Last night, Wikileaks published what it claims to be the biggest leak of secret CIA files in the agency’s 70-year history.
The documents describe an arsenal of tools designed to hack into computers, phones and even smart TVs.
While the CIA itself declined to comment on the authenticity of the files, experts said they appeared legitimate.
Of all the mind-boggling allegations, one of the most extraordinary was made not in the dump itself, but by Wikileaks’s Twitter account.
But as Edward Snowden, the man behind the NSA files, quickly pointed out, the tweet “incorrectly implies” that the CIA cracked the encryption behind messaging apps such as Signal, Telegram, WhatsApp and Confide, which are often used by whistleblowers and humans rights activists.
As Snowden notes, the documents suggest a much bigger problem: that the CIA had hacked the Apple iOS and Google Android operating systems.
In that case, it wouldn’t matter whether WhatsApp messages were encrypted when they were stored or sent, because the CIA has total control of the phone, affording spies access to any app.
Unlike the Snowden revelations, however, these documents don’t expose mass surveillance programmes.
Writing in the Guardian, Trevor Timms therefore encourages readers to adopt encrypted apps. Thanks to Signal, WhatsApp and other services, he says millions of messages can no longer be hoovered up by intelligence agencies.
Instead, Timms notes that agencies now have to target people on a costly case-by-case basis, discouraging them from snooping on those who aren’t a threat.
There are a few other important points to mention too:
1. Apple claims it had already patched a number of the bugs detailed in the leaks in the last update and will “rapidly address” the rest. Google hasn’t commented, but will no doubt be doing the same.
2. CNET notes that US-friendly government agencies, such as those in Britain, may also have access to the tools. The documents claim that MI5 built one of the hacks.
3. The BBC’s Mark Ward suggests that the CIA will have other attack tools ready to deploy that are not described in the documents.
The documents can be read here.