The FBI has begun preparing for a major mole hunt to determine how anti-secrecy group WikiLeaks got an alleged arsenal of hacking tools the CIA has used to spy on espionage targets, according to people familiar with the matter.
The leak rattled government and technology industry officials, who spent Tuesday scrambling to determine the accuracy and scope of the thousands of documents released by the group. They were also trying to assess the damage the revelations may cause, and what damage may come from future releases promised by WikiLeaks, these people said.
It was all a familiar scenario for a government that has repeatedly seen sensitive information compromised in recent years.
In the wake of revelations from Army private Chelsea Manning and former National Security Agency contractor Edward Snowden, officials sought to tighten security procedures, and federal agents came under greater pressure to find and prevent secrets from spilling out of the government.
But cracks keep appearing in the system. Last year, the FBI arrested Harold Martin, an NSA contractor who took home documents detailing some of the agency’s most sensitive offensive cyberweapons. Some of those files later appeared online, although investigators are still trying to determine Martin’s role, if any, in that part of the case.
He has pleaded not guilty to charges that he violated the Espionage Act. Officials call the Martin case the largest theft of classified information in U.S. history.
Now, less than a year after the Martin case, U.S. intelligence agencies are rushing to determine whether they again have suffered an embarrassing compromise at the hands of one of their own.
“Anybody who thinks that the Manning and Snowden problems were one-offs is just dead wrong,” said Joel Brenner, former head of U.S. counterintelligence at the office of the Director of National Intelligence. “Ben Franklin said three people can keep a secret if two of them are dead. If secrets are shared on systems in which thousands of people have access to them, that may really not be a secret anymore. This problem is not going away, and it’s a condition of our existence.”
In Silicon Valley, industry figures said they received no heads-up from the government or the hacking community that such a move by WikiLeaks was in the works. By midday Tuesday, industry officials said they still had not heard from the FBI.
It wasn’t immediately clear if the CIAhad sent a crimes report to the Justice Department – a formal mechanism alerting law enforcement of a potentially damaging and illegal national security leak. Such a report would offer the FBI a road map for where to begin investigating, and whom to question.
The FBI and CIA both declined to comment.
Once investigators verify the accuracy of the WikiLeaks documents, a key question to answer is who had access to the information, according to veterans of past leak probes. The FBI has spent years investigating WikiLeaks, and authorities are eager to figure out whether it hasrecruited a new, well-placed source from the U.S. government.
In releasing thousands of pages of documents, WikiLeaks indicated that its source was a former government employee or contractor.
“This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA,” WikiLeaks said in announcing the first release of documents. “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
One former intelligence official said if that claim is accurate, “there’s going to be another major mole hunt . . . If this is all correct, it’s a big deal.”
A key distinction for investigators will be whether WikiLeaks reveals the actual computer code – or enough details about such code – that others can develop and deploy some of the hacking tools, according to current and former officials.
The security failures highlighted by damaging leaks from Snowden and Manning have proven difficult to address.
Manning was arrested in Iraq in May 2010 after transmitting documents to WikiLeaks that came to be known as the Iraq and Afghanistan “War Logs.” She also leaked a video showing a U.S. Apache helicopter in Baghdad opening fire on a group of people that the crew thought wereinsurgents. Among the dead were two journalists who worked for Reuters. She also leaked documents pertaining to Guantanamo Bay prisoners, as well as 250,000 State Department cables.
In response to the Manning case, the Obama administration created the National Insider Threat Task Force, designed to teach and train government workers and contractors to spot potential leakers.
Manning, formerly known as Bradley Manning, came out as transgender after her 2013 conviction. In the waning days of his presidency, Barack Obama commuted her 35-year prison sentence, and she is due to be released in coming months.
The post-Manning efforts did not stop Snowden from taking reams of data about sensitive bulk intelligence collection in 2013 and giving the material to reporters. Those revelations, including a court document showing how the government gathered Americans’ phone records, sparked years of political debate about privacy and government surveillance in the digital age.
Snowden has remained out of reach of the U.S. government, living in Russia.
Brenner, the former counterintelligence official, said the net effect of the new leaks could be “very dangerous to us, because they “accelerate the leveling of the playing field between the United States and its adversaries in cyberspace.”
The bigger lesson of the newest leak, Brenner argued, is that U.S. pursuit of dominance in cyberspace may actually be destabilizing over the long run. “That is a very unsettling debate for our military and our intelligence services, but I think it’s coming,” he said.
Snowden also weighed in regarding the alleged CIA documents, tweeting: “What @Wikileaks has here is genuinely a big deal. Looks authentic.”
(c) 2017, The Washington Post · Devlin Barrett