What CIA Hacking Says About Encryption
If you haven’t been following the news this week, you missed a major story. Wikileaks has revealed that CIA actively engages in espionage. And it uses computers to do so. But for most end users and encryption advocates, this news is good.
On Tuesday, Wikileaks published a huge cache of what it says are secret CIA documents and files that reveal many of the techniques, tactics, and tools that the agency uses for offensive cyber espionage operations. The documents include detailed descriptions of some of the custom malware CIA officers use, information on zero days that the agency has discovered or purchased, and a host of other data. All in all, it’s an impressive arsenal of tools and it’s exactly the kind of kit that you would expect an intelligence agency with enormous financial and technical resources to possess.
One of the more interesting things Wikileaks claims in its release is that CIA has techniques that enable its operators to bypass the encryption of messaging apps such as Signal, Wiebo, Telegram and WhatsApp. The documents say that CIA can collect the audio and text messages from target devices before the encryption is applied. This statement understandably got a lot of attention from the media and caused immediate concern among users. If CIA can do that to secure messaging apps, then what hope is there for users?
This revelation is actually good news for users. To understand why, you have to start with the fact that CIA is not targeting the encryption used in these apps. Trying to break cryptosystems is generally a losing proposition. It’s time- and resource-intensive and there’s no guarantee of success, even for intelligence agencies. The better move is to attack the implementation of the cryptosystem, where there are often errors. The other alternative is to attack the device itself.
And that’s exactly what CIA has been doing. The agency has at its disposal exploits for a number of vulnerabilities — some of them zero days — in mobile operating systems, which give its operators the ability to compromise individual devices. Once the device is compromised, the game is over and the attacker has won. Transport encryption for messaging apps isn’t going to protect your information against a device-level compromise.
That’s bad news for the individual users targeted by this kind of attack, but for the hundreds of millions of others who use these apps on a daily basis, it is a good sign. It means that the encryption is working and is resistant to attack, so CIA and other adversaries have to find other ways to get what they’re after. As Steve Bellovin of Columbia University put it, “the existence of these hacking tools is a testimonial to the strength of the encryption. It's hard or impossible to break, so the CIA is resorting to expensive, targeted attacks.”
Not only are those attacks expensive, but they generally don’t scale. They need to be tailored for each specific device, so they take time and effort to set up and execute. On the other hand, an attack that breaks a popular cryptosystem would be catastrophic for users, as it would affect all users of that system. But that’s not what these documents show. They show CIA going to great lengths, building very expensive custom tools, and buying exploits in order to circumvent the encryption. “As far as is publicly known, the encryption is strong. Even if it it somewhat weak, modern cryptosystems don't fall in an instant; it takes a fair amount of computation to crack each instance. The CIA is hacking because that's what's left,” Bellovin said.
Hacking is what’s left because the encryption works.