CIA blasts WikiLeaks for publishing secret documents

Yahoo – AFP, Paul Handley, Rob Lever, March 9, 2017

Assange said WikiLeaks had "a lot more information" about the CIA's hacking
operation but would hold off on publishing it until it had spoken to tech
manufacturers (AFP Photo/Saul LOEB)

Washington (AFP) - The Central Intelligence Agency accused WikiLeaks of endangering Americans, helping US rivals and hampering the fight against terror threats by releasing what the anti-secrecy site claimed was a trove of CIA hacking tools.

A CIA spokeswoman would not confirm the authenticity of the materials published by WikiLeaks, which said they were leaked from the spy agency's hacking operations.

Nevertheless, said spokeswoman Heather Fritz Horniak, "The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries."

"Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm," she said.

Horniak defended the CIA's cyber operations, which the WikiLeaks materials showed focused heavily on breaking into personal electronics using a wide range of malware systems.

"It is CIA's job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad," she said.

Massive leak

On Tuesday, WikiLeaks published nearly 9,000 documents it said were part of a huge trove leaked from the CIA, describing it as the largest-ever publication of secret intelligence materials.

"This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA," it said.

Graphic outlining technical objectives of CIA hacking schemes, according 

to a new document release by WikiLeaks (AFP Photo/John SAEKI)

The documents showed that CIA hackers can turn a TV into a listening device, bypass popular encryption apps, and possibly control one's car.

Most experts believe the materials to be genuine, and US media said Wednesday that the Federal Bureau of Investigation is opening a criminal probe into the leak.

The source of the materials remained unclear. The investigation could focus on whether the CIA was sloppy in its controls, or, as The Washington Post reported, it could be "a major mole hunt" for a malicious leaker or turncoat inside the agency.

WikiLeaks itself said the documents, hacking tools and code came from an archive that had circulated among US government hackers and private contractors.

An investigation would come as the CIA is already enmeshed in a politically-charged probe into Russia's alleged interference in the US election last year in support of President Donald Trump's campaign.

WikiLeaks, which has stunned the US government with a series of publications of top secret political, diplomatic and intelligence materials, said the publication Tuesday was only the first of a series of releases of CIA hacking materials.

That raised concerns that the site could release the actual hacking tools it obtained along with the documents. Experts worry those could fall into the hands of anyone, including US enemies and criminals.

Tech sector scrambles for fixes

The WikiLeaks documents detailed the CIA's practice of exploiting vulnerabilities in hardware and software, without ever informing producers of them.

The CIA allegedly found ways to hack into personal electronics from leading companies like Apple and Samsung, Android phones, popular Microsoft software, and crucial routers from major manufacturers.

The documents suggest it can also infiltrate smartphones in a way that allows it to get around popular messaging encryption apps.

The tech sector was scrambling to understand how their products were at risk.

"While our initial analysis indicates that many of the issues leaked today

 were already patched in the latest iOS, we will continue work to rapidly address 

any identified vulnerabilities," Apple said in an emailed statement on the 

WikiLeaks documents (AFP Photo/Jack Taylor)

"While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities," Apple said in an emailed statement.

"We're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities," Google director of information security and privacy Heather Adkins said in a released statement.

"Our analysis is ongoing and we will implement any further necessary protections."

Samsung and Microsoft both said they were "looking into" what WikiLeaks revealed.

Encryption apps safe

Joseph Hall, a technologist with the Center for Democracy and Technology, a digital rights organization, said the documents raise questions about the US government's pledge last year to disclose vulnerabilities to technology firms.

That pledge means "security flaws should get back to the companies so they can get fixed, and not languish for years," he said.

The American Civil Liberties Union commented in a tweet: "When the govt finds software security holes, it should help fix them, not hoard them and leave everyone vulnerable."

Companies that make encryption programs and apps targeted by the CIA said the revelations show the agency has not been able to break their software.

Open Whisper Systems, which developed the technology for the Signal encryption app, said the CIA documents showed that Signal works.

"None of the exploits are in Signal or break Signal Protocol encryption," the group said in a tweet.

"The existence of these hacking tools is a testimonial to the strength of the encryption," said Steve Bellovin, a Columbia University computer science researcher, in a blog post.

Related Article:

WikiLeaks announces tech firm cooperation - New

China Said to Push Banks to Remove IBM Servers for Security

Jakarta Globe, Steven Yang & Edmund Lococo, May 27, 2014

A combination photo of five military officers of China's People's Liberation Army.
 A combination photo shows five Chinese military officers who the US has
accused of cyber espionage. (Reuters Photo/FBI Handout)

The Chinese government is pushing domestic banks to remove high-end servers made by International Business Machines and replace them with a local brand, according to people familiar with the matter, in an escalation of the dispute with the US over spying claims.

Government agencies, including the People’s Bank of China and the Ministry of Finance, are reviewing whether Chinese commercial banks’ reliance on IBM servers compromises the country’s financial security, said the four people, who asked not to be identified because the review hasn’t been made public.

The review fits a broader pattern of retaliation after American prosecutors indicted five Chinese military officers for allegedly hacking into the computers of US companies and stealing secrets. Last week, China’s government said it will vet technology companies operating in the country, while the Financial Times reported May 25 that China ordered state-owned companies to cut ties with US consulting firms.

Harriet Ip, a Singapore-based spokeswoman for IBM, referred questions to IBM in the US Jeffrey Cross, a Somers, New York-based spokesman, didn’t immediately respond to an e-mail seeking comment outside US business hours.

“Security trumps everything,” said Duncan Clark, chairman of BDA China Ltd., a Beijing-based consultant to technology companies. “China doesn’t need the US companies in the way it did for the last few decades.”

The results of the government review will be submitted to a working group on Internet security led by President Xi Jinping, two of the people said.

Spokesmen for Bank of China, China Construction Bank and Industrial & Commercial Bank of China declined to comment. Three phone calls to Agricultural Bank of China’s Beijing press office weren’t returned.

US technology sales in China have come under increasing threat following Edward Snowden’s revelations last June of a National Security Agency spying program. Forrester Research Inc. estimates purchases of information-technology products in China will rise 11 percent this year to $125 billion, meaning other US technology companies including Microsoft face threats to their business.

Microsoft said this month it was “surprised” to learn that China Central Government Procurement Center has excluded its Windows 8 operating system from a government purchase of energy-efficient computers. The nation’s official Xinhua News Agency called it “a move to ensure computer security.” China is the world’s largest market for personal computers.

“China’s government is in a strong position given Snowden’s disclosures,” Clark said. “If you give them an excuse, they will aggressively promote domestic brands.”

The directive would be a further blow to IBM’s business in China, where sales fell 20 percent in the first quarter. In an April conference call, Chief Financial Officer Martin Schroeter said the challenges were cyclical, “and we still see good opportunity over the long term” in China.

IBM announced in January it would sell its low-end server computer business to Beijing-based Lenovo for $2.3 billion. That transaction faces regulatory scrutiny including a US national security review. Angela Lee, a Hong Kong-based spokeswoman for Lenovo, said she couldn’t immediately comment about the report.

In addition to concern about Armonk, New York-based IBM’s equipment as a security threat, China’s government also believes IBM servers are more expensive in China than in other regions, the people said.

China Postal Savings Bank is using servers made by Jinan-based Inspur as part of a trial program that began in March 2013, the people said. The government plans to expand that trial to other banks, they said.

The group’s Inspur International unit gained 10 percent to HK$1.53 at 2:57 p.m. in Hong Kong trading today. In Shenzhen, Inspur Electronic Information Industry Co. rose 4.7 percent.

Other agencies involved in the review include the National Development and Reform Commission, the China Banking Regulatory Commission, and the Ministry of Industry and Information Technology, the people said. The NDRC, the Finance Ministry, the central bank and the CBRC didn’t immediately respond to faxed requests for comment.

The US indictment, announced May 19, led China to suspend its involvement in a cybersecurity working group and drew formal protests from the ministries of defense and foreign affairs. The State Internet Information Office likened the US actions to “a thief yelling ‘Catch the thief.’”

Bloomberg

Related Articles:

Chinese banks ditch US providers for Alibaba's Aliyun - New
Inspur confirms recruitment of IBM workers
Banks in China fear over-reliance on IBM information systems
China demands halt to 'unscrupulous' US cyber-spying

Microsoft's golden era in China coming to an end

US tech sector feels pain from PRISM
Cisco's business in China set to suffer from Prism revelations

US tech sector feels pain from PRISM

Google – AFP, Rob Lever (AFP), 27 August 2013

A 'Secure Cloud Storage' drive is seen at the CeBIT, world's biggest IT fair,

in Hanover, on March 3, 2011 (AFP/File, Johannes Eisele)

WASHINGTON, DC — Revelations about vast US data collection programs are starting to hit American tech companies, which are ramping up pressure for increased transparency to try to mitigate the damage.

An industry group, the Cloud Security Alliance said last month that 10 percent of its non-US members have cancelled a contract with a US-based cloud provider, and 56 percent said they were less likely to use an American company.

A separate report this month by the Information Technology & Innovation Foundation, or ITIF, a Washington think tank, said US cloud providers stand to lose $22 billion to $35 billion over the next three years due to revelations about the so-called PRISM program.

Daniel Castro, author of the report, says a loss of trust in US tech firms could lead to "protectionist" measures that hurt the fast-growing cloud sector.

"The risk is that a country like Germany will say you have to be a German company to provide data services in Germany," Castro told AFP.

"I don't think that helps anyone. We do benefit from free trade and the robust competitiveness in the tech industry."

The report notes that the United States dominates the cloud computing market both domestically and abroad, and that US firms could lose between 10 and 20 percent of the foreign market in the next few years.

Tech companies, especially firms in cloud computing, have been in a frenzy since details leaked in June about surveillance efforts led by the secretive National Security Agency, including PRISM, believed to scoop up massive amounts of data as part of efforts to thwart terrorism.

Castro said in his report "the disclosures of the NSA's electronic surveillance may fundamentally alter the market dynamics."

The news "will likely have an immediate and lasting impact on the competitiveness of the US cloud computing industry if foreign customers decide the risks of storing data with a US company outweigh the benefits," he wrote.

Much concern in being expressed in Europe. Estonian President Toomas Hendrik last month urged the EU to develop its own cloud industry, noting that 95 percent of the services come from US firms.

"Recent months have proven once again that it's very important for Europe to have its own data clouds that operate strictly under European legislation," he said.

Some analysts say losses could be even greater than the ITIF predicts, if the fallout affects consumer-based services like email and search.

And Forrester Research analyst James Staten argued that, in addition to the loss of foreign customers, US customers may look overseas for cloud services, and the rest of the tech sector could also see an impact.

"Add it all up and you have a net loss for the service provider space of about $180 billion by 2016, which would be roughly a 25 percent decline in the overall IT services market," Staten said.

The tech sector has been active on several fronts, filing court cases and making public pleas to the US administration for more transparency, in the hope that fuller disclosure will ease fears about how data is shared.

Six large high-tech lobby groups sent a letter to President Barack Obama this month asking for such steps, saying more transparency "can assist in reestablishing trust, both domestically and globally."

Ross Schulman of Computer & Communications Industry Association, one of the tech associations, said "the lack of information is compounding the trust problem."

Schulman said it's not clear if the volume of data collected by the government is more or less than people believe.

"If it's less, that could help trust," he said. "If it's more, people could have an informed discussion of surveillance practices."

But in the current situation, he said, "it's difficult to go to customers and say the cloud is the best place for your data."

Related Articles:

Prism program may prompt China to replace computer systems

Cisco's business in China set to suffer from Prism revelations 

Cisco's business in China set to suffer from Prism revelations

Want China Times, Staff Reporter 2013-06-18

Cisco's booth at a trade show in Washington DC. (Photo/CFP)

At a time when nine internet companies are believed to be involved in the US National Security Agency's Prism surveillance, Cisco Systems, one of the nine and the world's biggest IT equipment provider in cloud computing, has been involved in almost all China's major network construction projects, the Shenzhen-based Securities Times reports.

Edward Snowden, a former technical worker at the CIA and NSA last week sensationally revealed himself as the whistleblower behind leaks that uncovered secret US government surveillance programs. Snowden, an IT administrator for the defense contractor Booz Allen Hamilton, said that the UK intelligence-gathering agency GCHQ may have connections to the Prism program, which is said to give American agencies easy access to nine of the world's top internet companies, as well as the phone records of millions of people.

According to Snowden, nine companies, including Cisco, Apple, Facebook, Microsoft and Google, are involved in spying activities by giving access to their databanks to the US agencies — an accusation all nine companies swiftly denied, the report said.

However, on June 14, Facebook and Microsoft admitted that the US government had asked them to provide information on their users, and they unveiled the partial details in a bid to distance themselves from the Prism revelations as early as possible.

Meanwhile, Chinese media has turned the focus to the potential threats to China's internet security by these US internet companies, as Snowden revealed that the NSA monitored China's internet and computer operations via Cisco.

Cisco has reportedly been involved in almost all the construction of major network projects in China related to the government, customs, post offices, finance, railway, aviation, medical, military and police, as well as telecommunication networks. Cisco controls more than 70% of China's two biggest internet operators, China Telecom and China Unicom, which together account for more than 80% of the country's internet traffic.

Furthermore, Cisco is the key technology and equipment supplier to the US government and its military. Security experts are therefore worried that in the even of war, the US government could use Cisco's products around the world to create an internet war to deal a major blow to adversary countries.

Cisco has overtaken Hewlett-Packard and IBM to become the world's biggest IT equipment provider in terms of cloud computing, according to market researcher Synergy Research Group.

Cisco raked in income of more than US$1.6 billion last year in China, representing 30% of its total profits. It is expected that the Prism incident will seriously affect its business in China, while other companies such as Microsoft and Apple will also see their business in mainland China affected, the report said.

Since last year, security experts already called for the Chinese government to emphasize internet security problems. The Prism incident is a major warning and may well prompt Beijing to enact an internet security act to set clear rules to regulate purchases by the government, military and state-run enterprises.

Such legislation would inevitably benefit domestic suppliers such as Huawei and ZTE in cloud computing, data processing, IT consulting and information security, the report said. Perhaps a touch ironically, the two Chinese companies have seen their attempts to expand their business in the United States hampered by national security concerns from the US government in precisely the same manner as Cisco may be expected to experience.

Related Article:

U.S. Agencies Said to Swap Data With Thousands of Firms