks, allowing it to fix them.

Berlin reaction

Meanwhile, Germany’s chief federal prosecutor will carefully examine the trove of documents related to the CIA, and will launch an investigation if it sees concrete indications of wrongdoing, a spokesman said.

“We will initiate an investigation if we see evidence of concrete criminal acts or specific perpetrators,” a spokesman for the federal prosecutor’s office said. “We’re looking at it very carefully.”

A German foreign ministry spokesman said on Wednesday Berlin was in close touch with Washington about such issues generally.

Wikileaks said the documents showed that the CIA used the US consulate in Frankfurt as a major remote hacking base. He said Germany needed to verify the authenticity of the documents.

The WikiLeaks collection contains a mix of copious data and empty files marked “secret” that promised more details to come on attacks against more than 15 security software firms.

US cyber security expert Robert Graham said Wikileaks provided enough detail to recognise some known vulnerabilities.

“One anti-virus researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak,” Graham said in a blog post.

False attribution

Some security experts said the CIA’s possible use of tools from other spy agencies raised the risk of false attribution for targeted cyber attacks by the US intelligence agency.

He said CIA cyber spying efforts could be set back years.

The CIA and White House declined comment. “We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in a statement.

WikiLeaks said it aims to provoke a political and legal debate over the CIA’s cyber arsenal. However, it was holding back, for now, much of the technical documentation that would allow other hackers and cyber criminals to exploit the hacks – while putting vendors on notice to expect further revelations.

The organisation said in a statement it is “avoiding the distribution of ‘armed’ cyber weapons until a consensus emerges on the technical and political nature of the CIA’s programme and how such ‘weapons’ should analysed, disarmed and published”.

It describes sophisticated tools for targeting the devices of individual users, in contrast to the revelations by former National Security Agency contractor Edward Snowden’s of mass data collection on millions of web and phone users worldwide.

– Reuters