The fallout from WikiLeaks’ data dump continues. Over at Langley, the CIA is scrambling to control the repercussions from the mass leak, which reveals some, if not all, of its hacking capabilities. And in Washington, D.C., press secretary Sean Spicer, who seems more harried as the weeks progress, is having to condemn WikiLeaks just months after his boss Donald Trump declared his love for the organization and its leak of John Podesta’s emails.
The CIA’s panic is understandable. Its motto might be “And ye shall know the truth and the truth shall make you free,” but the agency has long made it clear that the truth is for its eyes and ears only. Now, WikiLeaks is claiming that it has details of the CIA’s entire hacking arsenal, which it plans to release in a series of potentially explosive revelations.
So, how damaging is this?
Well, it kind of depends. Certainly, it’s not as bad as it could be. Unusually for WikiLeaks, they’ve decided to redact part of the “Vault 7” data, including information on how they hacked mobile phones (including Apple and Android devices), computers and smart televisions. Without access to the codes the CIA used to commit its espionage, foreign governments and would-be hackers will have to work out their own ways to mimic the agency’s activities.
The New York Times also pointed out that none of the leaked documents carried a classification higher than “secret/noforn,” which is relatively low. Furthermore, while the leaks might have come as a surprise, concerns about the security of devices such as smart televisions have been floating around for the past few years. Some of the vulnerabilities the CIA identified have also been patched up, rendering WikiLeaks’ big reveal slightly less revealing.
Read more: Who Was Behind the CIA Vault 7 WikiLeaks Dump?
But, it is still bad news for the notoriously secretive CIA. Even if outsiders don’t know how the agency listens and observes them, they do know through what mediums this is happening. Thanks to WikiLeaks, CIA targets know that hackers were able to see messages sent on encrypted apps such as Whatsapp before they were encrypted. Though the CIA hasn’t managed to infiltrate the app itself, it seems likely that anyone with secrets to hide might just quit using it.
Even if CIA targets don’t alter their communication habits, the agency might now find its attempts to monitor them frustrated. Apple said it has already addressed some of the vulnerabilities WikiLeaks revealed and is working on others. Samsung and Microsoft have said they are similarly looking into patching up weaknesses in their software.
The agency is also likely to come under heavy criticism for the leak. The first response could be from government officials, questioning how it happened and why details of the agency’s hacking seemed to be known among many of its employees.
The second will be whether the CIA has exploited the Obama administration’s Vulnerabilities Equities Process, which allows the agency to retain some zero-day vulnerabilities (weaknesses in a vendor’s software that they’re unaware of). Data privacy groups are already questioning whether the CIA could really justify staying quiet about so many vulnerabilities. In an email to Newsweek, Sherif Elsayed Ali, head of technology and human rights at Amnesty International, wrote: “Some of the most shocking aspects of the leaks are indications that the CIA has known—but kept quiet—about serious security vulnerabilities in smartphones and consumer electronics used by hundreds of millions of people the world over.”
WikiLeaks founder Julian Assange makes a speech from the balcony of the Ecuadorian Embassy, London, February 5, 2016. Judging by a recent WikiLeaks press statement, Assange is hoping the Vault 7 dump will eclipse Edward Snowden's NSA revelations. Peter Nicholls/Reuters
Despite the sheer scale of Tuesday’s leak, it is still unclear how impactful it will be. In its statement about the dump, WikiLeaks boasted that: “The quantity of published pages in ‘Vault 7’ part one already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.”
But, as any first-grader can tell you, quantity doesn’t equal quality. For the average American citizen, Snowden’s leaks, which revealed the NSA’s ability to conduct mass surveillance, will supercede WikiLeaks’ latest revelations. Though the dump shows the CIA can hack individual devices, it makes no mention of widespread surveillance. Put more simply, unless you think you’re a CIA target, a Langley hacker probably isn’t reading your Whatsapp messages.
A note of caution though. WikiLeaks has not yet released the entirety of its data, and more surprises are bound to unfold. This is also an organization, that however damaged its reputation, skilfully managed both the John Podesta and Chelsea Manning leaks for maximum media impact. So keep an eye on Vault 7, it’s not over yet.
Additional reporting by Anthony Cuthbertson