|
Symantec attributes 40
cyber attacks to CIA-linked hacking tools
Send a link to a friend
[April 10, 2017]
By Joseph Menn
SAN FRANCISCO (Reuters) - Past cyber
attacks on scores of organizations around the world were conducted with
top-secret hacking tools that were exposed recently by the Web publisher
Wikileaks, the security researcher Symantec Corp said on Monday.
That means the attacks were likely conducted by the U.S. Central
Intelligence Agency. The files posted by WikiLeaks appear to show
internal CIA discussions of various tools for hacking into phones,
computers and other electronic gear, along with programming code for
some of them, and multiple people familiar with the matter have told
Reuters that the documents came from the CIA or its contractors.
Symantec said it had connected at least 40 attacks in 16 countries to
the tools obtained by WikiLeaks, though it followed company policy by
not formally blaming the CIA.
The CIA has not confirmed the Wikileaks documents are genuine. But
agency spokeswoman Heather Fritz Horniak said that any WikiLeaks
disclosures aimed at damaging the intelligence community "not only
jeopardize U.S. personnel and operations, but also equip our adversaries
with tools and information to do us harm.
"It is important to note that CIA is legally prohibited from conducting
electronic surveillance targeting individuals here at home, including
our fellow Americans, and CIA does not do so," Horniak said.
She declined to comment on the specifics of Symantec's research.
The CIA tools described by Wikileaks do not involve mass surveillance,
and all of the targets were government entities or had legitimate
national security value for other reasons, Symantec researcher Eric
Chien said ahead of Monday's publication.
In part because some of the targets are U.S. allies in Europe, "there
are organizations in there that people would be surprised were targets,"
Chien said.
Symantec said sectors targeted by operations employing the tools
included financial, telecommunications, energy, aerospace, information
technology, education, and natural resources.
[to top of second column] |
An analyst looks at code in the malware lab of a cyber security
defense lab at the Idaho National Laboratory in Idaho Falls, Idaho
September 29, 2011. REUTERS/Jim Urquhart
Besides Europe, countries were hit in the Middle East, Asia, and Africa. One
computer was infected in the United States in what was likely an accident - the
infection was removed within hours. All the programs were used to open back
doors, collect and remove copies of files, rather than to destroy anything.
The eavesdropping tools were created at least as far back as 2011 and possibly
as long ago as 2007, Chien said. He said the WikiLeaks documents are so complete
that they likely encompass the CIA’s entire hacking toolkit, including many
taking advantage of previously unknown flaws.
The CIA is best-known for its human intelligence sources and analysis, not vast
electronic operations. For that reason, being forced to build new tools is a
setback but not a catastrophe.
It could lead to awkward conversations, however, as more allies realize the
Americans were spying and confront them.
Separately, a group calling itself the Shadow Brokers on Saturday released
another batch of pilfered National Security Agency hacking tools, along with a
blog post criticizing President Donald Trump for attacking Syria and moving away
from his conservative political base.
It is unclear who is behind the Shadow Brokers or how the group obtained the
files.
(Additional reporting by Jonathan Weber and Anna Driver; Editing by Matthew
Lewis and Mary Milliken)
[© 2017 Thomson Reuters. All rights
reserved.] Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
