WikiLeaks, “Year Zero” and the CIA Hacking Files
WikiLeaks, “Year Zero” and the CIA Hacking FilesBy Binoy Kampmark
“It is now up to the device and OS manufacturers, like Apple, Google, or Samsung, to fix their volcanoes back into mountains.”
Telegram Statement, Mar 8, 2017
The paradox with information releases that expose a supposedly grand internal stratagem is that they merely provide the food of confirmation otherwise lacking. Such food is potent. It blows the lid off the suggestion that a conspiracy theorist was merely a Cassandra in the wilderness chewing fingernails in fear that something hideous was afoot. It provides nutrients for those seeking greater scrutiny over the way state security, otherwise deemed the domain of closeted experts, is policed.
The entire profession (for it has now become one) of mass disclosures of secret or classified documentation has reached a point where its normality can hardly be questioned. Be it the juicy revelations of Edward Snowden in 2013, the work of WikiLeaks in this decade and the last, and the Panama Papers, whistleblowing, still punished and frowned upon, remains indispensable to the conversation about transparency and the inner operations of the Dark State and its accessories.
That Dark State was given a further lighting up on Tuesday with the release, by WikiLeaks, of its CIA Vault 7 and Year Zero series that has caused the usual flutter in the intelligence community and governments.
These comprise the machinery of hacking and cyber war tactics, an overview of methods that suggest, according to WikiLeaks, a loss of control by the agency over a good deal of its hacking arsenal (“malware, viruses, Trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation”).
The releases reveal aspects of the internal functions of the organisation, including the works of its Engineering Development Group (EDG), dedicated to the development of software within the Center for Cyber Intelligence.
As WikiLeaks revealed, the sophisticated nature of surveillance is now such as to draw comparisons with George Orwell’s 1984 “but ‘Weeping Angel’, developed by the Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.” Samsung has figured prominently in such attacks jointly conducted with Britain’s MI5/BTSS.
Even of more concern is that such methods, similar to the hoovering techniques of trawler surveillance, tend to hamper, rather than sharpen, discrimination regarding targets of value. Malware, in making its way into a range of devices (iPhones, Android, smart TVs), lingers like an innocuous, odourless smell.
This makes suggestions of ‘targeted’ surveillance, or surveillance against countries other than those of the Five Eyes, absurd. (Vide the opinions of Australia’s insipid Christopher Pyne, who assumes with school boy innocence that Washington would never have an interest in spying on Australian subjects.)
Controls over the nature of who receives or uses such devices or operating systems are less relevant than the nature of the devices, adjusted and cooked to the right level of surveillance. So called “smart” devices are hardly discerning in that regard.
The releases have also seen a rapid scramble on the part of app companies to claim that the Vault and Zero Year coverage by WikiLeaks reveals a crude reality: you simply cannot rely on the security of your messaging format.
“To put ‘Year Zero’ into familiar terms,” the statement from Telegram instructs with confidence piercing clarity, “imagine a castle on a mountainside. That castle is a secure messaging app. The device and its OS are the mountain. Your castle can be strong, but if the mountain below is an active volcano, there’s little your engineers can do.”
The statement by Telegram goes on to charmingly remind users that it would not matter “which messenger you use. No app can stop your keyboard from knowing what keys you press. The focus, then, is on “devices and operating systems like iOS and Android” not on the level of apps. “For this reason,” the app company insists, “naming any particular app in this context is misleading.”
What is not misleading is the effect of such surveillance, the insecurity it inflicts on customers, and the rampant breach of privacy. The intelligence agencies find themselves running out of breath, bloated and spread. Their outsourcing of services through less secure channels - namely contractors - has also unleased a demon they can barely control.
Defenders of such methods spring back into a default mode that assumes WikiLeaks has done something terrible, emboldening enemies of the United States as defender of the now poorly described “free world”. Pundits and former members of the security coven fear that the disclosure of the CIA playbook on this is somehow tantamount to giving away the family silver to a suicide bomber in search of martyrdom. The pertinent question here, surely, is defending that world from within as a matter of course.
Even the most dyed-in-the-wool establishment type has to concede that the intelligence community, puffing and out of breath, is there for the trimming, a vigorous pruning that just might ensure its reinvigoration and relevance.
The CIA is a beast in maturation, adjusting, and flexing its muscles in accordance with circumstance. It is to be watched, accordingly cleaned and overseen by diligent groundsmen and women. Sadly, the members of Congress are not necessarily the most able, or willing, to do that watching. An external impetus, miraculously supplied, might well do the trick.
Dr. Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge. He lectures at RMIT University, Melbourne. Email: firstname.lastname@example.org