- Joe Raedle/Getty Images
WikiLeaks on Tuesday dumped thousands of documents that it said detailed the hacking tools and techniques used by the CIA for foreign espionage in what appears to be the largest leak of CIA documents in history.
The documents, which experts widely believe to be authentic, describe how the agency’s Center for Cyber Intelligence develops malware, viruses, Trojans, weaponized “zero day” exploits, and other tools to hack devices like iPhones, Android phones, and Samsung smart TVs.
Heather Fritz Horniak, a CIA spokesperson, told Business Insider that the agency “does not comment on the authenticity or content of purported intelligence documents.”
Per the CIA’s charter, its hacking arsenal can be deployed only against foreign targets, not against US citizens. Officials have emphasized that using the tools against overseas targets constitutes legal intelligence collection, but WikiLeaks has said it was given the documents by a former US government hacker or contractor concerned about “whether the CIA’s hacking capabilities exceed its mandated powers.”
WikiLeaks has not published the cyberweapons’ codes, which would detail how they are used operationally. But Tuesday’s leak has essentially rendered them useless and could set the CIA’s cyberintelligence teams back by “at least a year,” said Alex McGeorge, a senior security researcher at the cybersecurity firm Immunity Inc.
“All of these tools and techniques are now burned,” McGeorge said, noting that the dump included extensive testing plans to make sure the tools wouldn’t backfire. “The CIA won’t want to use them again, and operations using those tools that may be running at this moment will need to have the tools swapped out or abandoned entirely.”
Cybersecurity experts who spoke to Business Insider broadly agreed that the CIA’s hacking arsenal was not nearly as sophisticated as the National Security Agency’s, and it’s unclear how heavily the CIA as a whole depended on the tools developed by the Center for Cyber Intelligence.
- REUTERS/Carlos Barria
But “the impact could be quite severe” if the tools were used throughout the CIA, McGeorge said, and it would be “a tall order” to redesign and redeploy them.
“For the CIA, this is [a] huge loss,” Jake Williams, the founder of the cybersecurity firm Rendition InfoSec, told The Daily Beast. “For incident responders like me, this is a treasure trove.”
“This, from the CIA perspective, is devastating,” Philip Mudd, a former CIA counterterrorism official, told CNN on Wednesday. “And there’s got to be a manhunt in that organization today to determine who did this.”
Foreign intelligence agencies may now be aware of the CIA’s tools and what devices are at risk, which may force the agency to “shift its activities,” Jeff Bardin, the chief intelligence officer at the cybersecurity firm Treadstone 71, told Business Insider.
But the CIA is “always looking at how to modify and update” its tools anyway, Bardin said, so it likely wouldn’t take long for it to discover new vulnerabilities and avenues of attack known as “zero days.”
“Based on what we’ve seen for years, there will always be zero days,” Bardin said. “This just forces them to innovate even faster than before.”
Christopher Mims, a technology columnist at The Wall Street Journal, said on Twitter that any damage done to the CIA’s arsenal would likely be temporary at best.
“Zero day exploits = renewable resource,” he said.
The leak could have an upside if the CIA were able to reconfigure its hacking tools quickly. The leaked technology may serve as a deterrent for some US adversaries who are tempted to ramp up their own offensive cyberoperations in the future, according to Larry Johnson, a Secret Service veteran and chief strategy officer at the cybersecurity firm CyberSponse.
“Technology is altered and improved so often that tools used by the CIA today were likely not going to be relevant in the near future anyway,” Johnson told Business Insider. “But if the US’s adversaries didn’t already know that the CIA was capable of developing these sophisticated tools, well, they know it now.”