Why WikiLeaks' CIA Hacking Trove Is a Boon to Putin's Russia

Vladimir Putin
Russian President Vladimir Putin attends a signing ceremony following talks with his Slovenian counterpart Borut Pahor at the Kremlin in Moscow on February 10. Alexander Zemlianichenko/Pool/Reuters

The latest trove of documents released by WikiLeaks, which purports to reveal the CIA's "entire" arsenal of hacking tools, could ultimately do as much damage to the agency's operations as the revelations of Cold War–era spies Aldrich Ames and Robert Hanssen. But the leaks have also served as a highly useful propaganda tool for Moscow.

In the wake of the WikiLeaks release, Russian state media quickly seized on a clause to argue it was the CIA, not Moscow's state-backed hackers, that was behind a series of politically damaging leaks from the Democratic Party last summer.

"It's clear that the CIA's operatives have been conducting their own covert operations while disguising themselves as so-called Russian hackers," maintains General Nikolai Kovalev, who was Vladimir Putin's predecessor as head of Russia's Federal Security Service from 1996-98. "It's like in a film—if you are caught or captured, the agency will disown all knowledge and blame the Russians."

Related: Who was behind the CIA WikiLeaks dump?

The CIA has declined to comment on the authenticity of the WikiLeaks material—but on March 8 confirmed its "mission is to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries" as America's "first line of defense." The agency added that it "is CIA's job to be innovative [and] cutting-edge...in protecting this country from enemies abroad."

Kovalev's sensational claim stems from a section of the WikiLeaks report that describes a CIA working group known as UMBRAGE that was allegedly tasked with coming up with ways to disguise U.S. cyberattacks as the work of hackers from other nation states. "With UMBRAGE and related projects, the CIA can not only increase its total number of attack types, but also misdirect attribution by leaving behind the 'fingerprints' of the groups that the attack techniques were stolen from," WikiLeaks claims in its summary—mentioning that UMBRAGE copied Russian hacking signatures.

"The whole world knows that the CIA has a multilayered plan to foment popular revolutions and coups around the world—now we see that they are systematically using Russian hackers as cover," Colonel Igor Morozov, a veteran of Russia's Foreign Intelligence Service and now a member of the Russian Senate, tells Newsweek. The latest WikiLeaks report shows "how the Americans created an entire new agency of 5,000 people—almost as big as the whole of Soviet foreign intelligence—for the purpose of creating an information attack on Russia," says Morozov.

All U.S. intelligence agencies agreed in a declassified report released in January that Russian state-backed agents were behind the hacking operations against the Democratic National Committee and Hillary Clinton campaign chairman John Podesta that culminated in a damaging leak of politically embarrassing emails to WikiLeaks just before the Democratic Convention in July 2016.

But that hasn't stopped Russian commentators, conservative media outlets and supporters of President Donald Trump from claiming the CIA (which they see as opposed to Trump), rather than Russia, could have been behind the hacks.

"The CIA has the ability to hack anybody they want and make it look like the Russians are doing it," right-wing radio talk show Rush Limbaugh told his 13 million listeners on March 7. "I'm leaning toward being near certain that this entire pretext of Trump working with the Russians to affect the outcome of the election, folks, it is so ridiculous." Trump-supporting TV pundits Ann Coulter and Sean Hannity have taken a similar line.

Yet the claims WikiLeaks makes about the CIA material it published are misleading. According to the leaked cache, UMBRAGE was indeed tasked with copying other hacker's tools and methods—but not in order to cover U.S. hackers' tracks. Instead, it was to provide a library of ready-made, tried-and-tested hacking tools that will save them from having to write their own. "The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions," notes one of the UMBRAGE documents. "Rather than building feature-rich tools...this effort focuses on developing smaller and more targeted solutions built to operational specifications."

Some of the tools copied from foreign hackers by UMBRAGE, according to the WikiLeaks trove, include a Trojan horse program known as Dark Comet that can steal keystrokes and screenshots created by a French programmer in 2011, as well as a probably Chinese-authored piece of malware known as MBR File Handle. The documents also mention RawDisk, a commercial tool designed to delete information from hard drives that was used by hackers—possibly with links to North Korea—to attack and wipe the servers of Sony Pictures in 2014. Other documents in the WikiLeaks cache indeed talk about ways that hackers can cover their tracks—but the methods don't include using "false flag" attribution to hackers of other nationalities of the kind that WikiLeaks claims in its summary. And according to Kim Zetter of The Intercept, specialists found no "documents within the WikiLeaks cache that talk about tricking forensic investigators into attributing attacks to Russia."

And yet the WikiLeaks documents have been such a propaganda boon to Russia that some American politicians—mostly Democrats—have accused Moscow of being behind the leak. On March 9, Democratic Senator Chris Murphy claimed that "this is perfectly timed coming at a moment which we seem to be getting closer and closer to understanding the true nature of the connections between the Trump campaign and the Russian government.... If you [look] at everything the Russians did during the campaign, they were all timed according to moments of weakness in the Trump operation."

The flaw in that theory, according to intelligence professionals in both the West and Russia, is that the value of the 100 million lines of code released—including what WikiLeaks describes as "malware, viruses, Trojan horses, weaponized 'zero day' [back doors to popular programs], remote control systems and associated documentation"—would be of far more use if kept confidential.

"What intelligence agency would release information of this value to the public?" says Morozov. "What's interesting [to intelligence] is to assess how information is being gathered, to evaluate the technical level of your opponent, to use this information to prepare yourself against attack."

WikiLeaks says in its own introduction that U.S. law enforcement has made "several" arrests linked to the leaks over the last few months, hinting that the material comes from multiple sources inside the agency—and suggesting that whatever security breaches might have been opened have already been plugged.

The forensics of the material show the WikiLeaks source is more likely to be "a discontented individual or individuals in the mold of [Edward] Snowden," than a Russian hacking operation, says one senior European official who deals with Russian cybersecurity issues and was not authorized to speak to the press. Snowden, a former CIA computer specialist who later worked for contractor Booz Allen Hamilton, turned over a massive cache of classified information on the U.S. government's covert data collection programs to the media in 2014—and indeed WikiLeaks claims its anonymous source leaked the classified material in order to raise "policy questions that...urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber-weapons."

The Russian media has run with that advice, seizing on parts of the report that reveal the use of smartphones and TVs as surveillance tools to stir up suspicion that all Western-made electronics are in fact spying tools. And that too is a propaganda win of sorts.

"All the technology that we use, from phones to large internet servers—they are all foreign-made," says Natalia Kasperskaya, co-founder of Kaspersky Labs internet security company. "Every one of these instruments has a potential dual use. The question is whether [foreign] intelligence services choose to use them as surveillance tools or not.... We have to come up with active measures to protect ourselves."

Editor's pick

Newsweek cover
  • Newsweek magazine delivered to your door
  • Unlimited access to Newsweek.com
  • Ad free Newsweek.com experience
  • iOS and Android app access
  • All newsletters + podcasts
Newsweek cover
  • Unlimited access to Newsweek.com
  • Ad free Newsweek.com experience
  • iOS and Android app access
  • All newsletters + podcasts