CIA hacking? Hooray! Privacy advocates see an upside

It appears US spies are using targeted hacking tools in their investigations. The surprise: That could mean your data is safer.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read
​Julian Assange of WikiLeaks during a livestreamed press conference on Thursday.

Julian Assange of WikiLeaks during a live-streamed press conference on Thursday. CIA hacking tools described in documents released by WikiLeaks are actually a good sign, privacy experts say.

Screenshot by CNET

In all this talk of a CIA hacking playbook, is there a silver lining? Privacy advocates seem to think so.

That might surprise you. Nothing makes a person feel vulnerable in quite the same way as hearing that everyday electronics are being turned into spy devices. And that's exactly what we heard Tuesday, when WikiLeaks published thousands of documents that appeared to reveal CIA tools for hacking into computers, phones and even smart TVs. CNET is unable to verify whether the documents are real or have been altered.

Still, the news prompted Edward Snowden to post on Twitter, "It may not feel like it, but computer security is getting better."

Come again?

Here's the idea: If CIA spies are spending their time hacking the phones of suspected terrorists or foreign spies, that means they aren't relying on spy programs that are much more intrusive and essentially hack the entire internet.

Watch this: How do WikiLeaks' CIA hacking claims differ from Snowden NSA?

Moose and squirrel, meet spy vs. spy

Sure, hacking a smart TV is creepy. But it's a far cry from the National Security Agency programs Snowden, a former NSA contractor, revealed to journalists in 2013. Those programs -- in particular the tools known as Muscular and Upstream -- were designed to suck up huge amounts of internet traffic and store it for the NSA to comb through later. Privacy advocates refer to these as dragnets, and there's every possibility your information has been pulled in by these programs, whether or not you're an American citizen.

"The NSA has been caught running dragnet intelligence," said Dan Petro, a cybersecurity expert who specializes in spotting networks and devices that are vulnerable to hacking. The agency's programs are so broad, he said, "it sounds like it's something out of a Rocky and Bullwinkle cartoon."

But you can't scoop up that volume of data by hacking a phone, Petro said. In fact, what the WikiLeaks documents show is the opposite of a dragnet, and that's Snowden's point.

The NSA didn't respond to requests for comment for this story. The CIA declined to add to its official statement on the WikiLeaks documents, which in part says, "It is CIA's job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad. America deserves nothing less."

'Encryption works; patch your software'

Moxie Marlinspike, the creator of an encryption tool that scrambles up communications sent on messaging apps Signal and WhatsApp, agrees with Snowden. In fact, it's the increased use of these apps -- and encryption more broadly -- that's forcing spy agencies to turn to hacking their targets, according to a statement put out Tuesday by Marlinspike's company, Open Whisper Systems.

"Ubiquitous end-to-end encryption is pushing intelligence agencies like the CIA from a world of undetectable mass surveillance to a world where they have to very selectively use high-risk, expensive, targeted attacks," the statement said.

Maybe you're still concerned that the CIA may have the tools to hack the operating system on your phone. OK, fair enough. Eva Galperin, director of cybersecurity at the pro-privacy Electronic Frontier Foundation, says the best defense against hacking tools is updating your software.

Indeed, Apple, Google and Microsoft have all said their products are already safe from most of the tools outlined by the WikiLeaks documents, if you're using their latest software. If you can't update your software because you're using a really old device, but you care about keeping hackers out of your phone, it's time to consider an upgrade.

"I think for ordinary people, the takeaway is: 'Encryption works; patch your software,'" Galperin said.

Originally published March 9, 2017 at 4:50 p.m. PT
Update, 5:29 p.m. PT: Notes that the CIA declined to add to its official comment on the WikiLeaks documents.

CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition, right here.

Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it? CNET investigates.