The spy who came in for the code
by Tamara Kachelmeier and Biodun Iginla, Technology News Analysts, The Economist Intelligence Unit, New York
The agency, which exists to find out secrets, fails to keep them
A GRIM year for American spy agencies took a turn for the worse with the leaking, on March 7th, of what appeared to be a lengthy, detailed catalogue of the CIA’s secret hacking tools for turning computers, internet routers, telephones and even web-enabled televisions into remote spying devices, and for bypassing encrypted messaging services by penetrating individual Apple and Android smartphones. The WikiLeaks anti-secrecy organisation posted nearly 9,000 documents and files dated 2013-16 in what it said was a first taste of a “vault” of CIA secrets. WikiLeaks claimed that the archive was provided by a former American government hacker or contractor eager to “initiate a public debate” about the security and democratic control of cyber-weapons, viruses and malware. The group said it had redacted computer code that could be used to launch attacks, pending such a debate.
That self-justification by WikiLeaks will only further strain relations between the intelligence community, the administration of President Donald Trump and technology firms in Silicon Valley. In the final days of the Obama era, American spy chiefs assessed “with high confidence” that a trove of embarrassing e-mails stolen from officials at the Democratic Party and Hillary Clinton’s presidential campaign were “relayed” to WikiLeaks by Russia, in a bid to sway the election of 2016. A month before that election Mr Trump had gleefully hailed the leaking of Clinton campaign e-mails, declaring: “I love WikiLeaks!” Days before taking office in January, Mr Trump accused American spy agencies of leaking against him, though he finally conceded that Russia might have been behind the hacking of Democratic e-mails.
The new CIA leaks are a fresh blow to an intelligence community still suffering the after-effects of the release of National Security Agency documents by a former contractor, Edward Snowden, in 2013. The leaks once again highlight the trade-offs underlying espionage in the digital age. Governments want good computer security because they fear cyber-crime and hacking. Yet they also value security flaws because computers and smartphones are excellent spying tools, even in an age of strong, private-sector encryption. If spies can read files directly off a target’s screen, they need not care if it is later transmitted by WhatsApp or similar services.
In another trade-off, governments rely on close co-operation with technology companies. That is why in 2010 the Obama administration undertook to alert firms to security flaws when they found them. WikiLeaks appears to show government agents still buying and hoarding so-called “zero-day” vulnerabilities from hackers, meaning coding flaws not known to a technology product’s creators. The files show agents discussing how to break into such operating systems as Apple’s iOS and Google’s Android, to extract a target’s location, audio and text messages, and secretly take over control of a smartphone’s microphone and camera. Apple said it had already patched many of the newly revealed flaws and would “rapidly” address others.
One of the more lurid files describes “Weeping Angel”, a program that can turn Samsung internet-connected televisions into listening devices, sending conversations back to the CIA. Other documents describe bids to penetrate vehicle control systems in cars. A WikiLeaks commentary suggested this would allow “nearly undetectable assassinations”.
If politicians are incensed that spy agencies seem unable to keep secrets, spooks can point to still another trade-off: the tension between employing hackers with the skills and cunning to design cyber-weapons, and the trickiness of enforcing discipline among workers who may not share the CIA’s culture. The newly leaked files detail codenames that refer to the Harry Potter books, whisky brands and a drug used to treat hyperactivity.
The FBI will now hunt for moles and leakers. The CIA must patch up its systems and meanwhile brace itself for fresh disclosures. That would be bad enough, but trust is low between those agencies and close supporters of Mr Trump, who charge intelligence services with acting as a “deep state” disloyal to the president. Foreign foes have much to cheer.
That self-justification by WikiLeaks will only further strain relations between the intelligence community, the administration of President Donald Trump and technology firms in Silicon Valley. In the final days of the Obama era, American spy chiefs assessed “with high confidence” that a trove of embarrassing e-mails stolen from officials at the Democratic Party and Hillary Clinton’s presidential campaign were “relayed” to WikiLeaks by Russia, in a bid to sway the election of 2016. A month before that election Mr Trump had gleefully hailed the leaking of Clinton campaign e-mails, declaring: “I love WikiLeaks!” Days before taking office in January, Mr Trump accused American spy agencies of leaking against him, though he finally conceded that Russia might have been behind the hacking of Democratic e-mails.
The new CIA leaks are a fresh blow to an intelligence community still suffering the after-effects of the release of National Security Agency documents by a former contractor, Edward Snowden, in 2013. The leaks once again highlight the trade-offs underlying espionage in the digital age. Governments want good computer security because they fear cyber-crime and hacking. Yet they also value security flaws because computers and smartphones are excellent spying tools, even in an age of strong, private-sector encryption. If spies can read files directly off a target’s screen, they need not care if it is later transmitted by WhatsApp or similar services.
In another trade-off, governments rely on close co-operation with technology companies. That is why in 2010 the Obama administration undertook to alert firms to security flaws when they found them. WikiLeaks appears to show government agents still buying and hoarding so-called “zero-day” vulnerabilities from hackers, meaning coding flaws not known to a technology product’s creators. The files show agents discussing how to break into such operating systems as Apple’s iOS and Google’s Android, to extract a target’s location, audio and text messages, and secretly take over control of a smartphone’s microphone and camera. Apple said it had already patched many of the newly revealed flaws and would “rapidly” address others.
One of the more lurid files describes “Weeping Angel”, a program that can turn Samsung internet-connected televisions into listening devices, sending conversations back to the CIA. Other documents describe bids to penetrate vehicle control systems in cars. A WikiLeaks commentary suggested this would allow “nearly undetectable assassinations”.
If politicians are incensed that spy agencies seem unable to keep secrets, spooks can point to still another trade-off: the tension between employing hackers with the skills and cunning to design cyber-weapons, and the trickiness of enforcing discipline among workers who may not share the CIA’s culture. The newly leaked files detail codenames that refer to the Harry Potter books, whisky brands and a drug used to treat hyperactivity.
The FBI will now hunt for moles and leakers. The CIA must patch up its systems and meanwhile brace itself for fresh disclosures. That would be bad enough, but trust is low between those agencies and close supporters of Mr Trump, who charge intelligence services with acting as a “deep state” disloyal to the president. Foreign foes have much to cheer.
No comments:
Post a Comment