How bad is recent WikiLeaks document spill about CIA? Look beyond headlines

If you didn’t already know, smart gadgets are vulnerable to hacking, require basic digital hygiene

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Wik­iLeaks got everyone’s atten­tion again last week, with dire head­lines pro­claim­ing the entire Amer­i­can gov­ern­ment spook infra­struc­ture had just been dec­i­mat­ed by the secret-smash­ing site.

Bob Sul­li­van, cyber­se­cu­ri­ty jour­nal­ist and one of the found­ing mem­bers of msnbc.com

Hold on to your hyper­bole: There’s a lot more to this sto­ry.

Julian Assange, true to form, has shared a lit­tle leaked data and promised a whole lot more. (“Less than 1%” has been shared, the site said in a tweet). The cache of stolen doc­u­ments it pub­lished does have a media-friend­ly name, how­ev­er: Vault7.

So far, some 8,000 pages of doc­u­ments show­ing Amer­i­can spooks dis­cussing their tools and tricks have been post­ed. Sure, it’s a bit star­tling to read about your gov­ern­ment try­ing to use your TV to spy on you. But any­one who’s been read­ing the news dur­ing the past sev­er­al years should have guessed that U.S. secu­ri­ty agen­cies (and every oth­er secu­ri­ty agency) has tried to use our TVs against us as spy devices. After all, Sam­sung told us that.

Relat­ed sto­ry: Samsung’s SmartTV fore­shad­ows Inter­net of Things eaves­drop­ping

At the time, the device’s pri­va­cy pol­i­cy said, “Please be aware that if your spo­ken words include per­son­al or oth­er sen­si­tive infor­ma­tion, that infor­ma­tion will be among the data cap­tured and trans­mit­ted to a third par­ty.”

Noth­ing revealed to cause pan­ic

Oth­er rev­e­la­tions in the Wik­iLeaks dump are sim­i­lar­ly non­rev­e­la­to­ry. The U.K.-based Inde­pen­dent pub­lished the top sur­pris­es con­tained in the dump. One of them was the inter­net TV thing. Oth­ers include car hack­ing (pure spec­u­la­tion, but eas­i­ly deduced), phone hack­ing to get around encryp­tion (of course), and zero-day hoard­ing (spies keep vul­ner­a­bil­i­ties they find to them­selves; Edward Snow­den told us that).

Cyber­se­cu­ri­ty blog­ger Bri­an Krebs makes the point that most of the tech­niques iden­ti­fied require a series of things to line up per­fect­ly for Amer­i­can spies. For exam­ple: They’d need an unpatched smart TV and phys­i­cal access to the gad­gets to install a USB device. In oth­er words, these tools are very use­ful for spe­cif­ic high-val­ue tar­gets that are worth the work, but don’t rise any­where near the lev­el of mass sur­veil­lance.

If there is tru­ly anoth­er 99 per­cent to this sto­ry, well per­haps it ulti­mate­ly will amount to a shock­ing lev­el of data gath­er­ing that attacks all Amer­i­cans. We’re hard­ly there right now, how­ev­er.

Leaked code could cause prob­lems

Now, if and when Wik­iLeaks starts pub­lish­ing the actu­al source code for these attacks, we all have a big­ger prob­lem. Crim­i­nals will adopt CIA-style hack­ing tools and use them against us. In a seem­ing act of largess, Wik­iLeaks announced Thurs­day that it would work with soft­ware and hard­ware mak­ers to patch the flaws that allow the attacks, rather than release them to the world.

Assum­ing Wik­iLeaks is, so far, telling the truth, the main con­se­quence for Amer­i­can spies is that a bunch of their favorite hack­ing tricks have now been “burned”—they won’t work any more. So, America’s cyber spooks will have to go to work and find more flaws. This ranks some­where between an annoy­ance and a months-long set­back.

The leak also shows that, once again, our nation­al secu­ri­ty agen­cies aren’t near­ly secure enough with their own secrets. But (thanks, Snow­den) we already knew that, too.

Innu­en­do and obfus­ca­tion

I hope none of you are will­ing to believe every­thing is as it seems, how­ev­er. After watch­ing Wik­iLeaks play a sig­nif­i­cant role in the U.S. elec­tion, it would be sil­ly not to think about the tim­ing of this release. This new CIA sto­ry clear­ly serves to make a new mess out of the cur­rent news cycle. Yes, Trump’s peo­ple talked to Rus­sia! No they didn’t, the CIA is just mak­ing it look that way!

It’s a con­ve­nient dis­trac­tion, but even more, it fur­ther serves to erode Amer­i­cans’ faith in the insti­tu­tions that are sup­posed to pro­tect them. In our com­pli­cat­ed, con­nect­ed world, every nation-state is always look­ing for an edge. Cre­at­ing uncer­tain­ty inside demo­c­ra­t­ic nations cer­tain­ly accom­plish­es that. And if it helps take a lit­tle heat off inves­ti­ga­tions that Rus­sia uses dig­i­tal-age pro­pa­gan­da to under­mine West­ern elec­tions, well, that’s an added bonus.

A deep­er explo­ration of this ver­sion of events can be found at Bloomberg.

When­ev­er a news event hits today, I want you to think about who that news ben­e­fits, and work back­ward from there. When you think that way, head­lines can read very dif­fer­ent­ly.

How can con­sumers pro­tect them­selves from all this? It’s chal­leng­ing, of course. But this sto­ry is a great reminder that our homes are now full of com­put­ers that we didn’t use to think of as com­put­ers. Our TVs, baby mon­i­tors, even crock­pots, can all be used against us, or as agents in a larg­er crime. So we all have to get used to using basic dig­i­tal hygiene on our Inter­net of Things devices. Update the soft­ware on all these gad­gets, and you will go a long way toward stay­ing safe.

More sto­ries relat­ed to secu­ri­ty of the Inter­net of Things:
Data secu­ri­ty even more crit­i­cal as Inter­net of Things mul­ti­plies, morphs
Cyber­se­cu­ri­ty holes in con­nect­ed cars leave doors unlocked for hack­ers
Why more attacks lever­ag­ing the Inter­net of Things are inevitable