WikiLeaks' dump of CIA hacking tools is 'devastating' for the agency - but there may be an upside
The documents, which experts widely believe to be authentic, describe how the agency's Center for Cyber Intelligence develops malware, viruses, trojans, weaponized "zero day" exploits, and other tools to hack devices like iPhones, Android phones, and Samsung "smart" TVs.
Heather Fritz Horniak, a CIA spokesperson, told Business Insider that the agency "does not comment on the authenticity or content of purported intelligence documents."
Per the CIA's charter, its hacking arsenal can only be deployed against foreign targets, not against US citizens. Officials have emphasized that using the tools against overseas targets constitutes legal intelligence collection, but WikiLeaks said it was given the documents by a former US government hacker or contractor concerned about "whether the CIA's hacking capabilities exceed its mandated powers."
WikiLeaks has not yet published the cyberweapons' codes, which detail how they are used operationally. But Tuesday's leak has essentially rendered them useless, and could set the CIA's cyber intelligence teams back by "at least a year," said Alex McGeorge, a senior security researcher at cybersecurity firm Immunity, Inc.
"All of these tools and techniques are now burned," McGeorge said, noting that the dump included extensive testing plans to make sure the tools wouldn't backfire. "The CIA won't want to use them again, and operations using those tools that may be running at this moment will need to have the tools swapped out or abandoned entirely."
Cybersecurity experts who spoke to Business Insider broadly agreed that the CIA's hacking arsenal was not nearly as sophisticated as the National Security Agency's, and it's unclear how heavily the CIA as a whole depended on the tools developed by the Center for Cyber Intelligence.
But "the impact could be quite severe" if the tools were used throughout the CIA, McGeorge said, and it will be "a tall order" to redesign and redeploy them.
"For the CIA this is a huge loss," Jake Williams, founder of cybersecurity firm Rendition Infosec, told the Daily Beast. "For incident responders like me, this is a treasure trove."
"This, from the CIA perspective, is devastating," former CIA counterterrorism official Philip Mudd told CNN on Wednesday. "And there's got to be a manhunt in that organization today to determine who did this."
Foreign intelligence agencies may now be aware of the CIA's tools and what devices are at risk, which may force the agency to "shift its activities," Jeff Bardin, the Chief Intelligence Officer at cybersecurity firm Treadstone 71, told Business Insider.
But the CIA is "always looking at how to modify and update" its tools, anyway, so it likely won't take long for them to discover new vulnerabiliites and avenues of attack known as "zero days."
"Based on what we've seen for years, there will always be zero days," Bardin said. "This just forces them to innovate even faster than before."
Christopher Mimms, a technology columnist at the Wall Street Journal, said on Twitter that any damage done to the CIA's arsenal will likely be temporary at best.
"Zero day exploits = renewable resource," he said.
The leak could have an upside, if the CIA is able to reconfigure its hacking tools quickly. Some US adversaries may see the leaked tools as a deterrent to wage a cyber war with the US in the future, according to Larry Johnson, a Secret Service veteran and Chief Strategy Officer at the cybersecurity firm Cybersponse.
"Technology is altered and improved so often that tools used by the CIA today were likely not going to be relevant in the near future, anyway," Johnson told Business Insider. "But if the US' adversaries didn't already know that the CIA was capable of developing these sophisticated tools, well, they know it now."