President Trump’s victory over the intelligence community may be a triumph or a disaster for the American people.
After Wikileak’s Vault 7 disclosures, President Trump can checkmate the intelligence agencies. Much more importantly, he will also have it in his power to be either the greatest champion of, or the greatest threat to, freedom and civil liberties America has ever had.
Hacking is the heart of electronic surveillance. The intelligence community (IC) works with technology companies—internet service providers, hardware manufacturers, software companies, communications and media companies—obtaining a great deal of information with their consent. Information is also obtained surreptitiously—hacking. The ways to gather such information are limited only by the imaginations and capabilities of legions of extremely bright hackers, operating around the world for country, profit, or personal gratification, within and outside the bounds of the law.
By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
Wikileaks, Vault 7 Press Release, 3/7/17 (Wikileaks, Vault 7)
Wikileaks claims that the CIA lost control of its hacking archive to former US government hackers and contractors, one of whom provided substantial portions to Wikileaks. In the first (“Year Zero”) of a promised series of Vault 7 releases, there are 8,761 documents, many of which Wikileaks has not completely analyzed (although it has made numerous redactions). It also said that it will not distribute “‘armed’ cyberweapons” until they can be analyzed and disarmed, and a “consensus emerges on the technical and political nature of the CIA’s program.” Wikileaks has invited anyone who wants to see the documents to do so, making them accessible via a link and a password: SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds. (That password comes from a threat President Kennedy purportedly made to dismantle the CIA a month before his assassination.) Full analyses of these first documents plus the thousands that follow will probably take months, if not years.
The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon as one murder in the set is solved then the other murders also find likely attribution.
The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.
Wikileaks, Vault 7
This lays waste to the IC’s “assessments” that Russia hacked the DNC and passed its information on to Wikileaks. That claim was already on thin ice because the source materials for those assessments were never disclosed. Even if they were, the quoted passage makes clear that the CIA, and by implication any other intelligence agency with the same capability, could have committed the hack and left behind Russian hackers’ “fingerprints,” a not unlikely possibility given the IC’s hostility towards Trump.
This is the smallest victory Wikileaks has handed to Trump. Whether he realizes larger victories depends on whether he and his team study the Wikileaks press release and disclosures and realize their implications. As Commander in Chief, Trump is duty bound to ask questions and investigate. How did the CIA lose “control of the majority of its hacking arsenal” and documentation? How did Wikileaks obtain so many of the nuclear warheads of the US’s cyber-warfare armory?
After Edward Snowden’s disclosures in 2013, an uproar ensued over US technology companies’ vulnerability to and complicity in IC hacking and surveillance. At the insistence of the technology companies, in January 2014 President Obama secured commitments from the IC that any vulnerabilities they detected in the companies’ hardware or software would be disclosed to them.
The U.S. government’s commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities. The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.
“Year Zero” documents show that the CIA breached the Obama administration’s commitments. Many of the vulnerabilities used in the CIA’s cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
Wikileaks, Vault 7
Why, Trump should ask, did the CIA violate the Obama administration’s “commitments” and leave American technology open to hacks not just from the CIA, but “rival intelligence agencies or cyber criminals?”
By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh [SIC]; at the expense of leaving everyone hackable.
Wikileaks, Vault 7
Incredibly, much of malware, Listening Post, and Command and Control Systems the CIA, and by implication other members of the IC, dropped into computers, communications devices, and networks is not classified!
To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufactures and computer hackers can freely “pirate” these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.
Wikileaks, Vault 7
How in the world, Trump should query, could the CIA, and by implication the IC, implant top-secret software that’s not classified?
Most of the above questions would fit on a tweet, and all of them go directly to matters that should be investigated. They are readily understandable and obvious; other questions will follow. If he wants, Trump can tie the IC in knots for the next eight years in pursuit of answers. These issues pose threats to national security; nobody, including Democrats, neoconservatives, and hard-core Deep Staters, can object to comprehensive probes. SLL has argued that Trump has the upper hand in his battle with the IC and that the Deep State has been acting out of weakness, not strength (see “Plot Holes” Vault 7 strengthens that argument.
Isn’t WikiLeaks worried that the CIA will act against its staff to stop the series?
No. That would be certainly counter-productive.
Wikileaks Vault 7
This little exchange may be the most important quote from “Year Zero.” Wikileaks has given Trump the means to assert complete dominance, and the message is clear. Anything the CIA does to counterattack will “be certainly counter-productive.” In other words, Wikileaks has information that could irreparably damage or destroy the agency. (We can probably also assume that if Julian Assange is not already dead, he is not going to die anytime soon of “unnatural” causes.) After Vault 7, if Trump goes on the offensive, nobody but its mainstream media mouthpieces will pay attention to emanations from an IC beset by inquiries and investigations. And it will have no idea if or how Wikileaks, a de facto Trump ally, might respond.
The question then becomes: do we want Donald Trump, or anyone else, to have complete dominance over the IC and all the information it posses? Vault 7 details how the CIA has infiltrated hardware, software, networks, and the Internet of Things (including televisions and cars), eviscerated encryption, and compromised the products and services of a Who’s Who of technology companies. In so doing, it has made a mockery of the Fourth Amendment and opened the door for nefarious hackers all over the world. Donald Trump has championed the IC and called Edward Snowden a “traitor.” However, Trump was justifiably outraged when he discovered the IC had been monitoring him. Will his outrage translate into outrage that his fellow citizens, powerful and powerless alike, are being treated the same way? Will he, as he gains the upper hand, cast this ring of power into the fire or will he use it for his own corrupting purposes?
In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
Wikileaks, Vault 7
By all means, let the debate begin. However, no human being can be trusted, no laws can be promulgated, to restrain the power the IC now has to surveil and blackmail each and every one of us, from the president on down. Whatever ephemeral “security” it has achieved is far outweighed by its many crimes—stretching back to the 1940s—and the civil liberties and rights it has abridged and obliterated. Trump can be a great president if he fulfills President Kennedy’s vow to splinter the CIA into a thousand pieces and scatter it (and the rest of the IC) to the winds. If he does not, we will have only replaced one devil with another.