CIA allegedly targeted Luxembourg companies
(AFP/sth) - After the release of a large amount of leaked CIA-documents by Wikileaks on Tuesday, the extent of the leaked information starts to become clearer. Many tech companies, among them companies from Luxembourg, seem to have been the targets of CIA operations.
The Central Intelligence Agency on Wednesday accused WikiLeaks of endangering Americans, helping US rivals and hampering Washington's fight against terror threats by releasing what the anti-secrecy site claimed was a trove of CIA hacking tools.
A CIA spokeswoman would not confirm the authenticity of the materials published a day earlier by WikiLeaks, which said they were leaked from the spy agency's hacking operations.
Nevertheless, said spokeswoman Heather Fritz Horniak, "The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries."
"Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm," she said.
Horniak defended the CIA's cyber operations, which the WikiLeaks materials showed focused heavily on breaking into personal electronics using a wide range of malware systems.
"It is CIA's job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad," she said.
On Tuesday, WikiLeaks published nearly 9,000 documents it said were part of a huge trove leaked from the CIA, describing it as the largest-ever publication of secret intelligence materials.
TVs as listening devices and car interference
"This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA," it said.
The documents showed that CIA hackers can turn a TV into a listening device, bypass popular encryption apps, and possibly control one's car.
Most experts believe the materials to be genuine, and US media said Wednesday that the Federal Bureau of Investigation is opening a criminal probe into the leak.
The source of the materials remained unclear. The investigation could focus on whether the CIA was sloppy in its controls, or, as the Washington Post reported, it could be "a major mole hunt" for a malicious leaker or turncoat inside the agency.
WikiLeaks itself said the documents, hacking tools and code came from an archive that had circulated among US government hackers and private contractors, "one of whom has provided WikiLeaks with a portion of the archive."
An investigation would come as the CIA is already enmeshed in a politically-charged probe into Russia's alleged interference in the US election last year in support of President Donald Trump's campaign.
WikiLeaks, which has stunned the US government with a series of publications of top secret political, diplomatic and intelligence materials, said the publication Tuesday was only the first of a series of releases of CIA hacking materials.
That raised concerns that the site could release the actual hacking tools it obtained along with the documents. Experts worry those could fall into the hands of anyone, including US enemies and criminals.
Luxembourg companies targeted too
The WikiLeaks documents detailed the CIA's practice of exploiting vulnerabilities in hardware and software, without ever informing producers of them.
The CIA allegedly found ways to hack into personal electronics from leading companies like Apple and Samsung, Android phones, popular Microsoft software, and crucial routers from major manufacturers.
According to Luxembourg newspaper Tageblatt, a number of Luxembourg companies appear in the leaked documents as well, meaning they could have been a target of CIA tapping too. Luxembourg company Paul Wurth appears to be among the targets.
Wikileaks writes that "in addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa". This could have been the base for CIA operations targeting Luxembourg companies.
Tech sector scrambling
The documents suggest it can also infiltrate smartphones in a way that allows it to get around popular messaging encryption apps.
The tech sector was scrambling to understand how their products were at risk.
"While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities," Apple said in an emailed statement.
Samsung and Microsoft both said they were "looking into" what WikiLeaks revealed.
Joseph Hall, a technologist with the Center for Democracy and Technology, a digital rights organization, said the documents raise questions about the US government's pledge last year to disclose vulnerabilities to technology firms.
That pledge means "security flaws should get back to the companies so they can get fixed, and not languish for years," he said.
The American Civil Liberties Union commented in a tweet: "When the govt finds software security holes, it should help fix them, not hoard them and leave everyone vulnerable."
Ironically, the companies that make encryption programs and apps targeted by the CIA said the revelations show the agency has not been able to break their software.
Open Whisper Systems, which developed the technology for the Signal encryption app, said the CIA documents showed that Signal works.
"None of the exploits are in Signal or break Signal Protocol encryption," the group said in a tweet.
"The existence of these hacking tools is a testimonial to the strength of the encryption," said Steve Bellovin, a Columbia University computer science researcher, in a blog post.