Wikileaks founder Julian Assange answers questions on the Vault 7 leak of CIA hacking tools, on March 9 2017.
Has the Central Intelligence Agency ever spied on American citizens? That was a question thrown at Julian Assange today during a press briefing hosted on Twitter’s Periscope, just a matter of days after Wikileaks released thousands of documents detailing the CIA’s hacking tools.
His response was somewhat opaque for an organization that prides itself on transparency: “The answer is not no.” He went on to claim that Wikileaks had recovered more than 22,000 IP addresses in the 8,000 pages of Vault 7 files that “corresponded” to the U.S.
Assange did not explain exactly how those IPs related to American individuals or if they were even targeted. “It’s not clear which are attack infrastructure, intermediary victims, or targets,” he added. “But we know there are numerous attacks on Europe and Latin America, including Brazil and Ecuador… Brazil and Ecuador are not really known for their extremists.” Again, he did not provide specific details.
His comments came after the CIA released a statement Wednesday in response to the massive leak, in which it claimed it would never spy on Americans, as to do so would be illegal. “CIA’s mission is to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries,” said CIA spokesperson Jonathan Liu. “It is also important to note that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so. CIA’s activities are subject to rigorous oversight to ensure that they comply fully with U.S. law and the Constitution.”
In that same statement, the CIA declined to comment on the authenticity of the leaks. “We have no comment on the authenticity of purported intelligence documents released by Wikileaks or on the status of any investigation into the source of the documents.”
Assange said individuals should be concerned about the CIA’s targeted approach to surveillance, as a comparison to the NSA’s bulk passive data collection. That’s because the CIA is increasingly moving towards an automated approach, he said, pointing to the CIA’s Automated Implant Branch. According to Assange, the group develops not just viruses and other types of hacking tools, but automates how they work.
“Is the CIA interested in you? With the increasing automation of these attacks, the interest might not need to be that high. You might know someone who knows someone [who is a target],” he added.
If the CIA has spied on U.S. citizens with the myriad hacking tools in the Vault 7 leak, it wouldn’t be unprecedented. It admitted in 2014 to unconstitutionally snooping on Congress by hacking into the network used by the Senate intelligence committee during its investigation into CIA torture.
Wikileaks to protect Apple and Google from CIA hacks?
In the same press briefing, Assange said Wikileaks would pass more detailed information on specific exploits to technology companies whose products were targeted by the CIA’s tools. They include Apple, Google, Microsoft and Samsung, whose TVs were a subject of interest for CIA hackers. All are actively investigating the Wikileaks Vault 7 files, and are yet to warn of any previously-unknown vulnerabilities that now need patching. Assange confirmed exclusive access to some of the technical details will be provided to such companies. He said fixes could arrive in a matter of days or may take significantly longer if
Google said it had nothing to share about any contact with Wikileaks at the time of publication. Apple had not responded to a request for comment. Both the Android and iOS operating systems were targeted by multiple CIA exploits.
“We have quite a lot of exploits… that we want to disarm before we think about publishing,” Assange added. “We’re going to work with some of these manufacturers to try and get these antidotes out there before we publish clues that might help cyber mafia or governments on how to do this.”
He warned, however, that others outside the CIA may already have access to the agency’s digital arsenal. “They weren’t securing it very well. It’s quite possible numerous people have it,” Assange added.
“Even if Wikileaks doesn’t publish any of these cyberweapons it might be hard to stop the spread elsewhere. So what you want is the fastest possible antidotes.”
Got a tip? Email at TFox-Brewster@forbes.com or firstname.lastname@example.org for PGP mail. Get me on Signal on +447837496820 or email@example.com on Jabber for encrypted chat.