[Marxism] The Truth About the WikiLeaks C.I.A. Cache

Louis Proyect lnp3 at panix.com
Fri Mar 10 05:46:41 MST 2017

(Co-moderator of mailing list that spawned Marxmail debunks Julian Assange.)

NY Times Op-Ed, Mar. 10 2017
The Truth About the WikiLeaks C.I.A. Cache
by Zeynep Tufekci

On Tuesday morning, WikiLeaks released an enormous cache of documents 
that it claimed detailed “C.I.A. hacking tools.” Immediately afterward, 
it posted two startling tweets asserting that “C.I.A. hacker malware” 
posed a threat to journalists and others who require secure 
communication by infecting iPhone and Android devices and “bypassing” 
encrypted message apps such as Signal and WhatsApp.

This appeared to be a bombshell. Signal is considered the gold standard 
for secure communication. WhatsApp has a billion users. The C.I.A., it 
seemed, had the capacity to conduct sweeping surveillance on what we had 
previously assumed were our safest and most private digital conversations.

In their haste to post articles about the release, almost all the 
leading news organizations took the WikiLeaks tweets at face value. 
Their initial accounts mentioned Signal, WhatsApp and other encrypted 
apps by name, and described them as “bypassed” or otherwise compromised 
by the C.I.A.’s cyberspying tools.

Yet on closer inspection, this turned out to be misleading. Neither 
Signal nor WhatsApp, for example, appears by name in any of the alleged 
C.I.A. files in the cache. (Using automated tools to search the whole 
database, as security researchers subsequently did, turned up no hits.) 
More important, the hacking methods described in the documents do not, 
in fact, include the ability to bypass such encrypted apps — at least 
not in the sense of “bypass” that had seemed so alarming. Indeed, if 
anything, the C.I.A. documents in the cache confirm the strength of 
encryption technologies.

What had gone wrong? There were two culprits: an honest (if careless) 
misunderstanding about technology on the part of the press; and yet 
another shrewd misinformation campaign orchestrated by WikiLeaks.

Let’s start with the technology. In the aftermath of Edward J. Snowden’s 
revelations about potential mass surveillance, there has been a sharp 
increase in the use of these “end to end” encryption apps, which render 
even the company that owns the app or phone essentially unable to read 
or hear the communications between the two “end” users.

Given that entities like Signal and WhatsApp cannot get access to the 
content of these conversations, even in response to a warrant — WhatsApp 
keeps logs of who talked to whom, Signal doesn’t do even that — 
intelligence agencies have been looking to develop techniques for 
hacking into individual phones. That way, they could see the encrypted 
communications just as individual users of the apps would.

These techniques are what the leaked cache revealed. Security experts I 
spoke with, however, stressed that these techniques appear to be mostly 
known methods — some of them learned from academic and other open 
conferences — and that there were no big surprises or unexpected wizardry.

In other words, the cache reminds us that if your phone is hacked, the 
Signal or WhatsApp messages on it are not secure. This should not come 
as a surprise. If an intelligence agency, or a nosy sibling, can get you 
to install, say, a “key logger” on your phone, either one can bypass the 
encrypted communication app. But so can someone looking over your 
shoulder while you use your phone. That is about the vulnerability of 
your device. It has nothing to do with the security of the apps.

If anything in the WikiLeaks revelations is a bombshell, it is just how 
strong these encrypted apps appear to be. Since it doesn’t have a means 
of easy mass surveillance of such apps, the C.I.A. seems to have had to 
turn its attention to the harder and often high-risk task of breaking 
into individual devices one by one.

Which brings us to WikiLeaks’ misinformation campaign. An accurate tweet 
accompanying the cache would have said something like, “If the C.I.A. 
goes after your specific phone and hacks it, the agency can look at its 
content.” But that, of course, wouldn’t have caused alarm and defeatism 
about the prospects of secure conversations.

We’ve seen WikiLeaks do this before. Last July, right after the 
attempted coup in Turkey, WikiLeaks promised, with much fanfare, to 
release emails belonging to Turkey’s ruling Justice and Development 
Party. What WikiLeaks ultimately released, however, was nothing but 
mundane mailing lists of tens of thousands of ordinary people who 
discussed politics online. Back then, too, the ruse worked: Many Western 
journalists had hyped these non-leaks.

WikiLeaks seems to have a playbook for its disinformation campaigns. The 
first step is to dump many documents at once — rather than allowing 
journalists to scrutinize them and absorb their significance before 
publication. The second step is to sensationalize the material with 
misleading news releases and tweets. The third step is to sit back and 
watch as the news media unwittingly promotes the WikiLeaks agenda under 
the auspices of independent reporting.

The media, to its credit, eventually sorts things out — as it has 
belatedly started to do with the supposed C.I.A. cache. But by then, the 
initial burst of misinformation has spread. On social media in 
particular, the spin and distortion continues unabated. This time 
around, for example, there are widespread claims on social media that 
these leaked documents show that it was the C.I.A. that hacked the 
Democratic National Committee, and that it framed Russia for the hack. 
(The documents in the cache reveal nothing of the sort.)

As with most misinformation campaigns, the dust that is kicked up 
obscures concerns over a real issue. Device and information insecurity, 
overzealous surveillance by governments — these are real concerns that 
call for real attention. Yes, we need to have extensive and thoughtful 
discussion of these topics. But that’s not what the WikiLeaks 
misinformation campaign has given us.

Zeynep Tufekci, an associate professor at the School of Information and 
Library Science at the University of North Carolina, is the author of 
the forthcoming “Twitter and Tear Gas: The Power and Fragility of 
Networked Protest” and a contributing opinion writer.

More information about the Marxism mailing list