The release of CIA hacking tools reveals unknown threats, including one to President Trump’s Twitter account.
By Jefferson Morley / AlterNet March 8, 2017
The latest bombshell from Wikileaks, Vault 7; CIA Hacking Tools Revealed is valuable in many ways. The collection of 8,761 documents and files not only teaches citizens how the agency seeks to spy on them by capturing their iPhones and televisions while evading anti-virus and encryption tools, but the group’s thoughtful analysis of the trove also calls attention to the unanticipated dangers to American citizens posed by CIA cyberwarfare.
The documents reveal the complex organization and vast scope of the agency’s hacking efforts, a crucial first step toward establishing oversight and accountability. The net effect is a big plus for people who want to understand the workings of secretive government agencies, and it's a big win for Wikileaks.
In the past, the anti-secrecy group had alienated some supporters with indiscriminate release of personal information and with its apparent alignment with the Russian government during the 2016 election. This release has been redacted to withhold personal information and the code for the cyber weapons themselves. The release does not prove that the CIA spied on President Trump, as some on Twitter are claiming, but it does show how the agency could target almost anyone for undetected surveillance and manipulation.
This release signals Wikileaks’ growth as a whistleblowing organization and journalistic resource. Does the release increase the danger to Americans? It could conceivably help persons planning attacks on civilians by prompting them to get rid of their iPhones and Samsung TVs. But continuing secrecy around the proliferation of cyber weapons also poses dangers, notes Wikileaks editor Julian Assange.
"There is an extreme proliferation risk in the development of cyber 'weapons,’" Assange wrote in a press statement. “Comparisons can be drawn between the uncontrolled proliferation of such 'weapons,' which results from the inability to contain them combined with their high market value, and the global arms trade."
Wikileaks said the source for the material, apparently a former U.S. government hacker or contractor, hopes “to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.”
The Wikileaks release highlights a previously unknown problem. The group charges that the released documents show the CIA is ignoring what is known as the vulnerabilities equities process. Created by the Obama administration, the process calls for the government to disclose on an ongoing basis any serious vulnerabilities, bugs, or "zero days" to Apple, Google, Microsoft, and other U.S.-based manufacturers.
The agency's alleged failure to do so actually leaves Americans—even President Trump—as vulnerable as the agency’s foreign targets, says Wikileaks. One piece of CIA malware, the group says, “is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts.”
“By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone—at the expense of leaving everyone hackable.”
So the CIA might be inadvertently allowing foreign hackers, with access to the same code, to take control of Trump’s Twitter account in a moment of crisis. That would be “yuge” and “sad” and maybe worse.