Nicholas Weaver, a senior staff researcher at the International Computer Science Institute, has an interesting post at the Lawfare blog about how the media got duped by Wikileaks into exaggerating the story:
There are two real stories involving the CIA data dump by Wikileaks, neither of which is about the actual documents themselves. The first is that somebody managed to exfiltrate the data from the CIA in the first place, but the second still seems unappreciated: Wikileaks once again successfully hacked the media, shaping discussions into deliberately deceptive ways.
How many articles did you read about the CIA “hoarding zero days”, with “24 Android exploits”? How many breathless pieces about how the “CIA will frame others by recycling their malcode”? That the CIA is “breaking Signal”? Or that CIA can “spy on you through your Samsung TV”?
The problem, as Weaver notes is that many journalists don't have the technical background to evaluate Wikileaks claims, and they rushed to print before talking to real experts. Still, there is good news here: my Samsung TV is not spying on me.How many of those stories mentioned that most of the Android “zero days” referenced were anything but, instead documentation on old exploits for out of date devices? Or that the CIA malcode reuse is not about a “false flag” operation but instead lazyefficient programmers taking advantage of existing code? Or that the “breaking” of Signal is equivalent to saying “I broke Signal” when I look over your shoulder as you type? Or that the CIA’s TV bug requires physical access? These critical caveats change the stories completely.
Read the full post here.