WikiLeaks founder Julian Assange speaks in a video made available Thursday. Assange said his group will work with technology companies to help defeat the Central Intelligence Agency’s hacking tools. (WikiLeaks via AP)

WikiLeaks to help shield tech firms from CIA’s hacking tools

By Raphael Satter and Deb Riechmann / Associated Press

WASHINGTON — WikiLeaks will work with technology companies to help defend them against the CIA’s hacking tools, founder Julian Assange said Thursday. The move sets up a potential conflict between Silicon Valley firms eager to protect their products and an intelligence agency stung by the radical transparency group’s disclosures.

In an online news conference, Assange acknowledged that some companies had asked for more details about the CIA cyberespionage toolkit that he purportedly revealed in a massive disclosure earlier this week.

“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” Assange said. Once tech firms had patched their products, he said, he would release the full data of the hacking tools to the public.

In response to Assange’s news conference, CIA spokeswoman Heather Fritz Horniak said: “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity. Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”

The CIA has so far declined to comment directly on the authenticity of the leak, but in a statement issued Wednesday it said such releases are damaging because they equip adversaries “with tools and information to do us harm.”

Assange began his online press conference with a dig at the agency for losing control of its cyberespionage arsenal, saying that all the data had been kept in one place. “This is a historic act of devastating incompetence,” he said, adding that, “WikiLeaks discovered the material as a result of it being passed around.”

Assange said the technology was nearly impossible to keep under wraps — or under control.

“There’s absolutely nothing to stop a random CIA officer” or even a contractor from using the technology, Assange said. “The technology is designed to be unaccountable, untraceable; it’s designed to remove traces of its activity.”

The CIA wouldn’t confirm Wednesday that the material came from its files, although no one is doubting that it did. The CIA wouldn’t talk about whether there was any investigation underway to figure out how the material ended up on the internet for all to see. And the agency wouldn’t say whether it suspects that a mole lurking inside the CIA secretly spirited the material to WikiLeaks, or whether the CIA could have been the victim of a hack.

The WikiLeaks disclosures were an extraordinary coup for a group that has already rocked American diplomacy with the release of 250,000 State Department cables and embarrassed the Democratic Party with political back-channel chatter and the U.S. military with hundreds of thousands of logs from Iraq and Afghanistan.

The intelligence-related documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features for computers, mobile phones and even smart TVs. They include the world’s most popular technology platforms, including Apple’s iPhones and iPads, Google’s Android phones and the Microsoft Windows operating system for desktop computers and laptops.

WikiLeaks has not released the actual hacking tools themselves, some of which were developed by government hackers while others were purchased from outsiders. However, the group is now saying that it will.

If sharing were to occur, it would be an unusual alliance that would give companies like Apple, Google, Microsoft, Samsung and others an opportunity to identify and repair any flaws in their software and devices that were being exploited by U.S. spy agencies and some foreign allies, as described in the material.

Security experts said WikiLeaks was obligated to work privately with technology companies to disclose previously unknown software flaws, known as zero-day vulnerabilities because consumers would have no time to discover how to defend themselves against their use, and with companies that design protection software. WikiLeaks has said the latest files apparently have been circulating among former U.S. government hackers and contractors.

“The clear move is to notify vendors,” said Chris Wysopal, co-founder and chief technology officer of Veracode Inc. “If WikiLeaks has this data then it’s likely others have this data, too. The binaries and source code that contain zero days should be shared with people who build detection and signatures for a living.”

One clear risk is that WikiLeaks revealed enough details to give foreign governments better opportunities to trace any of the sophisticated hacking tools they might discover back to the CIA, damaging the ability to disguise a U.S. government hacker’s involvement. “That’s a huge problem,” said Adriel T. Desautels, the chief executive at Netragard LLC, which formerly sold zero-day exploits to governments and companies. “Our capabilities are now diminished.”

Apple said many of its security vulnerabilities disclosed by WikiLeaks were already fixed. In a statement late Tuesday, it said its initial analysis showed that the latest version of the iOS system software for iPhones and iPads fixed many of those flaws. Apple said it will “continue work to rapidly address any identified vulnerabilities.”

Satter reported from Paris. Associated Press Michael Liedtke in San Francisco contributed to this report.

Talk to us

More in Local News

Snohomish County submits application for Phase Two clearance

Officials expect the state will decide “fairly quickly” whether the county is able to proceed.

County staff urges ‘no’ on Point Wells development proposal

County Hearing Examiner Peter Camp could decide the fate of the high-rise project this summer.

Young firefighter remembered for drive, smile, compassion

Marcus Carroll, 23, was a Snohomish County firefighter. His body was found Monday after a hiking trip.

Why does a left-turn signal go green when no cars are there?

A commuter noticed the anomaly at an intersection on Everett Mall Way.

Edmonds mayor removes finance director with no cause given

Scott James joined the city in 2014. He’s the third department director to leave in the past year.

Suspected impaired driver crashed with Edmonds police officer

Both the driver and officer were injured Friday night and taken to Harborview Medical Center.

Six counties have applied to move to Phase 3 of reopening

They are among the 27 counties that are in Phase 2. Twelve counties, including Snohomish, are still in Phase 1.

Watch Gov. Jay Inslee’s Wednesday news conference here

He is expected to discuss a variety of topics, including the coronavirus outbreak.

Inslee embraces peaceful demonstrators, condemns looters

The governor activated the National Guard as protests continued Monday after the killing of George Floyd.

Most Read