The CIA Document Dump Isn't Exactly Snowden 2.0. Here's Why

Mar 8, 2017
Originally published on March 13, 2017 7:06 pm

WikiLeaks is billing its latest document dump as the largest leak of CIA material in the history of the spy agency, and it describes cutting-edge ways to hack into phones, computers and even televisions connected to the Internet.

The thousands of documents, many of which are highly technical, are said to be internal CIA guides on how to create and use cyber-spying tools — from turning smart TVs into bugs to designing customized USB drives to extract information from computers. The CIA has refused to comment on their authenticity.

The full ramifications of the release are still not clear, but the case immediately calls to mind the 2013 episode when Edward Snowden, then an National Security Agency contractor, provided a trove of documents on that agency's surveillance programs.

But there are significant differences between the two revelations.

Here's a look at what we know so far about the CIA leaks, and how it compares with the NSA case four years ago.

The NSA collected American data; no evidence the CIA is doing so

The Edward Snowden leaks revealed the NSA was collecting bulk data on Americans' phone usage, which was ruled to be illegal.

The CIA spies abroad, and is barred by law from doing so domestically. Neither WikiLeaks nor anyone else is alleging that the CIA is using these methods inside the U.S.

"I can tell you that these tools would not be used against an American," Michael Hayden, the former director of both the CIA and the NSA, told CBS' The Late Show With Stephen Colbert.

"NSA develops tools, CIA develops tools that we can use. We just went through the drill about ... how you get a warrant, and you've got to go to a judge," Hayden added. "That protects you and me, all U.S. citizens, all the time. But there are people out there that you want us to spy on. You want us to have the ability to actually turn on that listening device inside the TV to learn that person's intentions."

Inside the U.S., the F.B.I. or another domestic law enforcement agency would typically go to court to get permission to tap the phone of a suspect.

WikiLeaks did not provide examples of how any of these CIA tools might have been used.

CIA spokeswoman Heather Fritz Horniak, without confirming the authenticity of the documents, tells NPR that the agency "is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so."

Cyber security experts says the agency is sure to be poring over the documents that were disclosed to see how it might affect its operations around the globe.

The NSA often worked in bulk; the CIA is targeting individuals

Snowden's leak revealed bulk collection of data — not just of American phone data, but conversations abroad, including all the calls in an entire country. It included surveillance on a massive scale, as well as efforts targeting individuals.

If the NSA's surveillance was often casting a broad net, the CIA's hackers are mostly spear-fishing, based on the alleged agency documents.

"A lot of these are endpoint attacks, like, 'Can we compromise your router? Your iOS device or your Android device?' " says Matthew Green, a cryptographer and associate professor at Johns Hopkins University.

"Those things don't scale — you don't do them to hundreds of thousands of people, you do them to one or two."

That's not just because of the amount of time and effort involved. It's also because many of the techniques rely on a loophole or flaw in a software system. The more you exploit that flaw, the more likely a manufacturer is to notice it — and fix it.

The NSA discussed creating vulnerabilities; the CIA exploits them

The documents suggest the CIA has been exploiting vulnerabilities and not telling companies about them. That's controversial — if government agencies flagged such flaws, instead of taking advantage of them, millions of devices could be more secure.

As Wired reported in 2014, the Obama administration nodded to the importance of revealing such bugs — while reserving the right to stay mum on them if there's "an urgent and significant national security priority."

But while the CIA appears to have not disclosed vulnerabilities, the NSA leaks revealed something far more alarming, Green says.

"In the NSA leaks, there was a project called Bullrun where the NSA was talking about introducing vulnerabilities into cryptostandards. And that's really serious ... because that's going well above finding vulnerabilities to making them," he says. "There's nothing like that, as far as I see, in these CIA documents."

Other leaks featured program overviews; these are developer notes

The NSA leak included revealing, easily comprehensible documents — memos about a program's goals and scope, slideshows about why and how a technology worked, details about where systems were being deployed and how many people were affected.

Basically, that leak included lots of documents designed to explain what the NSA was doing (albeit never meant for public consumption).

The U.S. diplomatic cables that WikiLeaks disclosed in 2010, meanwhile, were highly embarrassing for the U.S. government because they were filled with actual cases involving foreign individuals and leaders.

The alleged CIA documents, in contrast, are internal files used by developers — with lots of program specifications, but a dearth of details about how or why the technology was actually used. In some cases, it's not clear if the program was used, or was just being tested.

"This is developer chat on how they build these tools," says Nicholas Weaver, a computer scientist at the University of California at Berkeley.

But the tools themselves are missing, at least for now. And, significantly, details about when, why and where the programs were used, and with what results, aren't included in this release.

Snowden, the NSA whistleblower, calls the CIA leaks 'a big deal'

Snowden, who has been in Russia since shortly after he fled the U.S. in 2013 at the time of his disclosures, has been tweeting about the latest WikiLeaks disclosure.

He's highly critical of the CIA and U.S. government, saying it's "reckless beyond words" to find vulnerabilities in the software of smartphones and other electronic devices, and then exploit them rather than inform the companies so they could patch them.

"Still working through the publication, but what @WikiLeaks has here is genuinely a big deal. Looks authentic," he tweeted initially on Tuesday.

Followed by:

Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open — to spy.

And later:

"Imagine a world where the actual CIA spends its time figuring out how to spy on you through your TV. That's today."

Snowden faces criminal charges in the U.S., but Russia recently said it would extend Snowden's asylum until 2020.

And lastly, a quick note on Russia

Like Russia, WikiLeaks is shaping up as a key actor in the early days of the Trump presidency.

Trump and his campaign team cheered on WikiLeaks as it dribbled out Democratic Party emails during the presidential race last year.

Now Trump will have to deal with the fallout of the latest WikiLeaks dump that reveals secrets of what is now his CIA.

The U.S. intelligence community concluded that Russia hacked the Democratic targets last year, and then gave the documents to WikiLeaks to disclose. WikiLeaks and Russia have denied any collusion.

Russia has not been linked to the latest WikiLeaks dump on the CIA.

The Russians are, however, extremely interested in the contents as part of the ongoing espionage battle between the U.S. and Russia.

Copyright 2017 NPR. To see more, visit http://www.npr.org/.