What do I need to know about the CIA's hacking programme?

By the end of last year, the CIA hacking programme had 5,000 registered users, including government employees and contractors.
By the end of last year, the CIA hacking programme had 5,000 registered users, including government employees and contractors.PHOTO: REUTERS

Q Are the documents published by WikiLeaks authentic?

A It appears at least some are real. While the Central Intelligence Agency (CIA) has declined to comment, independent cyber security experts and former intelligence agency employees who have looked through them say that they appear to be authentic, citing code words used to describe CIA hacking programs.

Q What is the CIA programme?

A By the end of last year, the CIA programme had 5,000 registered users, including government employees and contractors, and they had produced more than a thousand hacking systems. The agency's arsenal, the documents indicate, included an array of malware - ranging from viruses to clandestine "zero day" vulnerabilities in the software of major companies.

Q What kind of hacking tools was the CIA using?

A In the case of a tool called "Weeping Angel" for attacking Samsung smart TVs, WikiLeaks wrote: "After infestation, Weeping Angel places the target TV in a 'fake-off' mode so that the owner falsely believes the TV is off when it is on. In 'fake-off' mode, the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server."

Another program called Wrecking Crew explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer.

According to the documents, the CIA was also exploring technology to penetrate the vehicle control systems of cars. The documents do not detail the goal of the vehicle hacking program but WikiLeaks speculated that it would "permit the CIA to engage in nearly undetectable assassinations".

Other programs were called CrunchyLimeSkies, ElderPiggy, AngerQuake and McNugget.

Q How vulnerable is my smartphone?

A The software targeted by the hacking programme included the most popular smartphone operating systems: Apple's iPhone and Google's Android. The CIA hacking initiative had a "mobile devices branch" which developed an array of attacks on popular smartphones to infect and extract data, including a user's location, audio and text messages, and to covertly activate a phone's camera and microphone.

Q Did the CIA directly target encryption software?

A The CIA focused on smartphone operating systems in large part to intercept messages before they could be encrypted, according to the WikiLeaks documents. So by targeting the phone's underlying software, the CIA was looking to bypass the encryption of WhatsApp, Signal, Telegram, Weibo and other smartphone communications apps.

NYTIMES, REUTERS

A version of this article appeared in the print edition of The Straits Times on March 09, 2017, with the headline 'What do I need to know about the CIA's hacking programme?'. Print Edition | Subscribe