‘Woefully lax’: report slams CIA cybersecurity after hacking tool leak

By Raphael Satter

(Reuters) – Many of the Central Intelligence Agency’s most sensitive hacking tools were so poorly secured that it was only when WikiLeaks published them online in 2017 that the agency realized they had been compromised, according to a report released Tuesday.

The secret-spilling site drew international attention when it dumped a vast trove of malicious CIA code on the internet in March 2017.

The digital tools, sometimes described as “cyber weapons,” provided a granular look at how the CIA conducts its international hacking operations. It also deeply embarrassed the U.S. intelligence community, which has repeatedly been hit by large-scale leaks over the past decade.

An internal CIA report dated October 2017 and released by Democratic U.S. Senator Ron Wyden on Tuesday described security at the agency’s Center for Cyber Intelligence – the unit responsible for designing the tools – as “woefully lax.”

“Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely,” the report said. It described the WikiLeaks disclosure as “the largest data loss in CIA history.”

The CIA declined to comment specifically on the report, saying only that it “works to incorporate best-in-class technologies” to keep ahead of security threats.

The report, drawn up by the CIA’s WikiLeaks Task Force, was heavily redacted, but it called out failures at the Center for Cyber Intelligence, which the report’s authors said was too focused on building hacking tools rather than securing them.

In a letter accompanying the report, Wyden suggested that the weaknesses highlighted by the report “do not appear to be limited to just one part of the intelligence community,” which he said was “still lagging behind.”

(Reporting by Raphael Satter; editing by Jonathan Oatis)

Assange tried to call White House, Hillary Clinton over data dump, his lawyer says

By Michael Holden

LONDON (Reuters) – Julian Assange tried to contact Hillary Clinton and the White House when he realized that unredacted U.S. diplomatic cables given to WikiLeaks were about to be dumped on the internet, his lawyer told his London extradition hearing on Tuesday.

Assange is being sought by the United States on 18 counts of hacking U.S. government computers and an espionage offense, having allegedly conspired with Chelsea Manning, then a U.S. soldier known as Bradley Manning, to leak hundreds of thousands of secret documents by WikiLeaks almost a decade ago.

On Monday, the lawyer representing the United States told the hearing that Assange, 48, was wanted for crimes that had endangered people in Iraq, Iran and Afghanistan who had helped the West, some of whom later disappeared.

U.S. authorities say his actions in recklessly publishing unredacted classified diplomatic cables put informants, dissidents, journalists and human rights activists at risk of torture, abuse or death.

Outlining part of his defense, Assange’s lawyer Mark Summers said allegations that he had helped Manning to break a government password, had encouraged the theft of secret data and knowingly put lives in danger were “lies, lies and more lies”.

He told London’s Woolwich Crown Court that WikiLeaks had received documents from Manning in April 2010. He then made a deal with a number of newspapers, including the New York Times, Britain’s Guardian and Germany’s Der Spiegel, to begin releasing redacted parts of the 250,000 cables in November that year.

A witness from Der Spiegel said the U.S. State Department had been involved in suggesting redactions in conference calls, Summers said.

However, a password that allowed access to the full unredacted material was published in a book by a Guardian reporter about WikiLeaks in February 2011. In August, another German newspaper reported it had discovered the password and it had access to the archive.

PEOPLE’S LIVES “AT RISK”

Summers said Assange attempted to warn the U.S. government, calling the White House and attempting to speak to then- Secretary of State Clinton, saying “unless we do something, people’s lives are put at risk”.

Summers said the State Department had responded by suggesting that Assange call back “in a couple of hours”.

The United States asked Britain to extradite Assange last year after he was pulled from the Ecuador embassy in London, where he had spent seven years holed up avoiding extradition to Sweden over sex crime allegations which have since been dropped.

Assange has served a prison sentence in Britain for skipping bail and remains jailed pending the U.S. extradition request

Supporters hail Assange as an anti-establishment hero who revealed governments’ abuses of power, and argue the action against him is a dangerous infringement of journalists’ rights. Critics cast him as a dangerous enemy of the state who has undermined Western security.

(Reporting by Michael Holden; Editing by Gareth Jones)

WikiLeaks founder Assange appears confused at extradition hearing

WikiLeaks founder Assange appears confused at extradition hearing
By Andrew MacAskill

LONDON (Reuters) – WikiLeaks founder Julian Assange appeared confused at a London court hearing on Monday, struggling to recall his name and age in his first public appearance in months as he sought to fight his extradition to the United States.

Assange, 48, who spent seven years holed up in Ecuador’s embassy before he was dragged out in April, faces 18 counts in the United States including conspiring to hack government computers and violating an espionage law. He could spend decades in prison if convicted.

On Monday he appeared clean-shaven, without the long beard he had worn at his last public appearance in May, when he was sentenced to 50 weeks jail for skipping bail. He appeared in good health, with his white hair combed back and wearing a navy suit over a light blue sweater and white shirt.

But he mumbled and stuttered for several seconds as he gave his name and date of birth at the start of a preliminary hearing in the case.

When the judge asked him at the end of the hearing if he knew what was happening, he replied “not exactly”, complained about the conditions in jail, and said he was unable to “think properly”.

“I don’t understand how this is equitable,” he said. “I can’t research anything, I can’t access any of my writing. It’s very difficult where I am.”

Assange is being held in British jail pending the U.S. extradition, having served his sentence for skipping bail.

He fled to the embassy in 2012 to avoid being sent to Sweden to face sex crimes accusations. He says the U.S. charges against him are a political attempt to silence journalists and publishers, and the Swedish allegations were part of a plot to catch him. Sweden is reviewing the sex crimes cases.

The former Mayor of London Ken Livingstone was among Assange’s supporters in the public gallery, while protesters gathered outside court.

Assange’s lawyer Mark Summers argued that Assange’s extradition hearing, scheduled for February 2020, should be delayed by three months due to the complexity of the case.

“The evidence in this case would test the limits of most lawyers,” Summers told the court. He cited the difficulty of communicating with Assange who he said doesn’t have a computer in prison. The judge denied the request to delay the hearing.

Australian-born Assange made international headlines in early 2010 when WikiLeaks published a classified U.S. military video showing a 2007 attack by Apache helicopters in Baghdad that killed a dozen people, including two Reuters news staff.

WikiLeaks later angered the United States by publishing caches of leaked military documents and diplomatic cables.

Admirers have hailed Assange as a hero for exposing what they describe as abuse of power by modern states and for championing free speech. As he entered the dock, people in the public gallery raised their fists in solidarity with him.

His detractors have painted him as a dangerous figure complicit in Russian efforts to undermine the West.

(Reporting by Andrew MacAskill; Editing by Alistair Smout and Peter Graff)

I’ve protected many, Assange tells UK court as he fights U.S. extradition warrant

By Michael Holden

LONDON (Reuters) – WikiLeaks founder Julian Assange told a London court on Thursday his work had protected “many people” and refused to agree to be extradited to the United States to face trial for one of the largest compromises of classified information in history.

The United States has requested the extradition of Assange, who was dragged from the Ecuadorean Embassy in London on April 11, and has charged him with conspiracy to commit computer intrusion which carries a maximum penalty of five years.

Asked at a preliminary hearing at Westminster Magistrates’ Court whether he agreed to be extradited to the United States, Assange, appearing via a video link from a British prison, said: “I do not wish to surrender for extradition. I’m a journalist winning many, many awards and protecting many people.”

Assange made international headlines in early 2010 when WikiLeaks published a classified U.S. military video showing a 2007 attack by Apache helicopters in Baghdad that killed a dozen people, including two Reuters news staff.

To some, Assange is a hero for exposing what supporters cast as abuse of power by modern states and for championing free speech. To others, he is a dangerous rebel who has undermined U.S. security.

On Wednesday, he was sentenced to 50 weeks in prison by a British court for skipping bail after fleeing to Ecuador’s Embassy in London, where he remained for seven years until police dragged him out last month.

Assange had sought refuge in the embassy in June 2012 to avoid extradition to Sweden to face an allegation of rape, which he denies, saying he feared he would be sent to the United States to face action over the WikiLeaks’ release of classified U.S. diplomatic cables.

Hours after his arrest last month, U.S. prosecutors said they had charged Assange with conspiracy in trying to access a classified U.S. government computer.

“The charge relates to one of the largest compromises of classified information in the history of the United States,” said Ben Brandon, the lawyer representing the United States.

He said in early 2010, former U.S. Army intelligence analyst Chelsea Manning had downloaded 90,000 activity reports relating to the Afghan war, 400,000 relating to the conflict in Iraq, 800 Guantanamo Bay detainee assessment briefs and 250,000 U.S. diplomatic cables.

The vast majority of these were later released on WikiLeaks.

“NOT ABOUT HACKING”

There were computer room chats showing real-time discussions between Manning and Assange over cracking a password to gain access to classified U.S. documents and the public release of the information, Brandon said.

“Despite what you heard from the prosecutor in the courtroom today, this case is not about hacking,” Assange’s lawyer Jennifer Robinson said outside court.

“This case is about a journalist and a publisher who had conversations with a source about accessing material, encouraged that source to provide material and spoke to that source about how to protect their identity. This is a protected activity that journalists engage in all the time.”

She said the action against him had been launched under former U.S. President Barack Obama and aggressively pursued by the administration of Donald Trump.

The case was adjourned until May 30 for a procedural hearing with a more substantial hearing planned for June 12. The full extradition hearing was some months away, Judge Michael Snow told the court.

(Reporting by Michael Holden; writing by Guy Faulconbridge; Editing by Alistair Smout and Janet Lawrence)

U.S. charges Assange after London arrest ends 7 years of solitude in Ecuador embassy

WikiLeaks founder Julian Assange arrives at the Westminster Magistrates Court, after he was arrested in London, Britain April 11, 2019. REUTERS/Hannah McKay TPX IMAGES OF THE DAY

By Guy Faulconbridge, Kate Holton and Costas Pitas

LONDON (Reuters) – British police dragged Julian Assange out of the Ecuadorean embassy on Thursday after his seven-year asylum was revoked, paving the way for his extradition to the United States for one of the biggest ever leaks of classified information.

The frail-looking WikiLeaks founder, with white hair and a long beard, was carried head first out of the embassy in London shortly after 0900 GMT by at least seven men to a waiting police van, after shouting “This is unlawful, I’m not leaving.”

British Prime Minister Theresa May hailed the news in parliament, to cheers and cries of “Hear, hear!” from lawmakers.

“The whole House will welcome the news this morning that the Metropolitan Police have arrested Julian Assange, arrested for breach of bail after nearly seven years in the Ecuadorean embassy,” May said.

Appearing before a London court, Assange said he was not guilty of failing to surrender in 2012. District judge Michael Snow, who cast Assange as a “narcissist”, convicted him of skipping bail. Sentencing will be at a later date.

Assange’s lawyer in Quito said his life would be in danger if he were to be extradited to the United States.

Police said they had arrested Assange, 47, after being invited into the embassy following the Ecuadorean government’s withdrawal of asylum. Assange was carried out of the building carrying a copy of Gore Vidal’s “History of The National Security State”, which he continued reading in court.

Just hours later, U.S. prosecutors said they had charged Assange with conspiracy in trying to access a classified U.S. government computer with former U.S. Army intelligence analyst Chelsea Manning in 2010.

The arrests, after nearly seven years holed up in a few cramped rooms at the embassy, mark one of the most sensational turns in a tumultuous life that has transformed the Australian programmer into a rebel wanted by the United States.

Supporters of Assange, who gave a thumbs up in handcuffs as he was taken from a police station to the court, said Ecuador had betrayed him at the behest of Washington, that the ending of his asylum was illegal and that it marked a dark moment for press freedom.

To some, Assange is a hero for exposing what supporters cast as abuse of power by modern states and for championing free speech. But to others, he is a dangerous rebel who has undermined U.S. security.

WikiLeaks angered Washington by publishing hundreds of thousands of secret U.S. diplomatic cables that laid bare often highly critical U.S. appraisals of world leaders, from Russian President Vladimir Putin to members of the Saudi royal family.

Assange made international headlines in early 2010 when WikiLeaks published a classified U.S. military video showing a 2007 attack by Apache helicopters in Baghdad that killed a dozen people, including two Reuters news staff.

The extent of the diplomacy that led to the arrest was not immediately clear. The Kremlin said it hoped his rights would not be violated.

UNITED STATES

Assange’s indictment arose from a long-running criminal investigation dating back to the administration of former President Barack Obama.

It was triggered in part by WikiLeaks’ publication in 2010 of hundreds of thousands of U.S. military reports about the wars in Afghanistan and Iraq and American diplomatic communications.

The U.S. Justice Department said Assange was arrested pursuant to the U.S./UK Extradition Treaty, and accused him of involvement in one of the largest compromises of classified information in U.S. history.

The indictment said that Assange in March 2010 engaged in a conspiracy to assist Manning in cracking a password stored on U.S. Department of Defense computers connected to the Secret Internet Protocol Network (SIPRNet), a U.S. government network used for classified documents and communications.

“The charge relates to Assange’s alleged role in one of the largest compromises of classified information in the history of the United States,” the U.S. Justice Department said.

He faces a maximum penalty of five years in prison if convicted, the department said.

Britain said no man was above the law.

“Julian Assange is no hero, he has hidden from the truth for years and years,” British Foreign Secretary Jeremy Hunt said.

“It’s not so much Julian Assange being held hostage in the Ecuadorean embassy, it’s actually Julian Assange holding the Ecuadorean embassy hostage in a situation that was absolutely intolerable for them.”

Assange took refuge in the Ecuadorean embassy, behind the luxury department store Harrods, in June 2012 to avoid being extradited to Sweden, where authorities wanted to question him as part of a sexual assault investigation.

Sweden dropped that probe in 2017, but Assange was arrested for breaking the rules of his bail in London in connection with the case.

A Swedish lawyer representing the alleged rape victim said she would push to have prosecutors reopen the case, but a retired senior prosecutor and chairman of NGO Victim Support Sweden, said he thought that may be difficult.

YEARS OF SOLITUDE

Friends of Assange said the solitude he had experienced in the embassy had hurt him most.

“It was a miserable existence and I could see it was a strain on him, but a strain he managed rather well,” said Vaughan Smith, a friend who visited Assange. “The thing that was most difficult for Julian was the solitude.”

“He was very tough, but the last year in particular was very difficult. He was constantly being surveilled and spied upon. There was no privacy for him.”

WikiLeaks said Ecuador had illegally terminated his political asylum in violation of international law.

“Assange’s critics may cheer, but this is a dark moment for press freedom,” said Edward Snowden, a former U.S. National Security Agency contractor who fled to Moscow after revealing massive U.S. intelligence gathering.

Assange’s relationship with his hosts collapsed after Ecuador accused him of leaking information about President Lenin Moreno’s personal life.

Moreno said Assange’s diplomatic asylum status had been cancelled for repeated violation of conventions. He said he had asked Britain to guarantee that Assange would not be extradited to any country where he might face torture or the death penalty.

“The British government has confirmed it in writing,” Moreno said. “The asylum of Mr Assange is unsustainable and no longer viable.”

(Additional reporting by Alistair Smout, Andrew MacAskill, Henry Nicholls, Peter Nicholls, Dylan Martinez in LONDON; Anna Ringstrom, Simon Johnson and Niklas Pollard in STOCKHOLM; Mark Hosenball in Washington and Nathan Layne in NEW YORK; Writing by Guy Faulconbridge and Kate Holton; Editing by Hugh Lawson)

WikiLeaks faces U.S. probes into its 2016 election role and CIA leaks: sources

WikiLeaks faces U.S. probes into its 2016 election role and CIA leaks: sources

By Mark Hosenball

WASHINGTON (Reuters) – WikiLeaks and its founder, Julian Assange, are facing multiple investigations by U.S. authorities, including three congressional probes and a federal criminal inquiry, sources familiar with the investigations said.

The Senate and House of Representatives intelligence committees and leaders of the Senate Judiciary Committee are probing the website’s role in the 2016 U.S. presidential election campaign, according to the sources, who all requested anonymity, and public documents.

WikiLeaks published emails hacked from the Democratic Party and the personal email account of John Podesta, Hillary Clinton’s 2016 presidential campaign chairman.

In a report issued in January, the CIA, the National Security Agency, and the Federal Bureau of Investigation said Russian intelligence did the hacking, and the GRU, Russia’s military intelligence agency, sent hacked data to WikiLeaks via intermediaries.

The Senate Intelligence Committee is investigating who gave WikiLeaks the hacked Democratic National Committee data that WikiLeaks published in July 2016, which included more than 44,000 emails and 17,000 attachments, the sources said. So far, its inquiries are still at an early stage, the sources said.

Senate Judiciary Committee leaders have asked Jared Kushner, Trump’s son-in-law, for emails related to WikiLeaks.

The House Intelligence Committee has questioned Roger Stone, a longtime friend of President Donald Trump and a veteran political operative who promoted WikiLeaks’ disclosures of the emails on Twitter.

After initially refusing to identify an intermediary he dealt with who was in contact with Assange, Stone later told the committee it was Randy Credico, a left-wing comedian.

The committee sent Credico a letter asking him to appear voluntarily. When he declined to do so, the panel sent him a subpoena requiring him to give a deposition.

Credico’s lawyer, Martin Stoller, said on Wednesday that Credico was considering whether to invoke his First and Fifth Amendment rights under the U.S. Constitution to avoid answering questions.

It is unclear whether Credico could help investigators uncover where WikiLeaks got the hacked Democratic emails.

In emails to Reuters, Stone has dismissed the intelligence agencies’ conclusion about Russian hacking.

It is not known whether Robert Mueller, the Justice Department special counsel investigating possible Russian interference in the 2016 presidential election, is investigating WikiLeaks.

A U.S. lawyer for Assange, Barry Pollack, said Mueller’s team had not contacted him.

Meanwhile, federal prosecutors in Alexandria, Virginia, are conducting a criminal investigation into how WikiLeaks obtained thousands of classified U.S. government documents, including CIA materials and most recently ultra-secret technical materials describing American spy agency hacking tools. Law enforcement sources and Pollack said the probe began several years ago.

Assange has lived in the Ecuadorean Embassy in London for several years after taking refuge there when Swedish authorities sought his extradition in a sexual molestation case.

(This story has been refiled to fix spelling of “WikiLeaks” in headline)

(Reporting By Mark Hosenball; Editing by John Walcott and Jonathan Oatis)

CIA chief calls WikiLeaks a ‘hostile intelligence service’

Central Intelligence Agency Director Mike Pompeo speaks at The Center for Strategic and International Studies in Washington, U.S. April 13, 2017. REUTERS/Eric Thayer

By Warren Strobel and Mark Hosenball

WASHINGTON (Reuters) – CIA Director Mike Pompeo on Thursday called WikiLeaks a “hostile intelligence service,” using his first public speech as spy agency chief to denounce leakers who have plagued U.S. intelligence.

Pompeo, in an address at the Center for Strategic and International Studies think tank, called WikiLeaks founder Julian Assange “a fraud” and “a coward.”

“It is time to call out WikiLeaks for what it really is, a non-state hostile intelligence service often abetted by state actors like Russia,” Pompeo said.

He said Russia’s GRU military intelligence service used Wikileaks to distribute material hacked from Democratic National Committee computers during the 2016 U.S. presidential election.

U.S. intelligence agencies have concluded that Russia stole the emails and took other actions to tilt the election in favor of eventual winner Donald Trump, a Republican, against Democratic candidate Hillary Clinton.

Pompeo and President Donald Trump, who chose him to head the CIA, have not always been so critical of WikiLeaks. During a campaign rally last October, Trump praised the group for releasing hacked emails from the DNC by saying, “I love WikiLeaks.”

In July, Pompeo, than a Republican member of the House of Representatives, mentioned it in a Twitter post referring to claims that the DNC had slanted the candidate-selection process to favor Clinton. “Need further proof that the fix was in from Pres. Obama on down? BUSTED: 19,252 Emails from DNC Leaked by Wikileaks.”

WikiLeaks has published secret documents from the U.S. government and others and says its mission is to fight government secrecy and promote transparency. Pompeo said it has “encouraged its followers to find jobs at CIA in order to obtain intelligence.”

Assange has been holed up in the Ecuadorean Embassy in London since 2012, after taking refuge there to avoid extradition to Sweden over allegations of rape, which he denies.

Two of Assange’s lawyers and a Wikileaks spokesman did not immediately respond to requests for comment on Pompeo’s remarks.

Pompeo’s speech on Thursday follows a series of damaging leaks of highly sensitive CIA and National Security Agency material.

In March, WikiLeaks published thousands of pages of internal CIA discussions that revealed hacking techniques the agency had used against iPhones, Android devices and other targets.

Pompeo also had harsh words for Edward Snowden, the former National Security Administration contractor who downloaded thousands of documents revealing some of the electronic eavesdropping agency’s most sensitive programs and shared them with journalists.

“More than a thousand foreign targets, people, groups, organizations, more than a thousand of them changed or tried to change how they communicated as a result of the Snowden disclosures,” Pompeo said. “That number is staggering.”

U.S. intelligence agencies have struggled to deal with “insider threats” – their own employees or contractors who steal classified materials and, in some cases, publicize them.

In response to a question, Pompeo disputed Russia’s account of a chemical weapons attack in Syria that prompted retaliatory cruise missile strikes by Trump last week.

Moscow has said that Syrian rebels, rather than the Syrian government, were responsible.

“None of the (accounts) have an ounce of truth in them,” Pompeo said, calling Russian President Vladimir Putin “a man for whom veracity doesn’t translate into English.”

(Additional reporting by Eric Walsh; Editing by Eric Beech and Bill Trott)

Symantec attributes 40 cyber attacks to CIA-linked hacking tools

An analyst looks at code in the malware lab of a cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho

By Joseph Menn

SAN FRANCISCO (Reuters) – Past cyber attacks on scores of organizations around the world were conducted with top-secret hacking tools that were exposed recently by the Web publisher Wikileaks, the security researcher Symantec Corp said on Monday.

That means the attacks were likely conducted by the U.S. Central Intelligence Agency. The files posted by WikiLeaks appear to show internal CIA discussions of various tools for hacking into phones, computers and other electronic gear, along with programming code for some of them, and multiple people familiar with the matter have told Reuters that the documents came from the CIA or its contractors.

Symantec said it had connected at least 40 attacks in 16 countries to the tools obtained by WikiLeaks, though it followed company policy by not formally blaming the CIA.

The CIA has not confirmed the Wikileaks documents are genuine. But agency spokeswoman Heather Fritz Horniak said that any WikiLeaks disclosures aimed at damaging the intelligence community “not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm.

“It is important to note that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so,” Horniak said.

She declined to comment on the specifics of Symantec’s research.

The CIA tools described by Wikileaks do not involve mass surveillance, and all of the targets were government entities or had legitimate national security value for other reasons, Symantec researcher Eric Chien said ahead of Monday’s publication.

In part because some of the targets are U.S. allies in Europe, “there are organizations in there that people would be surprised were targets,” Chien said.

Symantec said sectors targeted by operations employing the tools included financial, telecommunications, energy, aerospace, information technology, education, and natural resources.

Besides Europe, countries were hit in the Middle East, Asia, and Africa. One computer was infected in the United States in what was likely an accident – the infection was removed within hours. All the programs were used to open back doors, collect and remove copies of files, rather than to destroy anything.

The eavesdropping tools were created at least as far back as 2011 and possibly as long ago as 2007, Chien said. He said the WikiLeaks documents are so complete that they likely encompass the CIA’s entire hacking toolkit, including many taking advantage of previously unknown flaws.

The CIA is best-known for its human intelligence sources and analysis, not vast electronic operations. For that reason, being forced to build new tools is a setback but not a catastrophe.

It could lead to awkward conversations, however, as more allies realize the Americans were spying and confront them.

Separately, a group calling itself the Shadow Brokers on Saturday released another batch of pilfered National Security Agency hacking tools, along with a blog post criticizing President Donald Trump for attacking Syria and moving away from his conservative political base.

It is unclear who is behind the Shadow Brokers or how the group obtained the files.

(Additional reporting by Jonathan Weber and Anna Driver; Editing by Matthew Lewis and Mary Milliken)

A scramble at Cisco exposes uncomfortable truths about U.S. cyber defense

The logo of Cisco is seen at Mobile World Congress in Barcelona, Spain, February 27, 2017. REUTERS/Eric Gaillard

By Joseph Menn

SAN FRANCISCO (Reuters) – When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems <CSCO.O> swung into action.

The Wikileaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco’s widely used Internet switches, which direct electronic traffic, to enable eavesdropping.

Senior Cisco managers immediately reassigned staff from other projects to figure out how the CIA hacking tricks worked, so they could help customers patch their systems and prevent criminal hackers or spies from using the same methods, three employees told Reuters on condition of anonymity.

The Cisco engineers worked around the clock for days to analyze the means of attack, create fixes, and craft a stopgap warning about a security risk affecting more than 300 different products, said the employees, who had direct knowledge of the effort.

That a major U.S. company had to rely on WikiLeaks to learn about security problems well-known to U.S. intelligence agencies underscores concerns expressed by dozens of current and former U.S. intelligence and security officials about the government’s approach to cybersecurity.

That policy overwhelmingly emphasizes offensive cyber-security capabilities over defensive measures, these people told Reuters, even as an increasing number of U.S. organizations have been hit by hacks attributed to foreign governments.

Larry Pfeiffer, a former senior director of the White House Situation Room in the Obama administration, said now that others were catching up to the United States in their cyber capabilities, “maybe it is time to take a pause and fully consider the ramifications of what we’re doing.”

U.S. intelligence agencies blamed Russia for the hack of the Democratic National Committee during the 2016 election. Nation-states are also believed to be behind the 2014 hack of Sony Pictures Entertainment and the 2015 breach of the U.S. Government’s Office of Personnel Management.

CIA spokeswoman Heather Fritz Horniak declined to comment on the Cisco case, but said it was the agency’s “job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad.”

The Office of the Director of National Intelligence, which oversees the CIA and NSA, referred questions to the White House, which declined to comment.

Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters.

President Donald Trump’s budget proposal would put about $1.5 billion into cyber-security defense at the Department of Homeland Security (DHS). Private industry and the military also spend money to protect themselves.

But the secret part of the U.S. intelligence budget alone totaled about $50 billion annually as of 2013, documents leaked by NSA contractor Edward Snowden show. Just 8 percent of that figure went toward “enhanced cyber security,” while 72 percent was dedicated to collecting strategic intelligence and fighting violent extremism.

Departing NSA Deputy Director Rick Ledgett confirmed in an interview that 90 percent of government cyber spending was on offensive efforts and agreed it was lopsided.

“It’s actually something we’re trying to address” with more appropriations in the military budget, Ledgett said. “As the cyber threat rises, the need for more and better cyber defense and information assurance is increasing as well.”

The long-standing emphasis on offense stems in part from the mission of the NSA, which has the most advanced cyber capabilities of any U.S. agency.

It is responsible for the collection of intelligence overseas and also for helping defend government systems. It mainly aids U.S. companies indirectly, by assisting other agencies.

“I absolutely think we should be placing significantly more effort on the defense, particularly in light of where we are with exponential growth in threats and capabilities and intentions,” said Debora Plunkett, who headed the NSA’s defensive mission from 2010 to 2014.

GOVERNMENT ROLE

How big a role the government should play in defending the private sector remains a matter of debate.

Former military and intelligence leaders such as ex-NSA Director Keith Alexander and former Secretary of Defense Ashton Carter say that U.S. companies and other institutions cannot be solely responsible for defending themselves against the likes of Russia, China, North Korea and Iran.

For tech companies, the government’s approach is frustrating, executives and engineers say.

Sophisticated hacking campaigns typically rely on flaws in computer products. When the NSA or CIA find such flaws, under current policies they often choose to keep them for offensive attacks, rather than tell the companies.

In the case of Cisco, the company said the CIA did not inform the company after the agency learned late last year that information about the hacking tools had been leaked.

“Cisco remains steadfast in the position that we should be notified of all vulnerabilities if they are found, so we can fix them and notify customers,” said company spokeswoman Yvonne Malmgren.

SIDE BY SIDE

A recent reorganization at the NSA, known as NSA21, eliminated the branch that was explicitly responsible for defense, the Information Assurance Directorate (IAD), the largest cyber-defense workforce in the government. Its mission has now been combined with the dominant force in the agency, signals intelligence, in a broad operations division.

Top NSA officials, including director Mike Rogers, argue that it is better to have offensive and defensive specialists working side by side. Other NSA and White House veterans contend that perfect defense is impossible and therefore more resources should be poured into penetrating enemy networks – both to head off attacks and to determine their origin.

Curtis Dukes, the last head of IAD, said in an interview after retiring last month that he feared defense would get even less attention in a structure where it does not have a leader with a direct line to the NSA director.

“It’s incumbent on the NSA to say, ‘This is an important mission’,” Dukes said. “That has not occurred.”

(Reporting by Joseph Menn in San Francisco. Additional reporting by Warren Strobel in Washington.; Editing by Jonathan Weber and Ross Colvin)

WikiLeaks offers CIA hacking tools to tech companies: Assange

WikiLeaks founder Julian Assange makes a speech from the balcony of the Ecuadorian Embassy, in central London, Britain February 5, 2016. REUTERS/Peter Nicholls/Files

By Dustin Volz and Eric Auchard

WASHINGTON/FRANKFURT (Reuters) – WikiLeaks will provide technology companies with exclusive access to CIA hacking tools that it possesses, to allow them to patch software flaws, founder Julian Assange said on Thursday.

The offer, if legitimate, could put Silicon Valley in the unusual position of deciding whether to cooperate with Assange, a man believed by some U.S. officials and lawmakers to be an untrustworthy pawn of Russian President Vladimir Putin, or a secretive U.S. spy agency.

It was not clear how WikiLeaks intended to cooperate with technology companies, or if they would accept his offer. The anti-secrecy group published documents on Tuesday describing secret Central Intelligence Agency hacking tools and snippets of computer code. It did not publish the full programs that would be needed to actually conduct cyber exploits against phones, computers and Internet-connected televisions.

Representatives of Alphabet Inc’s Google Apple Inc, Microsoft Corp <MSFT.O> and Cisco Systems Inc <CSCO.O>, all of whose wares are subject to attacks described in the documents, did not immediately respond to requests for comment before regular business hours on the U.S. West Coast.

“Considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure,” Assange said during a press conference broadcast via Facebook Live.

Responding to Assange’s comments, CIA spokesman Jonathan Liu, said in a statement, “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity.”

“Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”

The disclosures alarmed the technology world and among consumers concerned about the potential privacy implications of the cyber espionage tactics that were described.

One file described a program known as Weeping Angel that purportedly could take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

Other documents described ways to hack into Apple Inc <AAPL.O> iPhones, devices running Google’s <GOOGL.O> Android software and other gadgets in a way that could observe communications before they are protected by end-to-end encryption offered by messaging apps like Signal or WhatsApp.

Several companies have already said they are confident that their recent security updates have already accounted for the purported flaws described in the CIA documents. Apple said in a statement on Tuesday that “many of the issues” leaked had already been patched in the latest version of its operating system.

WikiLeaks’ publication of the documents reignited a debate about whether U.S. intelligence agencies should hoard serious cyber security vulnerabilities rather than share them with the public. An interagency process created under former President Barack Obama called for erring on the side of disclosure.

President Donald Trump believed changes were needed to safeguard secrets at the CIA, White House spokesman Sean Spicer told a news briefing on Thursday. “He believes that the systems at the CIA are outdated and need to be updated.”

Two U.S. intelligence and law enforcement officials told Reuters on Wednesday that intelligence agencies have been aware since the end of last year of a breach at the CIA, which led to WikiLeaks releasing thousands of pages of information on its website.

The officials, speaking on condition of anonymity, said contractors likely breached security and handed over the documents to WikiLeaks. The CIA has declined to comment on the authenticity of the documents leaked, but the officials said they believed the pages about hacking techniques used between 2013 and 2016 were authentic.

Contractors have been revealed as the source of sensitive government information leaks in recent years, most notably Edward Snowden and Harold Thomas Martin, both employed by consulting firm Booz Allen Hamilton <BAH.N> while working for the National Security Agency.

Assange said he possessed “a lot more information” about the CIA’s cyber arsenal that would be released soon. He criticized the CIA for “devastating incompetence” for not being able to control access to such sensitive material.

Nigel Farage, the former leader of the populist UK Independence Party, visited Assange at the Ecuadorean embassy in London earlier on Thursday. A representative for Farage said he was unaware what was discussed.

Assange has been holed up since 2012 at the embassy, where he fled to avoid extradition to Sweden over allegations of rape, which he denies.

(Reporting by Dustin Volz; Additional reporting by Eric Auchard in Frankfurt, Joseph Menn in San Francisco and Guy Falconbridge in London; Editing by Frances Kerry and Grant McCool)