The Central Intelligence Agency (CIA) knew about several flaws in software made by Apple, Google and Samsung and others, but did not tell the companies about them because it wanted to use them for spying, anti-secrecy group WikiLeaks says.
Key points:
- Wikileaks publishes thousands of confidential files it claims are about CIA hacking activities
- Wikileaks says CIA targeted everyday gadgets — smartphones and televisions — as part of a surveillance program
- The CIA kept the knowledge to itself to use for surveillance, Wikileaks says
WikiLeaks has obtained what it says is a top-secret trove of hacking tools used by the CIA to break into phones, communication apps and other electronic devices.
Disclosing vulnerabilities to technology and software manufacturers is supposed to be common practice, so those companies could fix them before hackers took advantage of any loopholes.
But WikiLeaks said the CIA kept the knowledge of the vulnerabilities in Apple, Google and Samsung to itself to use for surveillance.
Wikileaks also claimed that the CIA:
- Partnered with other US and foreign agencies to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal.
- It did that by hacking phones that use Google's Android platform to collect audio and message traffic before encryption is applied
- Targeted everyday gadgets such as smartphones as part of a surveillance program.
- Worked with UK intelligence officials to turn microphones in televisions into listening devices via a program called Weeping Angel, sending the audio to a covert server.
Defence Industry Minister Christopher Pyne said Australians were unlikely to have been targeted by the alleged spying activities.
"The Five Eyes countries have no reason to spy on each other," he said.
"The United States, The UK, Australia, New Zealand and Canada are the Five Eyes countries."
Google investigating, source of leaks unknown
Loading Twitter content
It was not possible to immediately verify the contents of the published documents.
But if verified, the information in the documents would amount to yet another breach of classified material stolen in recent years from US intelligence agencies.
Google declined to comment but said it was investigating the matter.
US officials said they were unaware of where WikiLeaks might have obtained the material.
Loading Twitter content
WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that included several hundred million lines of code and included the CIA's "entire hacking capacity."
WikiLeaks said it published the CIA documents "while avoiding the distribution of 'armed' cyber-weapons until a consensus emerged on the technical and political nature of the CIA's program and how such 'weapons' should be analysed, disarmed and published."
US intelligence agencies have said WikiLeaks had ties to Russia's security services.
During the 2016 US presidential campaign, WikiLeaks published internal emails of top Democratic Party officials, which the US agencies said were hacked by Moscow as part of a coordinated influence campaign to help Donald Trump win the presidency.
WikiLeaks denied ties to Russian spy agencies.
'This is not a Snowden situation'
It was not immediately clear how much damage publication of the documents — should they be legitimate — might do to the spy agency's cyber programs.
But some of the documents are dated as recently as February 2016, suggesting they describe recent cyber tools and programs.
"We do not comment on the authenticity or content of purported intelligence documents," CIA spokesman Jonathan Liu said in a statement.
Loading Twitter content
Several cyber security consultants and contractors said the documents obtained by WikiLeaks, dated between 2013 and 2016, appeared legitimate.
A longtime intelligence contractor with expertise in US hacking tools told Reuters the documents included correct "cover" terms describing active cyber programs.
"People on both sides of the river are furious," he said, referring to the CIA and the eavesdropping National Security Agency based in Fort Meade, Maryland.
"This is not a Snowden-type situation. This was taken over a long term and handed over to WikiLeaks."
Beginning in 2013, former NSA contractor Edward Snowden revealed highly classified details of that agency's surveillance programs.
"While we are still assessing the contents of the leak … the source appears legitimate," said Brian Hein, director of Strategic Initiatives at cyber intelligence firm Flashpoint.
"The files within the leak contain a number of documents that appear to be from the CIA and NSA, with information on programs to bypass encryption," Mr Hein said.
In 2010, US military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to WikiLeaks. Former president Barack Obama shortened her prison sentence in January.
Last month, former NSA contractor Harold Thomas Martin was indicted on charges of taking highly sensitive government material over a course of 20 years, storing the trove of secrets in his home.
Reuters/AP
Posted, updated
