WikiLeaks to help shield tech firms from CIA’s hacking tools | Inquirer News

WikiLeaks to help shield tech firms from CIA’s hacking tools

/ 01:54 AM March 10, 2017

Julian Assange - Ecuadorean Embassy in London - 5 Feb 2016

In this photo, taken Feb. 5, 2016, WikiLeaks founder Julian Assange speaks from the balcony of the Ecuadorean Embassy in London. As WikiLeaks thrust itself into the heart of America’s electoral contest last year, Kristinn Hrafnsson the group’s chief spokesman tiptoed out of spotlight, stepping down from his job in a little-noticed move that leaves Julian Assange as the only public face of the radical transparency organization.. (Photo by KIRSTY WIGGLESWORTH/AP)

WASHINGTON — WikiLeaks will work with technology companies to help defend them against the CIA’s hacking tools, founder Julian Assange said Thursday. The move sets up a potential conflict between Silicon Valley firms eager to protect their products and an intelligence agency stung by the radical transparency group’s disclosures.

In an online news conference, Assange acknowledged that some companies had asked for more details about the CIA cyberespionage toolkit that he purportedly revealed in a massive disclosure earlier this week.

Article continues after this advertisement

“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” Assange said. Once tech firms had patched their products, he said, he would release the full data of the hacking tools to the public.

FEATURED STORIES

In response to Assange’s news conference, CIA spokeswoman Heather Fritz Horniak said: “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity. Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”

The CIA has so far declined to comment directly on the authenticity of the leak, but in a statement issued Wednesday it said such releases are damaging because they equip adversaries “with tools and information to do us harm.”

Article continues after this advertisement

Assange began his online press conference with a dig at the agency for losing control of its cyberespionage arsenal, saying that all the data had been kept in one place. “This is a historic act of devastating incompetence,” he said, adding that, “WikiLeaks discovered the material as a result of it being passed around.”

Article continues after this advertisement

Assange said the technology was nearly impossible to keep under wraps — or under control.

Article continues after this advertisement

“There’s absolutely nothing to stop a random CIA officer” or even a contractor from using the technology, Assange said. “The technology is designed to be unaccountable, untraceable; it’s designed to remove traces of its activity.”

The CIA wouldn’t confirm Wednesday that the material came from its files, although no one is doubting that it did. The CIA wouldn’t talk about whether there was any investigation underway to figure out how the material ended up on the internet for all to see. And the agency wouldn’t say whether it suspects that a mole lurking inside the CIA secretly spirited the material to WikiLeaks, or whether the CIA could have been the victim of a hack.

Article continues after this advertisement

The WikiLeaks disclosures were an extraordinary coup for a group that has already rocked American diplomacy with the release of 250,000 State Department cables and embarrassed the Democratic Party with political back-channel chatter and the U.S. military with hundreds of thousands of logs from Iraq and Afghanistan.

The intelligence-related documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features for computers, mobile phones and even smart TVs. They include the world’s most popular technology platforms, including Apple’s iPhones and iPads, Google’s Android phones and the Microsoft Windows operating system for desktop computers and laptops.

WikiLeaks has not released the actual hacking tools themselves, some of which were developed by government hackers while others were purchased from outsiders. However, the group is now saying that it will.

If sharing were to occur, it would be an unusual alliance that would give companies like Apple, Google, Microsoft, Samsung and others an opportunity to identify and repair any flaws in their software and devices that were being exploited by U.S. spy agencies and some foreign allies, as described in the material.

Security experts said WikiLeaks was obligated to work privately with technology companies to disclose previously unknown software flaws, known as zero-day vulnerabilities because consumers would have no time to discover how to defend themselves against their use, and with companies that design protection software. WikiLeaks has said the latest files apparently have been circulating among former U.S. government hackers and contractors.

“The clear move is to notify vendors,” said Chris Wysopal, co-founder and chief technology officer of Veracode Inc. “If WikiLeaks has this data then it’s likely others have this data, too. The binaries and source code that contain zero days should be shared with people who build detection and signatures for a living.”

One clear risk is that WikiLeaks revealed enough details to give foreign governments better opportunities to trace any of the sophisticated hacking tools they might discover back to the CIA, damaging the ability to disguise a U.S. government hacker’s involvement. “That’s a huge problem,” said Adriel T. Desautels, the chief executive at Netragard LLC, which formerly sold zero-day exploits to governments and companies. “Our capabilities are now diminished.”

Apple said many of its security vulnerabilities disclosed by WikiLeaks were already fixed. In a statement late Tuesday, it said its initial analysis showed that the latest version of the iOS system software for iPhones and iPads fixed many of those flaws. Apple said it will “continue work to rapidly address any identified vulnerabilities.” –Raphael Satter and Deb Riechmann

* * *

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Satter reported from Paris. Associated Press Michael Liedtke in San Francisco contributed to this report.

TAGS: WikiLeaks

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.