By John Walcott and Mark Hosenball
WASHINGTON (Reuters) – The contractors likely breached security and released documents describing the Central Intelligence Agency’s use of hacking tools to the anti-secrecy group WikiLeaks, intelligence and law enforcement officials told Reuters. United on Wednesday.
Two officials who spoke on condition of anonymity said intelligence agencies have been aware of the breach since late last year, prompting WikiLeaks to post thousands of pages of information on its website on Tuesday.
According to the documents, CIA hackers could gain access to Apple Inc (O 🙂 iPhones, devices running Google‘s Android software, and other devices to capture text and voice messages before they are encrypted with sophisticated software. .
“Anyone who leaks classified information will be subject to the highest degree of law,” said spokesman Sean Spicer.
The two officials told Reuters they believed the documents released about the CIA’s hacking techniques used between 2013 and 2016 were authentic.
One of the officials with knowledge of the investigation said that companies that are contractors for the CIA have been checking which of their employees had access to the material that WikiLeaks published and then went through their computer records, emails and other communications for evidence . who might be responsible for.
On Tuesday, in a press release, WikiLeaks itself said the CIA had “lost control” of a file of hacking methods and that it appeared to have circulated “among former hackers and US government contractors in an unauthorized manner. , one of which provided WikiLeaks with parts of the file. “
The CIA, which is the US civilian foreign intelligence service, declined to comment on the authenticity of the alleged intelligence documents.
The agency said in a statement that its mission was to collect foreign intelligence abroad “to protect the United States from terrorists, hostile nation states and other adversaries” and to be “innovative, cutting-edge, and the first line of defense to protect this country. of enemies abroad. “
The CIA is legally prohibited from surveillance within the United States and “does not do so,” the statement added.
CONTRACTORS MUST BE ‘LOYAL TO AMERICA’
A US government source familiar with the matter said it would be normal for the Federal Bureau of Investigation and the CIA to open investigations into such leaks. US officials have previously confirmed that prosecutors in Alexandria, Virginia, have for years been conducting a federal grand jury investigation into WikiLeaks and its staff.
A spokesman for prosecutors declined to comment on the possibility of that investigation being expanded. It is unclear if the investigation into the latest CIA leaks is part of the investigation.
Contractors have been revealed as the source of sensitive government information leaks in recent years, most notably Edward Snowden and Harold Thomas Martin, both employed by consulting firm Booz Allen Hamilton (N 🙂 while working for the National Security Agency.
US Senator Dianne Feinstein of California and a Democrat on the intelligence committee, said the administration needed to stop the violations.
“I think we really need to take a look at the contractors’ part of the employee workforce, because you have to be loyal to the United States to work for an intelligence agency, otherwise don’t,” Feinstein said.
Both the US Senate and House intelligence committees have opened or are expected to open investigations into the CIA violation, congressional officials said.
Some cybersecurity experts and tech companies have criticized the government for choosing to exploit rather than disclose software vulnerabilities, although an interagency review process established under former President Barack Obama was intended to err on disclosure.
Those concerns would increase if the US authorities did not notify companies that CIA documents describing various hacking techniques have been compromised.
Apple, Alphabet Inc (O 🙂 Google, Cisco Systems Inc (O 🙂 and Oracle Corp (N 🙂 did not immediately respond when asked if they were notified of a CIA breach before WikiLeaks made their files public.
At Apple, none of the vulnerabilities described in the documents caused panic, although the analysis was continuing, according to a person who spoke with engineers there.
Google’s Chief Information Security and Privacy Officer Heather Adkins said in a statement: “As we review the documents, we are confident that security updates and protections in Chrome and Android (operating systems) already protect users of many of these suspected vulnerabilities. Our analysis is ongoing and we will implement any additional protection necessary. “
GREATER NUMBER OF CONTRACTORS
One of the reasons the investigation focuses on a possible leak by contractors rather than, for example, an attack by Russian intelligence, another official said, is that there is so far no evidence that law enforcement agencies Russian intelligence agencies tried to exploit the leaked material before it was published. .
A European official, who spoke on condition of anonymity, said the WikiLeaks material could lead to closer cooperation between European intelligence agencies and their American counterparts, who share concerns about Russian intelligence operations.
US intelligence agencies have accused Russia of trying to tilt last year’s US presidential election in Trump’s favor, including by hacking into Democratic Party emails. Moscow has denied the accusation.
A major security problem was that the number of contractors with access to the highest classified information has “skyrocketed” due to federal budget constraints, the first US official said.
US intelligence agencies have been unable to hire additional permanent staff needed to keep up with technological advancements such as the “Internet of Things” that connects cars, home heating and security systems and other devices to networks. computer science, or to pay salaries competitive with the private ones. sector, the official said.
Reuters could not immediately verify the content of the published documents.
A person familiar with WikiLeaks activities said the group has had pirated CIA material for months, and that the release of the material was in the works “for a long time.”
In Germany on Wednesday, the chief federal prosecutor’s office said it would review WikiLeaks documents because some suggested the CIA was running a hacking center from the US consulate in Frankfurt.
“We will launch an investigation if we see evidence of specific criminal acts or specific perpetrators,” a spokesman for the federal prosecutor’s office told Reuters.
Chancellor Angela Merkel is scheduled to visit Washington on March 14 for her first meeting with Trump, who has harshly criticized Berlin for everything from its trade policy to what he sees as inappropriate levels of military spending.