Wikileaks—an organization that once was committed to exposing government malfeasance, but now solely focuses on Western government malfeasance—leaked a trove of documents yesterday that someone took from the CIA.
Wikileaks has a somewhat religious following amongst the conspiratorial and anti-Western minded, as Glenn Greenwald—who would doubt whether the sky is blue if that information came to him via Western intelligence—demonstrated when he tweeted the false equivalence to end all false equivalences yesterday.
Wikileaks released newsworthy data, and forced journalistic outlets to report on the news that came from it. To suggest that they are equals is either willful misdirection or pure insanity, and this tactic has been at the heart of Russian intelligence operations for a century. I have written extensively about Russia and their influence at Paste, and I have copied and pasted the following passage from my column on Edward Snowden into every single article about Wikileaks, and will continue to do so until those documents they promised on powerful Russians come out or we all accept the blatantly obvious as truth.
Towards the end of , Wikileaks threatened that they would release documents on powerful individuals in Russia, and according to their spokesperson, Kristinn Hrafnsson “Russian readers will learn a lot about their country.” An official from the FSB responded “It's essential to remember that given the will and the relevant orders, [WikiLeaks] can be made inaccessible forever.”
The documents never came out. Two years later, Julian Assange had his own show on Russia Today, the Kremlin's West-facing propaganda outlet. Wikileaks even sent a delegation to meet Bashar al-Assad, a President only two major countries support (Russia and Iran). While stuck in in the Ecuadorian embassy in London, Assange stated in a press release that he requested Russian security.
Hacking the CIA is a massive news story, and in a rush to get this explosive feature up, organizations like The New York Times simply printed Wikileaks' assertions, and inserted qualifiers like “if confirmed.” This is not journalism, it's lazily retweeting whatever data flies in to your inbox. The Times wouldn't simply print an e-mail from a PR rep hawking a product, so why would they publish Wikileaks' assertions without a full technical understanding behind what they are alleging?
The Wall Street Journal printed almost the exact same sentence, writing:
Wikileaks said the documents show the CIA's ability to bypass the encryption of popular messenger applications, including WhatsApp, Signal, Telegram and Confide by hacking the smartphones they run on and collecting audio and message traffic before the applications encrypt the user's texts.
That sentence no longer appears in the post and there is no mention of a correction anywhere, aside from the time of the article being updated to 9:12 pm EST on March 7th, but this blog post by Steven Bellovin at Columbia published around 3 pm EST yesterday saved a screenshot.
Kudos to The Washington Post, who actually consulted with experts before rushing their story up, as they wrote:
In its news release, Wikileaks said the files enable the agency to bypass popular encryption-enabled applications—including WhatsApp, Signal and Telegram—used by millions of people to safeguard their communications. But experts said that rather than defeating the encryption of those applications, the CIA's methods rely on exploiting vulnerabilities in the devices on which they are installed, a method referred to as “hacking the endpoint.”
This confusion didn't stop at major journalistic institutions, as some NGO's took their cues from outlets like the Times, WSJ and in this case Mashable, and ran with the almost certain misdirection contained in Wikileaks' press release.
A lot of the hysteria surrounded this portion from Wikileaks' release, alleging that the CIA is able to bypass encrypted messaging apps. Note how similar it is to what we saw in the papers above.
These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.
Open Whisper Systems—the makers of Signal—dove into the data that Wikileaks dumped, and clarified what was obvious for anyone who investigated past the press release.
The founder of Telegram came to the same conclusion.
Tarah Wheeler, website security czar at Symantec, wrote a post on Medium cutting through the hysteria, addressing the issue surrounding these encrypted apps.
Though it was phrased poorly, it was accurate: these techniques bypass encryption by gaining access through other methods and listening in, but they do it before the applications encrypt and transmit information. This is rather like hiding behind the couch and listening in on someone having a speakerphone conversation over a secured line. You're hearing the information before it's ever encrypted and sent, so the voices are entirely in the open. Even worse, if you're able to see over someone's shoulder to a 2-way text conversation on their phone or laptop, it doesn't matter if the information was encrypted in transit if you're already seeing everything that happens on the device.
This is where we have evidence that Wikileaks is trying to confuse us in their press release, as they do not provide proof of their assertion in the documents. Why specifically name encrypted messaging apps if none of the documents pertain to them? It's difficult to see this as completely unrelated to the expansive reports of government leakers using these apps to communicate Donald Trump's acceleratingly obvious Russian ties to the press. Their phrasing seemingly is meant to convey a method to break encryption to the technically illiterate—when really what the CIA does is install malware on your phone, so whether you encrypt a message doesn't matter, as your data has already been compromised.
Had they provided proof that the CIA found a way to break encryption in these apps, it would be one of the biggest technological breakthroughs of all time, yet every expert in the field has met this claim with a yawn. Outlets like the Times portrayed this as yet another mass-surveillance tool, when the data shows that these exploits are more about targeted operations. The New York Times issued a clarification today, but the damage had already been done in the name of speed over accuracy.
Wikileaks' press release was designed to further the narrative of mass-surveillance, which clearly is legitimate, but like the bogus stories of the NSA's PRISM program before, the speed of “reporting” removed nuance from the debate—which is Wikileaks' overall objective. They want to gin up hysteria so that we think we are at war with our intelligence services. The goal of Russian meddling is and always has been to sow distrust between Americans and the institutions that guide us, and it's working.
Look, spy agencies spy. That's not a new revelation, and it's hopelessly naive to suggest that it is always nefarious. Some of the stuff that came out of the Snowden leak was downright horrifying, like Verizon shipping “all” our call data to the NSA. One glance at the tools of the most powerful spy agencies on the planet demonstrates that the potential for abuse is nearly infinite; however, there has not been a proven scandal that has matched the gigantic level of this possibility. The Grugq, a world-renowned OpSec and tradecraft expert, put it bluntly.
2FA = two factor authentication, which is the most simplistic and effective method to keep your information safe. Enable it everywhere so that when you sign in, a code gets transmitted to you either via text or e-mail that you can input to affirm that it is truly you trying to log in. Nicholas Weaver of the International Computer Science Institute perfectly summarized this entire issue surrounding Wikileaks' release.
The obsession with being first over being accurate is a plague upon all media, and it is a godsend for institutions like Wikileaks who aim to sow distrust in the fog of war. A bunch of newspapers saw a big news story, and rushed articles up that were largely based on a press release from an intermediary used by the Kremlin to discredit Western governments. Irresponsible doesn’t even begin to describe the actions of outlets printing headlines based on clear propaganda. Glenn Greenwald was completely off-base comparing The New York Times to Wikileaks as far as their intentions are concerned, but he does have a point when it comes to the end-result. If the mainstream media doesn’t seriously begin to prioritize accuracy over speed, then the line between journalistic outlets and propaganda will continue to get blurrier.
Jacob Weindling is Paste’s business and media editor, as well as a staff writer for politics. Follow him on Twitter at @Jakeweindling.