WikiLeaks, the CIA and Your Phone


WikiLeaks is an organization that has made a name for itself by leaking classified government documents relating to national security, warfare, surveillance programs, and government corruption. 

WikiLeaks has leaked millions of documents, many of which were designated secret or top secret. Conspicuously absent from WikiLeaks' efforts are leaks related to Russia or China. However, back on March 7 WikiLeaks released thousands of documents, collectively referred to as Vault7, which detailed various CIA cyber capabilities, including zero day exploits, and exploits of some commonly used devices and software including Windows, iOS, and Android operating systems. Through these exploits, the CIA has the ability to gain unadulterated access to a target device such as a smartphone. The information contained in Vault7 captured the nation's attention and misleading headlines filled the news.

The WikiLeaks disclosure does not contain information about what operations the CIA undertakes, but rather what tools are at the CIA's disposal.  Now that some of the hysteria has passed, many initial reactions, such as the CIA has broken encryption, have been proven false.

At its core, Vault7 demonstrates the vulnerability of devices and software, and the CIA's ability to use these vulnerabilities to gain control of smartphones and other devices. While headlines initially claimed that the CIA could penetrate encryption, what the leaks actually demonstrated was that the CIA was able to exploit devices in order to circumvent encryption.  An admittedly imperfect analogy would be a bank robber hiding in a bank vault and then stealing the money from the inside without having to decipher the combination to the vault.

The solution to protecting one's communications is to secure your devices and use encryption. Failure to do both of these suggests that your communications, whether business or personal are subject to prying eyes and ears.

An important first step to protect your device is through prudent use. For example, do not click on unknown links and do not install unverified applications. Additionally, to protect against the burglar that may already be in a device, there are commercially available solutions that help determine if a device has been compromised. In addition, you must use encryption to ensure that your phone calls, text messages and other communications are protected in transit as they are most vulnerable when traveling between endpoints.

The CIA's job is to gather intelligence internationally and the WikiLeaks disclosures are not surprising in that the CIA is good at its job.  But, vulnerabilities, like laws of nature apply globally. We have to assume that other governments, cyber criminals and many others also know about these or similar vulnerabilities and they will continue to use cyber spying as a tool in their arsenal.  In light of these revelations, it is important for all organizations and people to protect their secrets, big or small, personal or business-related by securing their devices and encrypting their communications.

Benjamin Dynkin, Journal of Law and Cyber Warfare also contributed to this column.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.