Wikileaks to give tech companies hacking tools so vulnerabilities can be patched
Technology companies are to be granted access to CIA hacking tools by Wikileaks so that they can patch the security vulnerabilities used to gain access to their systems.
Founder Julian Assange made the offer yesterday and places technology companies in the unusual position of relying on Assange, a man believed by some US officials and lawmakers to be an untrustworthy pawn of Russian President Vladimir Putin, to share cyber vulnerabilities stockpiled by a secretive US spy agency.
It was not clear how WikiLeaks intended to cooperate with the companies. The group published documents earlier this week describing secret Central Intelligence Agency hacking tools and snippets of computer code.
It did not publish the full programs that would be needed to actually conduct cyber exploits against phones, computers and Internet-connected televisions.
“Considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure,” Assange said during an online press conference from the Ecuadorean embassy in London.
Assange took refuge at the embassy in 2012 to avoid extradition to Sweden over allegations of rape, which he denies.
Microsoft and Cisco Systems, whose wares are subject to attacks described in the documents, said in response to Assange that they welcomed submissions of any vulnerabilities through normal reporting channels.
“We’ve seen Julian Assange’s statement and have not yet been contacted,” a Microsoft representative said. “Our preferred method for anyone with knowledge of security issues, including the CIA or Wikileaks, is to submit details to us at firstname.lastname@example.org so we can review information and take any necessary steps to protect customers.”
Responding to Assange, CIA spokesman Jonathan Liu, said in a statement: “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity.”
“Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”
WikiLeaks’ disclosures this week caused alarmed in the technology world and among consumers because of the potential privacy implications of the cyber-espionage tactics that were described.
One file described a program known as Weeping Angel that purportedly could take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.
Other documents described ways to hack into Apple iPhones, devices running Google’s Android software and other gadgets in a way that could observe communications before they are protected by end-to-end encryption offered by messaging apps such as Signal or WhatsApp.
Several companies have already said they are confident that their recent security updates have accounted for the purported flaws described in the CIA documents. Apple said in a statement on Tuesday that “many of the issues” leaked had already been patched in the latest version of its operating system.
WikiLeaks’ publication of the documents reignited a debate about whether US intelligence agencies should hoard serious cyber-security vulnerabilities rather than share them with the public. An inter-agency process created under former US President Barack Obama called for erring on the side of disclosure.