Edward Snowden, the former National Security Agency (NSA) analyst who exposed a global spying apparatus back in 2013, has spoken out about the recent leak of CIA documents by WikiLeaks that contained alleged internal documents on "cyberweapons".
Snowden, who spoke via video link from Russia where he now lives after fleeing the US, addressed an audience at the South by Southwest Conference (SXSW) in Austin, Texas, this week (14 March) during an interview segment with The Intercept's Jeremy Scahill.
"The most important thing here is we now have concrete evidence that the CIA, the NSA, the US government – and our partners in places like the UK – are supporting a commercial market in making every internet-connected device less secure," he said.
"They are paying companies to develop digital weapons, burglary tools, which will break into any device. And then when they create these things, the problem is [that] anybody can use them."
WikiLeaks, the notorious whistle-blowing platform founded by Julian Assange, last week released a cache of over 8,000 files said to be from inside the CIA HQ at Langley, Virginia. Law enforcement has since scrambled to contain the fallout but is yet to make any arrests.
The leak indicated the CIA had the ability to hack into operating systems including iOS and Android.
CIA smart TV hack
Many headlines focused on a Samsung smart TV hack that let the agency remotely spy on users, however security experts later criticised the leak, pointing out it was only feasible if spies had physical access to the hardware – so could not be considered a remote hack after all.
But Snowden addressed this point, explaining to SXSW that US intelligence agencies routinely circumvent this point by physically implanting malware or spyware as hardware actually travels to the customer. The NSA was previously embroiled in a similar scandal over this process.
"Any device that's connected to the internet can be hacked," Snowden said.
He added: "People go ' the CIA's not going to be breaking into my house'. That's actually true - that they don't go into your house. What they do is they wait until these devices are being shipped to you, when you order them on Amazon or whatever.
"They go to them at the airports, they get the box, they used a little hairdryer to soften the adhesive, they open up the box, and they put the USB stick in. They seal the box back up all nice and perfect, and they ship it on to you.
"And now your router, your computer, your TV is hacked. This is a very routine thing."
Snowden said this spying method is typically dependent on the target the agency wanted to surveil, but noted intercepted devices or hardware of interest may be sent to political parties or newsrooms around the world.
When the WikiLeaks CIA disclosures – dubbed Vault 7 – initially emerged Snowden called it the "first public evidence" that the US government was secretly paying to keep US software unsafe. Later, in a separate tweet, he called its actions "reckless beyond words".
The US government has not confirmed the legitimacy of the leak.
However, the CIA, in a statement published on its website, said: "It is CIA's job to be innovative, cutting-edge, and the first line of defence in protecting this country from enemies abroad. America deserves nothing less.
"The American public should be deeply troubled by any Wikileaks disclosure designed to damage the Intelligence Community's ability to protect America against terrorists and other adversaries. Such disclosures not only jeopardise US personnel and operations, but also equip our adversaries with tools and information to do us harm."
Meanwhile, Assange has reportedly approached major tech firms to offer "exclusive access" to the CIA tools so security experts can push out fixes to their customers. The US intelligence community has claimed – without evidence – that WikiLeaks has close links to the Kremlin.