From Consortium News
WikiLeaks' disclosure of documents revealing CIA cyber-spying capabilities underscores why much more skepticism should have been applied to the U.S. intelligence community's allegations about Russia "hacking" last year's American presidential election. It turns out that the CIA maintains a library of foreign malware that could be used to pin the blame for a "hack" on another intelligence service.
That revelation emerged from documents that WikiLeaks published on Tuesday from a CIA archive that WikiLeaks said had apparently been passed around within a community of former U.S. government hackers and contractors before one of them gave WikiLeaks some of the material.
The documents revealed that the CIA can capture the content of encrypted Internet and cell-phone messages by grabbing the material in the fraction of a second before the words are put through encryption.
Another program called "Weeping Angel" can hack Samsung "smart" TVs with built-in Internet connections, allowing the CIA and British intelligence to covertly use the TVs as listening devices even when they appear to be turned off.
Besides the 1984-ish aspects of these reported capabilities -- Orwell's dystopia also envisioned TVs being used to spy on people in their homes -- the WikiLeaks' disclosures add a new layer of mystery to whether the Russians were behind the "hacks" of the Democratic Party or whether Moscow was framed.
For instance, the widely cited Russian fingerprints on the "hacking" attacks -- such as malware associated with the suspected Russian cyber-attackers APT 28 (also known as "Fancy Bear"); some Cyrillic letters: and the phrase "Felix Edmundovich," a reference to Dzerzhinsky, the founder of a Bolsheviks' secret police -- look less like proof of Russian guilt than they did earlier.
Or put differently -- based on the newly available CIA material -- the possibility that these telltale signs were planted to incriminate Moscow doesn't sound as farfetched as it might have earlier.
A former U.S. intelligence officer, cited by The Wall Street Journal on Wednesday, acknowledged that the CIA's "Umbrage" library of foreign hacking tools could "be used to mask a U.S. operation and make it appear that it was carried out by another country... That could be accomplished by inserting malware components from, say, a known Chinese, Russian or Iranian hacking operation into a U.S. one."
While that possibility in no way clears Moscow in the case of the Democratic "hack," it does inject new uncertainty into the "high confidence" that President Obama's intelligence community expressed in its assessment of Russian culpability. If the CIA had this capability to plant false leads in the data, so too would other actors, both government and private, to cover their own tracks.
Another problem with the U.S. intelligence community's assessment is that the forensics were left to private contractors working for the Democrats, not conducted independently by U.S. government experts.
That gap in the evidentiary trail widens when one notes that CrowdStrike, the Democratic Party's consultant, offered contradictory commentary about the skills of the hackers.
CrowdStrike praised the hackers' tradecraft as "superb, operational security second to none" and added: "we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and 'access management' tradecraft -- both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected."
In other words, CrowdStrike cited the sophistication of the tradecraft as proof of a state-sponsored cyber-attack, yet it was the sloppiness of the tradecraft that supposedly revealed the Russian links, i.e., the old malware connections, the Cyrillic letters and the Dzerzhinsky reference.