Surveillance: Is the CIA really spying on you?
“There’s an old Soviet proverb that computer security experts like to quote: ‘If you think it, don’t say it. If you say it, don’t write it. If you write it, don’t be surprised,’” said Elizabeth Weise in USA Today. After WikiLeaks last week published nearly 9,000 pages of documents purportedly detailing CIA hacking tools, private citizens may want to take that message to heart. Those files suggest the spy agency has developed an array of cyberweapons that can let it access your smartphone, smart TV, Wi-Firouter, and computer— essentially anything that’s connected to the internet. Using a program called “Weeping Angel,” the files say, agents can secretly record conversations through the microphone of a Samsung smart TV. Other documents explain how the CIA can penetrate supposedly secure apps like WhatsApp, Telegram, and Signal and read messages before they’re encrypted. If that’s true, it means “there’s very little ordinary people can do to ensure their communications remain private.”
Unless you’re a working for a hostile power or terrorist group, you needn’t worry about being spied on, said Sheera Frenkel in BuzzFeed.com. To read encrypted messages on apps like WhatsApp and Signal, the CIA first has to break into and take over an individual’s phone. But those kinds of hacks—called zeroday exploits because device manufacturers don’t know about them yet—“are difficult to find and cost millions of dollars to develop or buy from private cybersecurity researchers who uncover them.” So while the CIA could exploit a vulnerability to access someone’s phone or laptop, “it would need to be a very high-value target for them to do so,” because the agency could face a backlash from consumers, tech firms, and foreign governments if it was caught in the act. These documents make it clear that the CIA isn’t conducting mass surveillance, said Zeynep Tufekci in The New York Times. Foiled by the spread of encryption technology, agents are being forced to break into individual devices one by one. “If anything in the WikiLeaks revelations is a bombshell, it is just how strong these encrypted apps appear to be.”
If you’re still worried about CIA hacking, you can fight back by keeping your smartphone and computer software up to date, said Brian X. Chen, also in The New York Times. The leaked files describe attacks on outdated software systems, “and many security vulnerabilities have since been patched.” Smart TVs are more deserving of your paranoia, said Josephine Wolff in Qz.com. The growing array of internet-connected smart devices that are packed with cameras, mikes, and other sensors are notoriously insecure, because the companies that make them often have very little cybersecurity experience. “Intelligence agencies’ abilities to turn these devices into remote eavesdropping tools should make people think seriously before adding new ones.”