WikiLeaks Reignites Tensions Between Silicon Valley and Spy Agencies


The tense relationship between the technology industry and government agencies has been well documented. After the disclosures by Mr. Snowden, a former contractor for the National Security Agency, the government appeared to give some ground to the industry, which was angered by previously unknown snooping on their products and embarrassed by disclosures of their cooperation with intelligence agencies.

The government allowed companies to describe in broad terms the number of secret court orders for access to customer information that they receive. President Barack Obama also promised that the government would share knowledge of security flaws so that they could be fixed.

But last year, relations soured again after Apple resisted a Justice Department request for help accessing the iPhone of one of the attackers in the 2015 shooting in San Bernardino, Calif. As the company’s chief executive, Timothy D. Cook, explained in a letter to customers at the time, “The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers.”

In that case, the government eventually found a way into the phone without Apple’s assistance.

The documents posted by WikiLeaks suggest that the C.I.A. had obtained information on 14 security flaws in Apple’s iOS operating system for phones and tablets.

Apple said Tuesday night that many of those security issues had already been patched in the latest version of its software and it was working to address remaining vulnerabilities.

The leaked documents also identified at least two dozen flaws in Android, the most popular operating system for smartphones, which was developed by Alphabet’s Google division.

Google said it was studying the flaws identified by WikiLeaks. Android is more difficult to secure than Apple’s software because many phone makers and carriers use older or customized versions of the software.

The documents released by WikiLeaks reveal numerous efforts by the C.I.A. to take control of Microsoft Windows, the dominant operating system for personal computers, using malware. They include techniques for infecting DVDs and USB storage devices with malware that can be spread to computers when they are plugged in.

Photo

In February 2016, about a dozen protesters demonstrated outside F.B.I. headquarters in Washington against an attempt by the government to force Apple to create a so-called backdoor to the iPhone.

Credit
Chip Somodevilla/Getty Images

“We’re aware of the report and are looking into it,” Microsoft said in a statement.

Security experts said it was not surprising that the government had stockpiled flaws in major technology products to use for spying. “The real scandal and damaging thing is not knowing these things exist, but that the C.I.A. could be so careless with them that they leaked out,” said Matthew D. Green, an assistant professor in the department of computer science at Johns Hopkins University.

Inside technology companies, the revelations set off a scramble to assess the potential damage to the security of their products.

The vulnerabilities, some of which were already known in the security community, could leave individual users of computers, mobile phones and other devices open to being snooped on. Technology companies are likely to plug the holes, however, even as new ones are discovered by spy agencies and others.

The more serious near-term effect could be on the reputation of the C.I.A. and the relationship between the technology industry and the intelligence community.

Denelle Dixon, chief legal and business officer at Mozilla, which makes the Firefox web browser and was mentioned in the WikiLeaks trove, said that if the reports were accurate, the C.I.A. and WikiLeaks were undermining the security of the internet.

“The C.I.A. seems to be stockpiling vulnerabilities, and WikiLeaks seems to be using that trove for shock value rather than coordinating disclosure to the affected companies to give them a chance to fix it and protect users,” Ms. Dixon said in a statement. “Although today’s disclosures are jarring, we hope this raises awareness of the severity of these issues and the urgency of collaborating on reforms.”

Oren Falkowitz, a former N.S.A. official and the chief executive of the cyberdefense firm Area 1 Security, said that WikiLeaks, run by Julian Assange, had again succeeded in disrupting the status quo, as it did during last year’s presidential election with the release of emails from the Democratic National Committee. “If you understand the Assange playbook,” Mr. Falkowitz said, “a lot of it is just to create chaos.”

But Mr. Falkowitz added that perhaps the most important message behind Tuesday’s leaks was that neither government agencies nor companies can trust their employees to keep their most precious information secret.

“We expect governments to be involved in espionage,” he said. “What we don’t expect is that the people within these organizations would create vulnerabilities by disclosing them.”

In a statement accompanying the documents, WikiLeaks said that the security flaws could easily fall into the wrong hands.

“Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike,” the organization said. It said it was still reviewing whether to release any of the underlying software code.

The security flaws described by WikiLeaks are intended to target individual phones. They do not appear to give the intelligence agencies the ability to intercept electronic communications en masse.

“What can you do as a user to defend?” he asked. “Boring stuff. Keep your software up to date. Don’t run unneeded apps. Don’t become a C.I.A. target.”

Continue reading the main story



Source link

About admin

Check Also

When Using 5 Messaging Apps is Not Enough

What could be better about the tools? If you look at my iPhone screen, you’ll ...

Leave a Reply

Your email address will not be published. Required fields are marked *