NYTimes | In what appears to be the largest leak of C.I.A documents in history, WikiLeaks released
on Tuesday thousands of pages describing sophisticated software tools
and techniques used by the agency to break into smartphones, computers
and even Internet-connected televisions.
The
documents amount to a detailed, highly technical catalog of tools. They
include instructions for compromising a wide range of common computer
tools for use in spying: the online calling service Skype; Wi-Fi
networks; documents in PDF format; and even commercial antivirus
programs of the kind used by millions of people to protect their
computers.
A
program called Wrecking Crew explains how to crash a targeted computer,
and another tells how to steal passwords using the autocomplete
function on Internet Explorer. Other programs were called
CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.
The document dump was the latest coup for the antisecrecy organization and a serious blow to the C.I.A., which uses its hacking abilities to carry out espionage against foreign targets.
The
initial release, which WikiLeaks said was only the first installment in
a larger collection of secret C.I.A. material, included 7,818 web pages
with 943 attachments, many of them partly redacted by WikiLeaks editors
to avoid disclosing the actual code for cyberweapons. The entire
archive of C.I.A. material consists of several hundred million lines of
computer code, the group claimed.
In
one revelation that may especially trouble the tech world if confirmed,
WikiLeaks said that the C.I.A. and allied intelligence services have
managed to compromise both Apple and Android smartphones, allowing their
officers to bypass the encryption on popular services such as Signal,
WhatsApp and Telegram. According to WikiLeaks, government hackers can
penetrate smartphones and collect “audio and message traffic before
encryption is applied.”
Unlike the National Security Agency documents Edward J. Snowden gave to journalists in 2013,
they do not include examples of how the tools have been used against
actual foreign targets. That could limit the damage of the leak to
national security. But the breach was highly embarrassing for an agency
that depends on secrecy.
Robert
M. Chesney, a specialist in national security law at the University of
Texas at Austin, likened the C.I.A. trove to National Security Agency
hacking tools disclosed last year by a group calling itself the Shadow Brokers.
“If
this is true, it says that N.S.A. isn’t the only one with an advanced,
persistent problem with operational security for these tools,” Mr.
Chesney said. “We’re getting bit time and again.”
