Latest leaks aren’t totally redacted
by JOSEPH COX
Journalists, technologists and just those who are curious have been digging through a cache of alleged CIA files that Wikileaks published on March 7, 2017. In its announcement, Wikileaks said it had redacted CIA targets and machines used to launch attacks. The names of users in the dump are also blacked out.
But we’ve encountered several un-redacted names in the cache, including in documents related to alleged CIA exploits. We’ve been unable to confirm whether these names identify CIA officials under their real identities or they correspond to cover names or to other individuals.
Nevertheless, the news highlights a potential misstep by Wikileaks — and shows the difficulty in properly redacting large caches of files.
On one page describing part of the work by the CIA’s Engineering Development Group, several users have been redacted, replaced instead with numerical identities. The owner of the document has also been redacted, but at the bottom of the file, one full name of a user is visible.
In another page related to the EDG, several users are redacted, but a second full name is visible. Finally, the text of one document includes an un-redacted name indicating who last modified the file.
We’re not printing the names in case they do refer to, or can be used to identify, active or former CIA officials. Wikileaks didn’t respond to multiple requests for comment, asking whether publication of one of the names was intentional.
A Kaspersky analysis of the dump obtained by CyberScoop claimed that researchers were also able to partially reconstruct two malware tools using files published by Wikileaks.
The documents have highlighted some of the CIA’s alleged hacking capabilities, including using Samsung smart T.V.s to spy on unsuspecting targets, as well as the Agency’s string of iOS exploits for remotely taking over iPhones. The cache, dubbed “Year Zero” by Wikileaks, includes 8,761 documents and files, according to the transparency organization’s announcement.
The CIA declined to confirm the authenticity of the documents. “The American public should be deeply troubled by any Wikileaks disclosure designed to damage the intelligence community’s ability to protect America against terrorists and other adversaries,” the Agency stated.
Wikileaks has faced criticism before for publishing identifying and personal information in data dumps. An August 2016 investigation by the Associated Press found Wikileaks had published medical files belonging to ordinary citizens, as well as their financial records.
Originally published at Vice Motherboard.