- The actor who played Greedo is just as confused by ‘maclunkey’ as you are Friday 4:57 PM
- AirPods are getting that sweet, sweet Black Friday price drop Friday 4:24 PM
- Looking for a Nintendo Switch? Black Friday deals are here Friday 4:04 PM
- Facebook copies Instagram with experimental ‘Popular Photos’ feature Friday 3:58 PM
- This iPhone app says it will alert you if you’ve been hacked Friday 2:43 PM
- ‘Marvel’s Hero Project’ is the wholesome content 2019 needs Friday 2:40 PM
- Get more out of VSCO with VSCO search Friday 2:09 PM
- Twitter carves out ‘cause-based’ advocacy exemption in political ads ban Friday 2:06 PM
- Disney+ accounts are being hacked—here’s how to protect yourself Friday 1:52 PM
- Instagram is hiding likes globally and searching for a ‘well-being’ product researcher Friday 1:42 PM
- ‘The Mandalorian’ opens up its mythology even further in ‘Chapter 2’ Friday 12:54 PM
- Want to buy a drone on a budget? We’ve got you covered Friday 12:51 PM
- ‘Simpsons’ writer accuses Republicans of stealing Sideshow Bob’s defense Friday 12:49 PM
- Keanu Reeves’ appearance in ‘SpongeBob Movie’ trailer quickly becomes a meme Friday 12:35 PM
- Charli XCX makes the band in Netflix’s ‘Nasty Cherry’ Friday 12:33 PM
WikiLeaks dump of CIA secrets does not show Signal has been compromised
A cache of confidential CIA records released by WikiLeaks on Tuesday led to fears that Signal was cracked. It wasn’t.
More than 8,700 documents and files were released on the transparency group’s website, the first installation in a new series of leaks WikiLeaks describes as the largest ever publication of confidential Central Intelligence Agency records.
A statement accompanying the release immediately stoked fears that the U.S. government had found a way to bypass Signal, an encryption application whose popularity was bolstered by the endorsement of Edward Snowden and rose further under the presidency of Donald Trump. WikiLeaks wrote—and the New York Times originally echoed—that the techniques disclosed allowed the CIA and allied intelligence agencies to “bypass the encryption” of Signal, in addition to WhatsApp, Telegram, and other popular privacy apps.
This vague reference sowed some confusion online over whether Signal remained a secure form of communication. To learn that Signal was no longer safe would be a tremendous blow to the privacy community, as the app is widely used by journalists, human rights advocates, anonymous government sources, and others whose lives and freedom may be endangered by an inherent flaw in Signal’s complex cryptographic protocol.
But that does not appear to be case. WikiLeaks does not state that the CIA was able to break Signal’s encryption—rather, the agency could “bypass” it by compromising the device on which the app is installed and seizing the messages before they are encrypted. Put simply, the CIA could hack individual phones, not Signal itself.
PSA: this does *not* say that the CIA can hack Signal. It says the CIA can hack phones and read anything on them. pic.twitter.com/l0iuixcqt6— Alex Abdo (@AlexanderAbdo) March 7, 2017
True: "CIA can 'bypass' Signal and other E2E apps"— dade (@0xdade) March 7, 2017
False: "Signal is broken"
True: "You should continue to use Signal"
While the specific technique the CIA uses to compromise a cellphone or laptop may be new information, the notion that messages sent through Signal could be read prior to encryption is not new information. In other words, there’s no reason—as of yet—to assume Signal is any less secure today than it was believed to be yesterday.
Nothing uncovered so far in the WikiLeaks changes the fact that messages over Signal are infinitely more secure in transit than those sent through a cellphone’s default messaging app.
WikiLeaks did not immediately respond to a request for comment about the confusion arising from its statement. The CIA has declined to comment on the release, telling reporters it will “not comment on the authenticity or content of purported intelligence documents.”
However, experts believe the release appears legitimate. Snowden—who worked for the CIA prior to his time at the NSA before leaking troves of classified documents—bolstered confidence in the legitimacy of the documents.
What makes this look real?— Edward Snowden (@Snowden) March 7, 2017
Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them.
Tuesday’s release by WikiLeaks contains 8,761 documents, a vast collection that journalists, researchers, and anyone curious about their contents have only begun to sift through. The wealth of data means more revelations are likely forthcoming.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.