Tag Archives: CIA

North Korea accuses CIA of ‘bio-chemical’ plot against leadership

North Korean leader Kim Jong Un waves to people attending a military parade marking the 105th birth anniversary of country's founding father, Kim Il Sung in Pyongyang. REUTERS/Damir Sagolj

SEOUL (Reuters) – North Korea on Friday accused the U.S. Central Intelligence Agency and South Korea’s intelligence service of a plot to attack its “supreme leadership” with a bio-chemical weapon and said such a “pipe-dream” could never succeed.

Tension on the Korean peninsula has been high for weeks, driven by concern that North Korea might conduct its sixth nuclear test or test-launch another ballistic missile in defiance of U.N. Security Council resolutions.

Reclusive North Korea warned this week that U.S. hostility had brought the region to the brink of nuclear war.

The North’s Ministry of State Security released a statement saying “the last-ditch effort” of U.S. “imperialists” and the South had gone “beyond the limits”.

“The Central Intelligence Agency of the U.S. and the Intelligence Service (IS) of south Korea, hotbed of evils in the world, hatched a vicious plot to hurt the supreme leadership of the DPRK and those acts have been put into the extremely serious phase of implementation after crossing the threshold of the DPRK,” the North’s KCNA news agency quoted the statement as saying, referring to the North by its official name, the Democratic People’s Republic of Korea.

“A hideous terrorists’ group, which the CIA and the IS infiltrated into the DPRK on the basis of covert and meticulous preparations to commit state-sponsored terrorism against the supreme leadership of the DPRK by use of bio-chemical substance, has been recently detected.”

The U.S. Embassy in Seoul and South Korea’s National Intelligence Service were not immediately available for comment. The U.S. military has said CIA director Mike Pompeo visited South Korea this week and met the NIS chief for discussions.

KCNA said the two intelligence services “ideologically corrupted” and bribed a North Korean surnamed Kim and turned him into “a terrorist full of repugnance and revenge against the supreme leadership of the DPRK”.

“They hatched a plot of letting human scum Kim commit bomb terrorism targeting the supreme leadership during events at the Kumsusan Palace of the Sun and at military parade and public procession after his return home,” KCNA said.

“They told him that assassination by use of biochemical substances including radioactive substance and nano poisonous substance is the best method that does not require access to the target, their lethal results will appear after six or twelve months…

“Then they handed him over $20,000 on two occasions and a satellite transmitter-receiver and let him get versed in it.”

North Korea conducted an annual military parade, featuring a display of missiles and overseen by top leader Kim Jong Un and his right-hand men on April 15 and then a large, live-fire artillery drill 10 days later.

KCNA, which often carries shrill, bellicose threats against the United States, gave lengthy details about the alleged plot but said it could never be accomplished.

“Criminals going hell-bent to realize such a pipe dream cannot survive on this land even a moment,” it said.

U.S. Secretary of State Rex Tillerson said on Wednesday that Washington was working on more sanctions against North Korea if it takes steps that merit a new response. He also warned other countries their firms could face so-called secondary sanctions for doing illicit business with Pyongyang.

Tillerson said the Trump administration had been “leaning hard into China … to test their willingness to use their influence, their engagement with the regime”.

Two women accused of killing the estranged half-brother of North Korean leader Kim with a chemical weapon appeared in court in Malaysia last month.

They allegedly smeared the man’s face with the toxic VX nerve agent, a chemical described by the United Nations as a weapon of mass destruction, at Kuala Lumpur airport on Feb. 13.

(Writing by Nick Macfie; Editing by Robert Birsel)

North Korea says U.S. bomber flights push peninsula to brink of nuclear war

Kim Jong Un stands on the conning tower of a submarine during his inspection of the Korean People's Army Naval Unit 167 in this undated photo released June 16, 2014. REUTERS/KCNA

By Ju-min Park and Ben Blanchard

SEOUL/BEIJING (Reuters) – North Korea accused the United States on Tuesday of pushing the Korean peninsula to the brink of nuclear war after a pair of strategic U.S. bombers flew training drills with the South Korean and Japanese air forces in another show of strength.

The two supersonic B-1B Lancer bombers were deployed amid rising tensions over North Korea’s pursuit of its nuclear and missile programmes in defiance of U.N. sanctions and pressure from the United States.

The flight of the two bombers on Monday came as U.S. President Donald Trump said he would be “honoured” to meet North Korean leader Kim Jong Un in the right circumstances, and as his CIA director landed in South Korea for talks.

South Korean Defence Ministry spokesman Moon Sang-gyun told a briefing in Seoul that Monday’s joint drill was conducted to deter provocations by the North.

North Korea said the bombers conducted “a nuclear bomb dropping drill against major objects” in its territory at a time when Trump and “other U.S. warmongers are crying out for making a preemptive nuclear strike” on the North.

“The reckless military provocation is pushing the situation on the Korean peninsula closer to the brink of nuclear war,” the North’s official KCNA news agency said on Tuesday.

Tensions on the Korean peninsula have been high for weeks, driven by concerns that the North might conduct its sixth nuclear test in defiance of pressure from the United States and Pyongyang’s sole major ally, China.

The U.S. military’s THAAD anti-missile defence system has reached initial operational capacity in South Korea, U.S. officials told Reuters, although they cautioned that it would not be fully operational for some months.

China has repeatedly expressed its opposition to the system, whose powerful radar it fears could reach inside Chinese territory. Foreign Ministry spokesman Geng Shuang again denounced THAAD on Tuesday.

“We will resolutely take necessary measures to defend our interests,” Geng said, without elaborating.

Asked about Trump’s suggestion he could meet Kim, Geng said China had noted U.S. comments that it wanted to use peaceful means to resolve the issue. Trump has been recently been full of praise of Chinese President Xi Jinping’s efforts to rein in its neighbour.

“China has always believed that using peaceful means via dialogue and consultation to resolve the peninsula’s nuclear issue is the only realistic, feasible means to achieve denuclearization of the peninsula and maintain peace and stability there, and is the only correct choice,” Geng told a daily news briefing.

It was widely feared North Korea could conduct its sixth nuclear test on or around April 15 to celebrate the anniversary of the birth of the North’s founding leader, Kim Il Sung, or on April 25 to coincide with the 85th anniversary of the foundation of its Korean People’s Army.

The North has conducted such tests or missile launches to mark significant events in the past.

Instead, North Korea conducted an annual military parade, featuring a display of missiles on April 15 and then a large, live-fire artillery drill 10 days later.

“VIGILANCE, READINESS”

Acting South Korean president Hwang Kyo-ahn called for stronger vigilance because of continuing provocation by North Korea and for countries such as China to increase pressure on the North.

The U.S. military said Mike Pompeo, director of the Central Intelligence Agency, visited South Korea and conducted detailed security discussions with his South Korean counterpart Lee Byung-ho and also visited Yeonpyeong island, which was bombed by North Korea in 2010.

Trump drew criticism in Washington on Monday when he said he would be “honoured” to meet North Korea’s young leader.

“If it would be appropriate for me to meet with him, I would absolutely, I would be honoured to do it,” Trump told Bloomberg News.

Trump did not say what conditions would be needed for such a meeting to occur or when it could happen.

“Clearly conditions are not there right now,” White House spokesman Sean Spicer said.

Trump warned in an interview with Reuters on Thursday that a “major, major conflict” with North Korea was possible, while China said last week the situation on the Korean peninsula could escalate or slip out of control.

In a show of force, the United States has already sent an aircraft carrier strike group, led by the USS Carl Vinson, to waters off the Korean peninsula to conduct drills with South Korea and Japan.

North Korea test-launched a missile on Saturday that appeared to have failed within minutes, its fourth successive failed launch since March. It has conducted two nuclear tests and a series of missile-related activities at an unprecedented pace since the beginning of last year.

The North is technically still at war with the South after their 1950-53 conflict ended in a truce, not a treaty, and regularly threatens to destroy the United States, Japan and South Korea.

(Writing by Jack Kim; Editing by Paul Tait and Nick Macfie)

CIA chief calls WikiLeaks a ‘hostile intelligence service’

Central Intelligence Agency Director Mike Pompeo speaks at The Center for Strategic and International Studies in Washington, U.S. April 13, 2017. REUTERS/Eric Thayer

By Warren Strobel and Mark Hosenball

WASHINGTON (Reuters) – CIA Director Mike Pompeo on Thursday called WikiLeaks a “hostile intelligence service,” using his first public speech as spy agency chief to denounce leakers who have plagued U.S. intelligence.

Pompeo, in an address at the Center for Strategic and International Studies think tank, called WikiLeaks founder Julian Assange “a fraud” and “a coward.”

“It is time to call out WikiLeaks for what it really is, a non-state hostile intelligence service often abetted by state actors like Russia,” Pompeo said.

He said Russia’s GRU military intelligence service used Wikileaks to distribute material hacked from Democratic National Committee computers during the 2016 U.S. presidential election.

U.S. intelligence agencies have concluded that Russia stole the emails and took other actions to tilt the election in favor of eventual winner Donald Trump, a Republican, against Democratic candidate Hillary Clinton.

Pompeo and President Donald Trump, who chose him to head the CIA, have not always been so critical of WikiLeaks. During a campaign rally last October, Trump praised the group for releasing hacked emails from the DNC by saying, “I love WikiLeaks.”

In July, Pompeo, than a Republican member of the House of Representatives, mentioned it in a Twitter post referring to claims that the DNC had slanted the candidate-selection process to favor Clinton. “Need further proof that the fix was in from Pres. Obama on down? BUSTED: 19,252 Emails from DNC Leaked by Wikileaks.”

WikiLeaks has published secret documents from the U.S. government and others and says its mission is to fight government secrecy and promote transparency. Pompeo said it has “encouraged its followers to find jobs at CIA in order to obtain intelligence.”

Assange has been holed up in the Ecuadorean Embassy in London since 2012, after taking refuge there to avoid extradition to Sweden over allegations of rape, which he denies.

Two of Assange’s lawyers and a Wikileaks spokesman did not immediately respond to requests for comment on Pompeo’s remarks.

Pompeo’s speech on Thursday follows a series of damaging leaks of highly sensitive CIA and National Security Agency material.

In March, WikiLeaks published thousands of pages of internal CIA discussions that revealed hacking techniques the agency had used against iPhones, Android devices and other targets.

Pompeo also had harsh words for Edward Snowden, the former National Security Administration contractor who downloaded thousands of documents revealing some of the electronic eavesdropping agency’s most sensitive programs and shared them with journalists.

“More than a thousand foreign targets, people, groups, organizations, more than a thousand of them changed or tried to change how they communicated as a result of the Snowden disclosures,” Pompeo said. “That number is staggering.”

U.S. intelligence agencies have struggled to deal with “insider threats” – their own employees or contractors who steal classified materials and, in some cases, publicize them.

In response to a question, Pompeo disputed Russia’s account of a chemical weapons attack in Syria that prompted retaliatory cruise missile strikes by Trump last week.

Moscow has said that Syrian rebels, rather than the Syrian government, were responsible.

“None of the (accounts) have an ounce of truth in them,” Pompeo said, calling Russian President Vladimir Putin “a man for whom veracity doesn’t translate into English.”

(Additional reporting by Eric Walsh; Editing by Eric Beech and Bill Trott)

Symantec attributes 40 cyber attacks to CIA-linked hacking tools

An analyst looks at code in the malware lab of a cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho

By Joseph Menn

SAN FRANCISCO (Reuters) – Past cyber attacks on scores of organizations around the world were conducted with top-secret hacking tools that were exposed recently by the Web publisher Wikileaks, the security researcher Symantec Corp said on Monday.

That means the attacks were likely conducted by the U.S. Central Intelligence Agency. The files posted by WikiLeaks appear to show internal CIA discussions of various tools for hacking into phones, computers and other electronic gear, along with programming code for some of them, and multiple people familiar with the matter have told Reuters that the documents came from the CIA or its contractors.

Symantec said it had connected at least 40 attacks in 16 countries to the tools obtained by WikiLeaks, though it followed company policy by not formally blaming the CIA.

The CIA has not confirmed the Wikileaks documents are genuine. But agency spokeswoman Heather Fritz Horniak said that any WikiLeaks disclosures aimed at damaging the intelligence community “not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm.

“It is important to note that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so,” Horniak said.

She declined to comment on the specifics of Symantec’s research.

The CIA tools described by Wikileaks do not involve mass surveillance, and all of the targets were government entities or had legitimate national security value for other reasons, Symantec researcher Eric Chien said ahead of Monday’s publication.

In part because some of the targets are U.S. allies in Europe, “there are organizations in there that people would be surprised were targets,” Chien said.

Symantec said sectors targeted by operations employing the tools included financial, telecommunications, energy, aerospace, information technology, education, and natural resources.

Besides Europe, countries were hit in the Middle East, Asia, and Africa. One computer was infected in the United States in what was likely an accident – the infection was removed within hours. All the programs were used to open back doors, collect and remove copies of files, rather than to destroy anything.

The eavesdropping tools were created at least as far back as 2011 and possibly as long ago as 2007, Chien said. He said the WikiLeaks documents are so complete that they likely encompass the CIA’s entire hacking toolkit, including many taking advantage of previously unknown flaws.

The CIA is best-known for its human intelligence sources and analysis, not vast electronic operations. For that reason, being forced to build new tools is a setback but not a catastrophe.

It could lead to awkward conversations, however, as more allies realize the Americans were spying and confront them.

Separately, a group calling itself the Shadow Brokers on Saturday released another batch of pilfered National Security Agency hacking tools, along with a blog post criticizing President Donald Trump for attacking Syria and moving away from his conservative political base.

It is unclear who is behind the Shadow Brokers or how the group obtained the files.

(Additional reporting by Jonathan Weber and Anna Driver; Editing by Matthew Lewis and Mary Milliken)

A scramble at Cisco exposes uncomfortable truths about U.S. cyber defense

The logo of Cisco is seen at Mobile World Congress in Barcelona, Spain, February 27, 2017. REUTERS/Eric Gaillard

By Joseph Menn

SAN FRANCISCO (Reuters) – When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems <CSCO.O> swung into action.

The Wikileaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco’s widely used Internet switches, which direct electronic traffic, to enable eavesdropping.

Senior Cisco managers immediately reassigned staff from other projects to figure out how the CIA hacking tricks worked, so they could help customers patch their systems and prevent criminal hackers or spies from using the same methods, three employees told Reuters on condition of anonymity.

The Cisco engineers worked around the clock for days to analyze the means of attack, create fixes, and craft a stopgap warning about a security risk affecting more than 300 different products, said the employees, who had direct knowledge of the effort.

That a major U.S. company had to rely on WikiLeaks to learn about security problems well-known to U.S. intelligence agencies underscores concerns expressed by dozens of current and former U.S. intelligence and security officials about the government’s approach to cybersecurity.

That policy overwhelmingly emphasizes offensive cyber-security capabilities over defensive measures, these people told Reuters, even as an increasing number of U.S. organizations have been hit by hacks attributed to foreign governments.

Larry Pfeiffer, a former senior director of the White House Situation Room in the Obama administration, said now that others were catching up to the United States in their cyber capabilities, “maybe it is time to take a pause and fully consider the ramifications of what we’re doing.”

U.S. intelligence agencies blamed Russia for the hack of the Democratic National Committee during the 2016 election. Nation-states are also believed to be behind the 2014 hack of Sony Pictures Entertainment and the 2015 breach of the U.S. Government’s Office of Personnel Management.

CIA spokeswoman Heather Fritz Horniak declined to comment on the Cisco case, but said it was the agency’s “job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad.”

The Office of the Director of National Intelligence, which oversees the CIA and NSA, referred questions to the White House, which declined to comment.

Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters.

President Donald Trump’s budget proposal would put about $1.5 billion into cyber-security defense at the Department of Homeland Security (DHS). Private industry and the military also spend money to protect themselves.

But the secret part of the U.S. intelligence budget alone totaled about $50 billion annually as of 2013, documents leaked by NSA contractor Edward Snowden show. Just 8 percent of that figure went toward “enhanced cyber security,” while 72 percent was dedicated to collecting strategic intelligence and fighting violent extremism.

Departing NSA Deputy Director Rick Ledgett confirmed in an interview that 90 percent of government cyber spending was on offensive efforts and agreed it was lopsided.

“It’s actually something we’re trying to address” with more appropriations in the military budget, Ledgett said. “As the cyber threat rises, the need for more and better cyber defense and information assurance is increasing as well.”

The long-standing emphasis on offense stems in part from the mission of the NSA, which has the most advanced cyber capabilities of any U.S. agency.

It is responsible for the collection of intelligence overseas and also for helping defend government systems. It mainly aids U.S. companies indirectly, by assisting other agencies.

“I absolutely think we should be placing significantly more effort on the defense, particularly in light of where we are with exponential growth in threats and capabilities and intentions,” said Debora Plunkett, who headed the NSA’s defensive mission from 2010 to 2014.

GOVERNMENT ROLE

How big a role the government should play in defending the private sector remains a matter of debate.

Former military and intelligence leaders such as ex-NSA Director Keith Alexander and former Secretary of Defense Ashton Carter say that U.S. companies and other institutions cannot be solely responsible for defending themselves against the likes of Russia, China, North Korea and Iran.

For tech companies, the government’s approach is frustrating, executives and engineers say.

Sophisticated hacking campaigns typically rely on flaws in computer products. When the NSA or CIA find such flaws, under current policies they often choose to keep them for offensive attacks, rather than tell the companies.

In the case of Cisco, the company said the CIA did not inform the company after the agency learned late last year that information about the hacking tools had been leaked.

“Cisco remains steadfast in the position that we should be notified of all vulnerabilities if they are found, so we can fix them and notify customers,” said company spokeswoman Yvonne Malmgren.

SIDE BY SIDE

A recent reorganization at the NSA, known as NSA21, eliminated the branch that was explicitly responsible for defense, the Information Assurance Directorate (IAD), the largest cyber-defense workforce in the government. Its mission has now been combined with the dominant force in the agency, signals intelligence, in a broad operations division.

Top NSA officials, including director Mike Rogers, argue that it is better to have offensive and defensive specialists working side by side. Other NSA and White House veterans contend that perfect defense is impossible and therefore more resources should be poured into penetrating enemy networks – both to head off attacks and to determine their origin.

Curtis Dukes, the last head of IAD, said in an interview after retiring last month that he feared defense would get even less attention in a structure where it does not have a leader with a direct line to the NSA director.

“It’s incumbent on the NSA to say, ‘This is an important mission’,” Dukes said. “That has not occurred.”

(Reporting by Joseph Menn in San Francisco. Additional reporting by Warren Strobel in Washington.; Editing by Jonathan Weber and Ross Colvin)

WikiLeaks offers CIA hacking tools to tech companies: Assange

WikiLeaks founder Julian Assange makes a speech from the balcony of the Ecuadorian Embassy, in central London, Britain February 5, 2016. REUTERS/Peter Nicholls/Files

By Dustin Volz and Eric Auchard

WASHINGTON/FRANKFURT (Reuters) – WikiLeaks will provide technology companies with exclusive access to CIA hacking tools that it possesses, to allow them to patch software flaws, founder Julian Assange said on Thursday.

The offer, if legitimate, could put Silicon Valley in the unusual position of deciding whether to cooperate with Assange, a man believed by some U.S. officials and lawmakers to be an untrustworthy pawn of Russian President Vladimir Putin, or a secretive U.S. spy agency.

It was not clear how WikiLeaks intended to cooperate with technology companies, or if they would accept his offer. The anti-secrecy group published documents on Tuesday describing secret Central Intelligence Agency hacking tools and snippets of computer code. It did not publish the full programs that would be needed to actually conduct cyber exploits against phones, computers and Internet-connected televisions.

Representatives of Alphabet Inc’s Google Apple Inc, Microsoft Corp <MSFT.O> and Cisco Systems Inc <CSCO.O>, all of whose wares are subject to attacks described in the documents, did not immediately respond to requests for comment before regular business hours on the U.S. West Coast.

“Considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure,” Assange said during a press conference broadcast via Facebook Live.

Responding to Assange’s comments, CIA spokesman Jonathan Liu, said in a statement, “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity.”

“Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”

The disclosures alarmed the technology world and among consumers concerned about the potential privacy implications of the cyber espionage tactics that were described.

One file described a program known as Weeping Angel that purportedly could take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

Other documents described ways to hack into Apple Inc <AAPL.O> iPhones, devices running Google’s <GOOGL.O> Android software and other gadgets in a way that could observe communications before they are protected by end-to-end encryption offered by messaging apps like Signal or WhatsApp.

Several companies have already said they are confident that their recent security updates have already accounted for the purported flaws described in the CIA documents. Apple said in a statement on Tuesday that “many of the issues” leaked had already been patched in the latest version of its operating system.

WikiLeaks’ publication of the documents reignited a debate about whether U.S. intelligence agencies should hoard serious cyber security vulnerabilities rather than share them with the public. An interagency process created under former President Barack Obama called for erring on the side of disclosure.

President Donald Trump believed changes were needed to safeguard secrets at the CIA, White House spokesman Sean Spicer told a news briefing on Thursday. “He believes that the systems at the CIA are outdated and need to be updated.”

Two U.S. intelligence and law enforcement officials told Reuters on Wednesday that intelligence agencies have been aware since the end of last year of a breach at the CIA, which led to WikiLeaks releasing thousands of pages of information on its website.

The officials, speaking on condition of anonymity, said contractors likely breached security and handed over the documents to WikiLeaks. The CIA has declined to comment on the authenticity of the documents leaked, but the officials said they believed the pages about hacking techniques used between 2013 and 2016 were authentic.

Contractors have been revealed as the source of sensitive government information leaks in recent years, most notably Edward Snowden and Harold Thomas Martin, both employed by consulting firm Booz Allen Hamilton <BAH.N> while working for the National Security Agency.

Assange said he possessed “a lot more information” about the CIA’s cyber arsenal that would be released soon. He criticized the CIA for “devastating incompetence” for not being able to control access to such sensitive material.

Nigel Farage, the former leader of the populist UK Independence Party, visited Assange at the Ecuadorean embassy in London earlier on Thursday. A representative for Farage said he was unaware what was discussed.

Assange has been holed up since 2012 at the embassy, where he fled to avoid extradition to Sweden over allegations of rape, which he denies.

(Reporting by Dustin Volz; Additional reporting by Eric Auchard in Frankfurt, Joseph Menn in San Francisco and Guy Falconbridge in London; Editing by Frances Kerry and Grant McCool)

CIA contractors likely source of latest WikiLeaks release: U.S. officials

The lobby of the CIA Headquarters Building in Langley, Virginia, U.S. on August 14, 2008. REUTERS/Larry Downing/File Photo

By John Walcott and Mark Hosenball

WASHINGTON (Reuters) – Contractors likely breached security and handed over documents describing the Central Intelligence Agency’s use of hacking tools to anti-secrecy group WikiLeaks, U.S. intelligence and law enforcement officials told Reuters on Wednesday.

Two officials speaking on condition of anonymity said intelligence agencies have been aware since the end of last year of the breach, which led to WikiLeaks releasing thousands of pages of information on its website on Tuesday.

According to the documents, CIA hackers could get into Apple Inc <AAPL.O> iPhones, devices running Google’s Android software and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.

The White House said on Wednesday that President Donald Trump was “extremely concerned” about the CIA security breach that led to the WikiLeaks release.

“Anybody who leaks classified information will be held to the highest degree of law,” spokesman Sean Spicer said.

The two officials told Reuters they believed the published documents about CIA hacking techniques used between 2013 and 2016 were authentic.

One of the officials with knowledge of the investigation said companies that are contractors for the CIA have been checking to see which of their employees had access to the material that WikiLeaks published, and then going over their computer logs, emails and other communications for any evidence of who might be responsible.

On Tuesday in a press release, WikiLeaks itself said the CIA had “lost control” of an archive of hacking methods and it appeared to have been circulated “among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

The CIA, which is the United States’ civilian foreign intelligence service, declined to comment on the authenticity of purported intelligence documents.

The agency said in a statement that its mission was to collect foreign intelligence abroad “to protect America from terrorists, hostile nation states and other adversaries” and to be “innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad.”

The CIA is legally prohibited from surveillance inside the United States and “does not do so”, the statement added.

CONTRACTORS MUST BE ‘LOYAL TO AMERICA’

A U.S. government source familiar with the matter said it would be normal for the Federal Bureau of Investigation and the CIA both to open investigations into such leaks. U.S. officials previously have confirmed that prosecutors in Alexandria, Virginia for years have been conducting a federal grand jury investigation of WikiLeaks and its personnel.

A spokesman for the prosecutors declined to comment on the possibility of that probe being expanded. It is not clear if the investigation of the latest CIA leaks is part of the probe.

Contractors have been revealed as the source of sensitive government information leaks in recent years, most notably Edward Snowden and Harold Thomas Martin, both employed by consulting firm Booz Allen Hamilton <BAH.N> while working for the National Security Agency.

U.S. Senator Dianne Feinstein of California and a Democrat on the intelligence committee, said the government needed to stop the breaches.

“I think we really need to take a look at the contractor portion of the employee workforce, because you have to be loyal to America to work for an intelligence agency, otherwise don’t do it,” Feinstein said.

Both U.S. Senate and U.S. House of Representatives intelligence committees have either opened or are expected to open inquiries into the CIA breach, congressional officials said.

Some cyber security experts and technology companies have criticized the government for opting to exploit rather than disclose software vulnerabilities, though an interagency review process set up under former President Barack Obama was intended to err on the side of disclosure.

Those concerns would grow if U.S. authorities did not notify companies that CIA documents describing various hacking techniques had been compromised.

Apple, Alphabet Inc’s <GOOGL.O> Google, Cisco Systems Inc <CSCO.O> and Oracle Corp <ORCL.N> did not immediately respond when asked if they were notified of a CIA breach before WikiLeaks made its files public.

At Apple, none of the vulnerabilities described in the documents provoked a panic, though analysis was continuing, according to a person who spoke with engineers there.

Google’s director of information security and privacy, Heather Adkins, said in a statement: “As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android (operating systems) already shield users from many of these alleged vulnerabilities. Our analysis is ongoing and we will implement any further necessary protections.”

LARGER NUMBER OF CONTRACTORS

One reason the investigation is focused on a potential leak by contractors rather than for example a hack by Russian intelligence, another official said, is that so far there is no evidence that Russian intelligence agencies tried to exploit any of the leaked material before it was published.

One European official, speaking on condition of anonymity, said the WikiLeaks material could in fact lead to closer cooperation between European intelligence agencies and U.S. counterparts, which share concerns about Russian intelligence operations.

U.S. intelligence agencies have accused Russia of seeking to tilt last year’s U.S. presidential election in Trump’s favor, including by hacking into Democratic Party emails. Moscow has denied the allegation.

One major security problem was that the number of contractors with access to information with the highest secrecy classification has “exploded” because of federal budget constraints, the first U.S. official said.

U.S. intelligence agencies have been unable to hire additional permanent staff needed to keep pace with technological advances such as the “internet of things” that connects cars, home security and heating systems and other devices to computer networks, or to pay salaries competitive with the private sector, the official said.

Reuters could not immediately verify the contents of the published documents.

A person familiar with WikiLeaks’ activities said the group has had the CIA hacking material for months, and that the release of the material was in the works “for a long time.”

In Germany on Wednesday, the chief federal prosecutor’s office said that it would review the WikiLeaks documents because some suggested that the CIA ran a hacking hub from the U.S. consulate in Frankfurt.

“We will initiate an investigation if we see evidence of concrete criminal acts or specific perpetrators,” a spokesman for the federal prosecutor’s office told Reuters.

Chancellor Angela Merkel is scheduled to visit Washington on March 14 for her first meeting with Trump, who has sharply criticized Berlin for everything from its trade policy to what he considers inadequate levels of military spending.

(Reporting by John Walcott, Mark Hosenball, Dustin Volz, Yara Bayoumy in Washington and Matthias Sobolewski and Andrea Shalal in Berlin; Additional reporting by Joseph Menn in San Francisco; Writing by Grant McCool; Editing by Peter Graff and Bill Rigby)

WikiLeaks says it releases files on CIA cyber spying tools

FILE PHOTO: People are silhouetted as they pose with laptops in front of a screen projected with binary code and a Central Inteligence Agency (CIA) emblem, in this picture illustration taken in Zenica, Bosnia and Herzegovina October 29, 2014. REUTERS/Dado Ruvic/File Photo/Illustration

By Dustin Volz and Warren Strobel

WASHINGTON (Reuters) – Anti-secrecy group WikiLeaks on Tuesday published what it said were thousands of pages of internal CIA discussions about hacking techniques used over several years, renewing concerns about the security of consumer electronics and embarrassing yet another U.S. intelligence agency.

The discussion transcripts showed that CIA hackers could get into Apple Inc iPhones, Google Inc Android devices and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.

Cyber security experts disagreed about the extent of the fallout from the data dump, but said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage.

Reuters could not immediately verify the contents of the published documents, but several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.

A longtime intelligence contractor with expertise in U.S. hacking tools told Reuters the documents included correct “cover” terms describing active cyber programs.

Among the most noteworthy WikiLeaks claims is that the Central Intelligence Agency, in partnership with other U.S. and foreign agencies, has been able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal.

The files did not indicate the actual encryption of Signal or other secure messaging apps had been compromised.

The information in what WikiLeaks said were 7,818 web pages with 943 attachments appears to represent the latest breach in recent years of classified material from U.S. intelligence agencies.

Security experts differed over how much the disclosures could damage U.S. cyber espionage. Many said that, while harmful, they do not compare to former National Security Agency contractor Edward Snowden’s revelations in 2013 of mass NSA data collection.

“This is a big dump about extremely sophisticated tools that can be used to target individual user devices … I haven’t yet come across the mass exploiting of mobile devices,” said Tarah Wheeler, senior director of engineering and principal security advocate for Symantec.

Stuart McClure, CEO of Cylance, an Irvine, California, cyber security firm, said that one of the most significant disclosures shows how CIA hackers cover their tracks by leaving electronic trails suggesting they are from Russia, China and Iran rather than the United States.

Other revelations show how the CIA took advantage of vulnerabilities that are known, if not widely publicized.

In one case, the documents say, U.S. and British personnel, under a program known as Weeping Angel, developed ways to take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

The CIA and White House declined comment. “We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in a statement.

Google declined to comment on the purported hacking of its Android platform, but said it was investigating the matter.

Snowden on Twitter said the files amount to the first public evidence that the U.S. government secretly buys software to exploit technology, referring to a table published by WikiLeaks that appeared to list various Apple iOS flaws purchased by the CIA and other intelligence agencies.

Apple Inc did not respond to a request for comment.

The documents refer to means for accessing phones directly in order to catch messages before they are protected by end-to-end encryption tools like Signal.

Signal inventor Moxie Marlinspike said he took that as “confirmation that what we’re doing is working.” Signal and the like are “pushing intelligence agencies from a world of undetectable mass surveillance to a world where they have to use expensive, high-risk, extremely targeted attacks.”

CIA CYBER PROGRAMS

The CIA in recent years underwent a restructuring to focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries. The spy agency is prohibited by law from collecting intelligence that details domestic activities of Americans and is generally restricted in how it may gather any U.S. data for counterintelligence purposes.

The documents published Tuesday appeared to supply specific details to what has been long-known in the abstract: U.S. intelligence agencies, like their allies and adversaries, are constantly working to discover and exploit flaws in any manner of technology products.

Unlike the Snowden leaks, which revealed the NSA was secretly collecting details of telephone calls by ordinary Americans, the new WikiLeaks material did not appear to contain material that would fundamentally change what is publicly known about cyber espionage.

WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA’s “entire hacking capacity.”

The documents only include snippets of computer code, not the full programs that would be needed to conduct cyber exploits.

WikiLeaks said it was refraining from disclosing usable code from CIA’s cyber arsenal “until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analyzed, disarmed and published.”

U.S. intelligence agencies have said that Wikileaks has ties to Russia’s security services. During the 2016 U.S. presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the agencies said were hacked by Moscow as part of a coordinated influence campaign to help Republican Donald Trump win the presidency.

WikiLeaks has denied ties to Russian spy agencies.

Trump praised WikiLeaks during the campaign, often citing hacked emails it published to bolster his attacks on Democratic Party candidate Hillary Clinton.

WikiLeaks said on Tuesday that the documents showed that the CIA hoarded serious security vulnerabilities rather than share them with the public, as called for under a process established by President Barack Obama.

Rob Knake, a former official who dealt with the issue under Obama, said he had not seen evidence in what was published to support that conclusion.

The process “is not a policy of unilateral disarmament in cyberspace. The mere fact that the CIA may have exploited zero-day [previously undisclosed] vulnerabilities should not surprise anyone,” said Knake, now at the Council on Foreign Relations.

U.S. officials, speaking on condition of anonymity, said they did not know where WikiLeaks might have obtained the material.

In a press release, the group said, “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

U.S. intelligence agencies have suffered a series of security breaches, including Snowden’s.

In 2010, U.S. military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to Wikileaks.

Last month, former NSA contractor Harold Thomas Martin was indicted on charges of taking highly sensitive government materials over a course of 20 years, storing the secrets in his home.

(Reporting by Dustin Volz and Warren Strobel; additional reporting by Joseph Menn, Mark Hosenball, Jonathan Landay and Jim Finkle; Editing by Grant McCool)

Exclusive: CIA-backed aid for Syrian rebels frozen after Islamist attack – sources

Free Syrian Army fighters carry their weapons as they stand on the outskirts of the Islamic State-controlled northern Syrian town of al-Bab, Syria February 4, 2017. REUTERS/Khalil Ashawi

By Tom Perry, Suleiman Al-Khalidi and John Walcott

BEIRUT/AMMAN/WASHINGTON (Reuters) – CIA-coordinated military aid for rebels in northwest Syria has been frozen since they came under major Islamist attack last month, rebel sources said, raising doubts about foreign support key to their war against President Bashar al-Assad.

Rebel officials said that no official explanation had been given for the move this month following the jihadist assault, though several said they believed the main objective was to prevent arms and cash falling into Islamist militant hands. But they said they expected the aid freeze to be temporary.

The halt in assistance, which has included salaries, training, ammunition and in some cases guided anti-tank missiles, is a response to jihadist attacks and has nothing to do with U.S. President Donald Trump replacing Barack Obama in January, two U.S. officials familiar with the CIA-led program said.

The freeze reflects the troubles facing Free Syrian Army (FSA) rebels in the almost six-year-old revolt against Assad, who now appears militarily unassailable in his core western region largely thanks to direct intervention on his side by Russia and Iran.

“The reality is that you have changes in the area, and these changes inevitably have repercussions,” said an official with one of the affected FSA rebel groups. He said no military assistance could “enter at present until matters are organized. There is a new arrangement but nothing has crystallized yet”.

The support funneled to vetted FSA factions has included contributions from Turkey, Qatar and Saudi Arabia – states that have opposed Assad. It is one of several foreign aid channels to rebels. Others still function.

The CIA declined comment on the reported freeze in support. A Qatari official said his government had nothing to say on the matter. Turkish officials said only they could not discuss “operational details”. There was no word from Saudi Arabia.

Reuters confirmed the freeze with officials from five of the FSA groups that have been recipients of financial and military support from the so-called “MOM operations room”. It was also confirmed by two other senior FSA figures briefed on the matter.

They spoke on condition of anonymity given the covert nature of the CIA-backed program and the sensitivity of the subject.

Several rebels believed the aid halt was temporary, with new arrangements expected, but there was no clarity yet. Confirming the freeze, two senior FSA sources said donor states were aiming to send the aid to one, unified fighting force – a coherence that has eluded rebels throughout Syria’s civil war.

One of the FSA officials said he did not expect the rebels to be abandoned as they represent the best hope for blocking a further expansion of Sunni jihadist influence in Syria, and to fight back against the growing role of Iran there.

DECLINING REBEL FORTUNES

Idlib and nearby areas of Aleppo, Hama and Latakia provinces are among the last footholds of the anti-Assad insurgency in western Syria – the part of the country where he has shored up his rule by holding onto the main cities and the coast.

Islamists have long been seen as the more formidable insurgent force in the northwestern Idlib area though a dozen or more U.S.-vetted FSA groups have also operated there and nearby.

Last month’s militant assault on the FSA groups was launched by a group formerly known as the Nusra Front, al Qaeda’s official affiliate in the war until last year when it formally cut ties and renamed itself Jabhat Fateh al-Sham.

The jihadist onslaught led several FSA groups to merge with the powerful Islamist faction Ahrar al-Sham, widely believed to be backed by Assad’s foreign adversaries in the region.

That will likely give pause to foreign donors: Ahrar al-Sham is set apart from the FSA factions by a strongly Sunni Islamist ideology and it has previously fought alongside the Nusra Front.

Military aid to rebel groups has ebbed and flowed throughout the life of the program, U.S. officials said, as Washington and its allies have kept a close eye on any leakage to more militant factions, something one official called “a constant problem”.

TRUMP’S SYRIA POLICY NOT YET CLEAR

Before assuming office, Trump suggested he could end support for FSA groups and give priority to the fight against Islamic State (IS), whose well-armed jihadists hold large tracts of eastern and central Syria.

But Trump’s administration has yet to declare a firm policy towards Syria and Iraq, despite his repeated vows to eradicate IS, so it has been “business as usual” with covert and overt training and military support programs, one U.S. official said.

Some FSA groups hope Trump’s animosity towards Iran could yet result in enhanced U.S. support.

Jihadist forces attacked while FSA envoys attended Russian-backed Syria peace talks in Kazakhstan, accusing the rebels of conspiring with Moscow and Washington against Jabhat Fateh al-Sham. The United States has carried out a deadly series of air strikes against Fateh al-Sham in Idlib this year.

MOM-backed rebels had suffered a heavy blow in December when Syrian government forces ousted them from eastern Aleppo with decisive help from the Russian air force and Iranian-backed militias. Eastern Aleppo had been seen as an FSA stronghold.

An official with an FSA group that has received MOM aid said none came this month “and there are no signals”. Another said a regular meeting of the MOM had been canceled this month.

“I expect a reorganization,” he said, adding that there were still around 15,000 combatants with FSA groups in the northwest.

The CIA-backed program has regulated aid to the rebels after a period of unchecked support early in the war – especially from Gulf states – helped give rise to an array of insurgent groups, many of them strongly Islamist in ideology.

A similar program continues to operate in southern Syria with Jordanian backing. Some of the FSA groups backed through the MOM in the north continue to receive Turkish support as they participate in the Turkey-led Euphrates Shield offensive against IS and Kurdish groups to the northeast of Aleppo.

FSA groups have long complained that the aid provided falls far short of what they need to confront the better armed Syrian army. Their demands for anti-aircraft missiles have been consistently rebuffed.

U.S. intelligence and military officials said the leakage, sale and capture of U.S.-supplied and other weapons from units of the FSA to Islamic State, the Nusra Front, and other splinter militant groups have been a concern since the CIA and U.S. military began arming and training a limited number of rebels.

From the start, said one of the officials, some U.S.-backed rebels have migrated from groups that were battered by Syrian government forces to others such as IS that were seizing and holding territory at the time. Aid has slowed or stopped in Idlib and nearby areas, officials said, amid fears the pattern may be continuing after rebels lost ground there.

Another U.S. official said FSA groups continue to mount significant challenges to Assad. “Despite the setbacks and no assistance in fighting back against a brutal Russian onslaught, the fact is they remain a viable fighting force,” the official said.

(This story has been refiled to remove repetitive words in 4th paragraph)

(Additional reporting by William Maclean in Dubai, Nick Tattersall, Humeyra Pamuk and Orhan Coskun in Turkey, Jonathan Landay in Washington; writing by Tom Perry; editing by Mark Heinrich)

Trump’s CIA nominee includes Russia in list of global challenges

guy to be head of CIA under Trump

By David Alexander and Jonathan Landay

WASHINGTON (Reuters) – U.S. President-elect Donald Trump’s nominee to head the CIA portrayed multiple challenges facing the United States on Thursday, from an aggressive Russia to a “disruptive” Iran to a China that he said is creating “real tensions.”

Diverging from Trump’s stated aim of seeking closer ties with Russia, Pompeo said that Russia is “asserting itself aggressively” by invading and occupying Ukraine, threatening Europe, and “doing nearly nothing” to destroy Islamic State.

Mike Pompeo, a Republican member of the House of Representatives and a former U.S. Army officer, was speaking at the start of his confirmation hearing in the U.S. Senate.

In his prepared opening statement, Pompeo noted that the CIA does not make policy on any country, adding, “it is a policy decision as to what to do with Russia, but it will be essential that the Agency provide policymakers with accurate intelligence and clear-eyed analysis of Russian activities.”

His testimony came at a time when Trump, a Republican who takes office on Jan. 20, has openly feuded with U.S. intelligence agencies.

For weeks, the president-elect questioned the intelligence agencies’ conclusion that Russia used hacking and other tactics to try to tilt the 2016 presidential election in his favor. Trump said on Wednesday that Russia was behind the hacking but that other countries were hacking the United States as well.

This week, Trump furiously denounced intelligence officials for what he said were leaks to the media by intelligence agencies of a dossier that makes unverified, salacious allegations about his contacts in Russia.

Pompeo, a conservative lawmaker from Kansas who is on the House Intelligence Committee, listed challenges facing the United States, saying “this is the most complicated threat environment the United States has faced in recent memory.”

This included what he called a “resilient” Islamic State and the fallout from Syria’s long civil war.

Pompeo also included North Korea, which he said had “dangerously accelerated its nuclear and ballistic missile capabilities.” He said China was creating “real tensions” with its activities in the South China Sea and in cyberspace as it flexed its muscles and expanded its military and economic reach.

He called Iran an “emboldened, disruptive player in the Middle East, fueling tensions” with Sunni Muslim allies of the United States.

(Writing by Frances Kerry; Editing by Howard Goller)