How bad is recent WikiLeaks document spill about CIA? Look beyond headlines
If you didn’t already know, smart gadgets are vulnerable to hacking, require basic digital hygiene
By Bob Sullivan, Special to ThirdCertainty
WikiLeaks got everyone’s attention again last week, with dire headlines proclaiming the entire American government spook infrastructure had just been decimated by the secret-smashing site.
Hold on to your hyperbole: There’s a lot more to this story.
Julian Assange, true to form, has shared a little leaked data and promised a whole lot more. (“Less than 1%” has been shared, the site said in a tweet). The cache of stolen documents it published does have a media-friendly name, however: Vault7.
So far, some 8,000 pages of documents showing American spooks discussing their tools and tricks have been posted. Sure, it’s a bit startling to read about your government trying to use your TV to spy on you. But anyone who’s been reading the news during the past several years should have guessed that U.S. security agencies (and every other security agency) has tried to use our TVs against us as spy devices. After all, Samsung told us that.
Nothing revealed to cause panic
Other revelations in the WikiLeaks dump are similarly nonrevelatory. The U.K.-based Independent published the top surprises contained in the dump. One of them was the internet TV thing. Others include car hacking (pure speculation, but easily deduced), phone hacking to get around encryption (of course), and zero-day hoarding (spies keep vulnerabilities they find to themselves; Edward Snowden told us that).
Cybersecurity blogger Brian Krebs makes the point that most of the techniques identified require a series of things to line up perfectly for American spies. For example: They’d need an unpatched smart TV and physical access to the gadgets to install a USB device. In other words, these tools are very useful for specific high-value targets that are worth the work, but don’t rise anywhere near the level of mass surveillance.
If there is truly another 99 percent to this story, well perhaps it ultimately will amount to a shocking level of data gathering that attacks all Americans. We’re hardly there right now, however.
Leaked code could cause problems
Now, if and when WikiLeaks starts publishing the actual source code for these attacks, we all have a bigger problem. Criminals will adopt CIA-style hacking tools and use them against us. In a seeming act of largess, WikiLeaks announced Thursday that it would work with software and hardware makers to patch the flaws that allow the attacks, rather than release them to the world.
Assuming WikiLeaks is, so far, telling the truth, the main consequence for American spies is that a bunch of their favorite hacking tricks have now been “burned”—they won’t work any more. So, America’s cyber spooks will have to go to work and find more flaws. This ranks somewhere between an annoyance and a months-long setback.
The leak also shows that, once again, our national security agencies aren’t nearly secure enough with their own secrets. But (thanks, Snowden) we already knew that, too.
Innuendo and obfuscation
I hope none of you are willing to believe everything is as it seems, however. After watching WikiLeaks play a significant role in the U.S. election, it would be silly not to think about the timing of this release. This new CIA story clearly serves to make a new mess out of the current news cycle. Yes, Trump’s people talked to Russia! No they didn’t, the CIA is just making it look that way!
It’s a convenient distraction, but even more, it further serves to erode Americans’ faith in the institutions that are supposed to protect them. In our complicated, connected world, every nation-state is always looking for an edge. Creating uncertainty inside democratic nations certainly accomplishes that. And if it helps take a little heat off investigations that Russia uses digital-age propaganda to undermine Western elections, well, that’s an added bonus.
A deeper exploration of this version of events can be found at Bloomberg.
Whenever a news event hits today, I want you to think about who that news benefits, and work backward from there. When you think that way, headlines can read very differently.
How can consumers protect themselves from all this? It’s challenging, of course. But this story is a great reminder that our homes are now full of computers that we didn’t use to think of as computers. Our TVs, baby monitors, even crockpots, can all be used against us, or as agents in a larger crime. So we all have to get used to using basic digital hygiene on our Internet of Things devices. Update the software on all these gadgets, and you will go a long way toward staying safe.
More stories related to security of the Internet of Things:
Data security even more critical as Internet of Things multiplies, morphs
Cybersecurity holes in connected cars leave doors unlocked for hackers
Why more attacks leveraging the Internet of Things are inevitable