Derechos | Equipo Nizkor
WikiLeaks Reignites Tensions Between Silicon Valley and Spy Agencies
Four years ago, Edward J. Snowden's disclosures that the federal government was hacking America's leading technology companies threw the industry into turmoil.
Now WikiLeaks has shaken the tech world again by releasing documents Tuesday that appear to show that the Central Intelligence Agency had acquired an array of cyberweapons that could be used to break into Apple and Android smartphones, Windows computers, automotive computer systems, and even smart televisions to conduct surveillance on unwitting users.
Major technology companies, including Apple, Google and Microsoft, were trying to assess how badly their core products had been compromised. But one thing clearly had been ruptured yet again: trust between intelligence agencies and Silicon Valley.
"After the Snowden disclosures, the Obama administration worked hard to re-establish relationships and government-industry partnerships," said David Gutelius, chief executive of the marketing technology company Motiva, who has worked with the federal government on national security projects. "This leak will challenge those ties to some extent. But I don't see companies simply walking away from the table as a result of this. Government and industry still need one another."
The tense relationship between the technology industry and government agencies has been well documented. After the disclosures by Mr. Snowden, a former contractor for the National Security Agency, the government appeared to give some ground to the industry, which was angered by previously unknown snooping on their products and embarrassed by disclosures of their cooperation with intelligence agencies.
The government allowed companies to describe in broad terms the number of secret court orders for access to customer information that they receive. President Barack Obama also promised that the government would share knowledge of security flaws so that they could be fixed.
But last year, relations soured again after Apple resisted a Justice Department request for help accessing the iPhone of one of the attackers in the 2015 shooting in San Bernardino, Calif. As the company's chief executive, Timothy D. Cook, explained in a letter to customers at the time, "The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers."
In that case, the government eventually found a way into the phone without Apple's assistance.
The documents posted by WikiLeaks suggest that the C.I.A. had obtained information on 14 security flaws in Apple's iOS operating system for phones and tablets.
Apple said Tuesday night that many of those security issues had already been patched in the latest version of its software and it was working to address remaining vulnerabilities.
The leaked documents also identified at least two dozen flaws in Android, the most popular operating system for smartphones, which was developed by Alphabet's Google division.
Google said it was studying the flaws identified by WikiLeaks. Android is more difficult to secure than Apple's software because many phone makers and carriers use older or customized versions of the software.
The documents released by WikiLeaks reveal numerous efforts by the C.I.A. to take control of Microsoft Windows, the dominant operating system for personal computers, using malware. They include techniques for infecting DVDs and USB storage devices with malware that can be spread to computers when they are plugged in.
"We're aware of the report and are looking into it," Microsoft said in a statement.
Security experts said it was not surprising that the government had stockpiled flaws in major technology products to use for spying. "The real scandal and damaging thing is not knowing these things exist, but that the C.I.A. could be so careless with them that they leaked out," said Matthew D. Green, an assistant professor in the department of computer science at Johns Hopkins University.
Inside technology companies, the revelations set off a scramble to assess the potential damage to the security of their products.
The vulnerabilities, some of which were already known in the security community, could leave individual users of computers, mobile phones and other devices open to being snooped on. Technology companies are likely to plug the holes, however, even as new ones are discovered by spy agencies and others.
The more serious near-term effect could be on the reputation of the C.I.A. and the relationship between the technology industry and the intelligence community.
Denelle Dixon, chief legal and business officer at Mozilla, which makes the Firefox web browser and was mentioned in the WikiLeaks trove, said that if the reports were accurate, the C.I.A. and WikiLeaks were undermining the security of the internet.
"The C.I.A. seems to be stockpiling vulnerabilities, and WikiLeaks seems to be using that trove for shock value rather than coordinating disclosure to the affected companies to give them a chance to fix it and protect users," Ms. Dixon said in a statement. "Although today's disclosures are jarring, we hope this raises awareness of the severity of these issues and the urgency of collaborating on reforms."
Oren Falkowitz, a former N.S.A. official and the chief executive of the cyberdefense firm Area 1 Security, said that WikiLeaks, run by Julian Assange, had again succeeded in disrupting the status quo, as it did during last year's presidential election with the release of emails from the Democratic National Committee. "If you understand the Assange playbook," Mr. Falkowitz said, "a lot of it is just to create chaos."
But Mr. Falkowitz added that perhaps the most important message behind Tuesday's leaks was that neither government agencies nor companies can trust their employees to keep their most precious information secret.
"We expect governments to be involved in espionage," he said. "What we don't expect is that the people within these organizations would create vulnerabilities by disclosing them."
In a statement accompanying the documents, WikiLeaks said that the security flaws could easily fall into the wrong hands.
"Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike," the organization said. It said it was still reviewing whether to release any of the underlying software code.
The security flaws described by WikiLeaks are intended to target individual phones. They do not appear to give the intelligence agencies the ability to intercept electronic communications en masse.
"What can you do as a user to defend?" he asked. "Boring stuff. Keep your software up to date. Don't run unneeded apps. Don't become a C.I.A. target."
[Source: By Vindu Goel and Nick Wingfield, The New York Times, San Francisco, 07Mar17]
Privacy and counterintelligence
|This document has been published on 15Mar17 by the Equipo Nizkor and Derechos Human Rights. In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.|