WikiLeaks will work with technology com-panies to help defend them against the CIA’s hacking tools, founder Julian Assange said Thursday. The move sets up a potential con-flict between Silicon Valley firms eager to protect their products and an intelligence agency stung by the radical transparency group’s disclosures.
In an online news conference, Assange ac-knowledged that some companies had asked for more details about the CIA cyberespionage toolkit that he purportedly revealed in a massive disclosure earlier this week.
“We have decided to work with them, to give them some exclu-sive access to some of the technical details we have, so that fixes can be pushed out,” As-sange said. Once tech firms had patched their products, he said, he would release the full data of the hacking tools to the public.
In response to As-sange’s news confer-ence, CIA spokes-woman Heather Fritz Horniak said: “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity. Despite the efforts of As-sange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”
The CIA has so far declined to comment di-rectly on the authenticity of the leak, but in a statement issued Wednesday it said such releases are damaging because they equip ad-versaries “with tools and information to do us harm.”
Assange began his online press conference with a dig at the agency for losing con-trol of its cyberespionage arsenal, saying that all the data had been kept in one place. “This is a historic act of devastating incom-petence,” he said, add-ing that, “WikiLeaks discovered the material as a result of it being passed around.”
Assange said the tech-nology was nearly im-possible to keep under wraps — or under con-trol.
“There’s absolutely nothing to stop a ran-dom CIA officer” or even a contractor from using the technology, Assange said. “The technology is designed to be unaccountable, untraceable; it’s de-signed to remove traces of its activity.”
The CIA wouldn’t confirm Wednesday that the material came from its files, although no one is doubting that it did. The CIA wouldn’t talk about whether there was any investigation underway to figure out how the material ended up on the internet for all to see. And the agency wouldn’t say whether it suspects that a mole lurking inside the CIA secretly spirited the material to WikiLeaks, or whether the CIA could have been the victim of a hack.
The WikiLeaks disclosures were an extraordinary coup for a group that has already rocked American diplomacy with the release of 250,000 State Department cables and em-barrassed the Democ-ratic Party with politi-cal back-channel chatter and the US military with hundreds of thou-sands of logs from Iraq and Afghanistan.
The intelligence-related documents de-scribe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features for computers, mobile phones and even smart TVs. They include the world’s most popular technology platforms, including Apple’s iPhones and iPads, Google’s Android phones and the Microsoft Windows operating system for desktop computers and laptops.
WikiLeaks has not released the actual hacking tools themselves, some of which were developed by government hackers while others were purchased from outsiders. However, the group is now saying that it will.
If sharing were to oc-cur, it would be an unusual alliance that would give companies like Apple, Google, Microsoft, Samsung and others an opportunity to identify and re-pair any flaws in their software and devices that were being exploited by US spy agencies and some foreign allies, as described in the material.
Security experts said WikiLeaks was obli-gated to work privately with technology com-panies to disclose previously unknown software flaws, known as zeroday vulnerabilities because consumers would have no time to discover how to defend themselves against their use, and with companies that design protection software. WikiLeaks has said the latest files apparently have been circulating among former U.S. government hackers and contractors.
“The clear move is to notify vendors,” said Chris Wysopal, co-founder and chief technology officer of Vera-code Inc. “If WikiLeaks has this data then it’s likely others have this data, too. The binaries and source code that con-tain zero days should be shared with people who build detection and signatures for a living.”
One clear risk is that WikiLeaks revealed enough details to give foreign governments better opportunities to trace any of the sophis-ticated hacking tools they might discover back to the CIA, damaging the ability to dis-guise a US government hacker’s involvement. “That’s a huge problem,” said Adriel T. Desautels, the chief executive at Netragard LLC, which formerly sold zero-day exploits to governments and companies. “Our capa-bilities are now dimin-ished.”
Apple said many of its security vulnerabilities disclosed by WikiLeaks were already fixed. In a statement late Tuesday, it said its initial analysis showed that the latest version of the iOS system software for iPhones and iPads fixed many of those flaws. Apple said it will “continue work to rapidly address any identified vulnerabilities.”—AP