War Stories

WikiLeaks’ Attack on U.S. Intelligence

The release of the CIA’s hacking tools is a victory not for the American public but for Russia.

CIA headquarters.

The intelligence documents make the United States look like the bad guy.

Mark Wilson/Getty Images

Tuesday’s WikiLeaks release exposing thousands of detailed documents on CIA hacking tools is an unbridled attack on U.S. intelligence operations with little or no public benefit. It makes no claim or pretense that the CIA has used these tools to engage in domestic surveillance or any other illegal activity. Most whistleblowers who leak national security secrets take care to avoid revealing where the secrets come from—the “sources and methods” of the intelligence. These documents are about nothing but sources and methods.

They are not policy documents. Rather, they’re the technical working papers, workshop notes, and instruction manuals written by and for the engineers who have designed and installed the implants, malware, and other devices that enable the CIA to penetrate specific cellphones, computers, smart TVs, and other consumer electronics in a way that evades or disables encryption.

Read as a whole, the documents serve as a how-to guide for hackers of all stripes—as well as for tech-savvy targets of hackers, including criminals, terrorists, and foreign agents.

One former cyberintelligence official told me Tuesday, “This could be more damaging to national security than the Snowden leaks. We’ve had to depend on CIA collection to make up for the NSA losses caused by Snowden. Now our intel is more degraded.”

For instance, one of the documents details some meetings in June 2014 between Britain’s MI-5 and a department of the CIA called BISS, in which they discussed an implant called Weeping Angel that allows spies to activate the microphone inside a Samsung smart TV when the set is turned off. The engineers call this feature “Fake-Off.” It is well-known that Samsung smart TVs have a microphone; the owner’s manual even warns purchasers that sensitive conversations might be overheard. But until now, it has not been known that the CIA had devised a way to exploit this feature—at least on TVs whose users it has targeted for surveillance. The document not only reveals this fact but also tells possible targets how to detect and circumvent the intelligence-gathering. Under the heading “Noted Anomalies and Limitations,” it states, “Updating firmware over the Internet may remove implant … or parts of implant.” And: “Blue LED on back remains powered when in Fake-Off mode.”

So if a bad guy thinks he might be a target of CIA surveillance, he now knows that he should turn off his Samsung TV and see if the blue LED on the back is still on. If it is, he should update the set’s firmware over the Internet, and the implant will be deactivated.

Another program, called Maddening Whispers, is a set of software components—again, planted into a specific computer—that allow an intelligence agency to track all communications on certain specified devices. A technique called Process Hollowing removes a “benign process,” such as Internet Explorer, and injects malware in its place. Another program lets agents who hack into Windows 7 software assume the privileges of a systems administrator, letting them roam through the entire network to which a computer is connected. (These documents are dated from 2013 to 2016. The reference to Windows 7 comes early in that timespan.) Other programs let hackers log keystrokes, steal passwords, collect files, and elude antivirus programs. Several programs intercept communications at the “endpoints”—that is, inside the cellphone or the computer, before the voice or data are encrypted. (This is why several senior NSA and CIA officials have been defenders of encryption; they know that specific targets of surveillance can be hacked, anyway.)

The documents not only describe these programs in some detail, but also provide step-by-step instructions on how to create and install the software or devices. WikiLeaks’ introduction, which summarizes the gist of these documents, criticizes the CIA for creating these malware programs, noting that once they’re out in the world, they can spread and be exploited by other users, including criminals. The irony is that, by providing the working papers for these programs, WikiLeaks has made that task much easier.

Again, there is nothing in these documents, nothing even in the WikiLeaks introduction, to suggest that the CIA uses any of these devices to spy on American citizens. Assuming that is the case, there is nothing improper about any of these programs. This is what spy agencies do: They spy. And in an age when information is stored or transmitted on digital devices, they spy on those digital devices.

The WikiLeaks documents are likely to have three effects: They will blow legitimate U.S. cyberintelligence operations; they will instruct other spy agencies, criminals, and mischief-makers on how to do what the CIA does; and they will provide yet another propaganda victory for Russia.

At a moment when nearly everyone is criticizing Russia for hacking the U.S. presidential election, the Russians can point to these documents and say, “See? The Americans do this, too.” It’s true that U.S. intelligence agencies have been hacking for decades, longer than the Russians, Chinese, North Koreans, Israelis, French, and others have been hacking. The process described in these documents—implanting devices or malware inside consumer electronics, then triggering those devices or tracking the malware—is also nothing new.

In the late 1990s, the CIA established an office called the Information Operations Center, which routinely cooperated with the National Security Agency. The IOC would plant a device on a target, such as the Belgrade telephone system during the air war on Slobodan Milosevic; then the NSA, back at Fort Meade, Maryland, would hack that device. Now, it seems, the CIA is hacking some of these devices on its own but the cooperative channels are still open for common intelligence purposes. Nothing in these documents describes what or whom the CIA is hacking with these tricks. The leak distracts attention from that issue and puts it on the fact of the hack. And because the documents are so detailed (whereas WikiLeaks never provides documents about Russian or Chinese or any other non-Western countries’ activities), America looks like the bad guy.

WikiLeaks’ introduction claims that it obtained the documents from a contractor who had access to them. Maybe so, but the leak has all the earmarks of a Russian “information operation,” as described by the U.S. intelligence community’s analysis of the hack on the DNC and Hillary Clinton’s email during the 2016 election. WikiLeaks served as the Kremlin’s middleman for the dissemination of hacked emails from the DNC and Hillary Clinton’s email during the 2016 election. It has long had ties with the Russian government and its former Soviet bloc allies. For a while, WikiLeaks founder Julian Assange was the host of a show on the Kremlin’s official TV station, RT.

It is telling that, in the introduction to this release, WikiLeaks reveals that the U.S. consulate in Frankfurt is used as a headquarters of sorts for CIA hackers throughout Europe. This disclosure can serve no purpose other than to heighten anti-American sentiment in Europe, to aggravate U.S.–German relations, and to weaken Chancellor Angela Merkel’s chances in the upcoming German election—all goals that Russia has been pursuing in other cyberattacks, “fake news” gambits, and other propaganda operations.

This is the war we’re in with the Kremlin right now. That point is widely accepted. The latest WikiLeaks cache is another volley in that war.