WikiLeaks: CIA hacks into phones, TVs — everything

March 7, 2017
In The News
WikiLeaks: CIA hacks into phones, TVs — everything

Your TV may be listening.

The crusading website WikiLeaks published thousands of documents Tuesday it says detail CIA tools for hacking into web servers, computers, smartphones and even TVs that can be turned into covert microphones.

The website claims the CIA Center for Cyber Intelligence "lost control of the majority of its hacking arsenal," more than several hundred million lines of code that provide "the entire hacking capacity of the CIA."

Jake Williams, a security expert with the Georgia-based security firm Rendition Infosec, said the information will be used within days or weeks by hackers and the security firms that combat them.

"My first thought was 'Wow!' quickly followed by the realization that this is a treasure trove of information," he said. "We are regularly dealing with corporations being attacked by nation-state hacking groups. This gives us a lot of insight into how they do it."

Rep. Ted Lieu, D-Calif., called for a congressional investigation.

"The potential privacy concerns are mind-boggling," said Lieu, who has a degree in computer science. "We need to know if the CIA lost control of its hacking tools, who may have those tools, and how do we now protect the privacy of Americans."

The documents indicate developers created programs in homage to popular culture, such as an implant for computers running Microsoft Windows dubbed "RickyBobby" after the Will Farrell character in the 2006 film Talladega Nights. A trojan spread via thumb drives was dubbed Fight Club, a reference to the 1996 novel and 1999 movie with Brad Pitt.

USA TODAY has not yet been able to confirm the authenticity of the documents. The CIA issued a statement declining comment on the "purported" documents.

WikiLeaks says the archive appears to have been circulated among former government hackers and contractors, one of whom provided WikiLeaks with portions of it.

"By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other 'weaponized' malware," WikiLeaks said in a statement on its website. "Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook.

"The CIA had created, in effect, its 'own NSA' with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified."

The source of the information, which WikiLeaks did not name, hopes the document dump will initiate "a public debate about the security, creation, use, proliferation and democratic control of cyberweapons," the website says.

According to WikiLeaks, Apple's iPhone, Google's Android, Microsoft's Windows and Samsung smart TVs were among CIA targets. The TVs can be placed in a "fake off" mode, so the owner falsely believes the TV is off when it is on, the documents say. "In 'fake off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server," WikiLeaks says.

The notes indicate one of the developers' major challenges was maintaining an internet connection for long periods of time after the TVs were shut off by owners. There are notes indicating the teams hoped to extend that recording-and-sending time period to last as long as 24 to 72 hours.

The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words.

— Edward Snowden (@Snowden) March 7, 2017

Scott Vernick, a partner with the data security law firm of Fox Rothschild in Philadelphia, said the documents raise the question of whether the CIA shared its tools with the FBI for use in domestic investigations. Nathan White, senior legislative manager at the nonprofit advocacy group Access Now, said the documents show the need for limits on government hacking and protection of human rights.

"Our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them," White said.

Edward Snowden, who was granted asylum in Russia after his own release of documents on WikiLeaks in 2013, tweeted the documents show the government developed vulnerabilities in U.S. products and left them there. "Reckless beyond words," Snowden added.

WikiLeaks has conducted a global crusade to expose government secrets through a series of controversial and sometimes embarrassing document dumps in recent years. Chelsea Manning, who leaked hundreds of thousands of classified documents through the WikiLeaks website, is scheduled for release in May after more than six years in prison.

WikiLeaks founder Julian Assange has been holed up in the Ecuadorian embassy in London since 2012 to avoid extradition to Sweden, where he has been accused of sexual assault, and the United States, where he fears possible espionage charges.

Issues: National Security and Foreign Affairs
Congressman Lieu
Washington DC Office
2454 Rayburn HOB
Washington, DC  20515
Phone: (202) 225-3976
Los Angeles Office
1645 Corinth Ave, Suite 101
Los Angeles, CA  90025
Phone: (323) 651-1040
Manhattan Beach Office (By Appointment Only)
1600 Rosecrans Avenue, 4th Floor
Manhattan Beach, CA  90266

 

Our Manhattan Beach office is not regularly staffed and is by appointment only. Please contact our office to schedule an appointment there.