Wednesday, March 08, 2017

Wait For It, Wait For It, Blaming Russia Starts in 10,9,8,7,6,5,4,3,2,1...,


NYTimes |  In what appears to be the largest leak of C.I.A documents in history, WikiLeaks released on Tuesday thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected televisions.

The documents amount to a detailed, highly technical catalog of tools. They include instructions for compromising a wide range of common computer tools for use in spying: the online calling service Skype; Wi-Fi networks; documents in PDF format; and even commercial antivirus programs of the kind used by millions of people to protect their computers.

A program called Wrecking Crew explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer. Other programs were called CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.

The document dump was the latest coup for the antisecrecy organization and a serious blow to the C.I.A., which uses its hacking abilities to carry out espionage against foreign targets.

The initial release, which WikiLeaks said was only the first installment in a larger collection of secret C.I.A. material, included 7,818 web pages with 943 attachments, many of them partly redacted by WikiLeaks editors to avoid disclosing the actual code for cyberweapons. The entire archive of C.I.A. material consists of several hundred million lines of computer code, the group claimed.

In one revelation that may especially trouble the tech world if confirmed, WikiLeaks said that the C.I.A. and allied intelligence services have managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram. According to WikiLeaks, government hackers can penetrate smartphones and collect “audio and message traffic before encryption is applied.”

Unlike the National Security Agency documents Edward J. Snowden gave to journalists in 2013, they do not include examples of how the tools have been used against actual foreign targets. That could limit the damage of the leak to national security. But the breach was highly embarrassing for an agency that depends on secrecy.

Robert M. Chesney, a specialist in national security law at the University of Texas at Austin, likened the C.I.A. trove to National Security Agency hacking tools disclosed last year by a group calling itself the Shadow Brokers.

“If this is true, it says that N.S.A. isn’t the only one with an advanced, persistent problem with operational security for these tools,” Mr. Chesney said. “We’re getting bit time and again.”