WikiLeaks offers CIA hacking tools to tech firms
WikiLeaks will provide technology companies with exclusive access to CIA hacking tools that it possesses so they can patch software flaws, founder Julian Assange said yesterday, presenting Silicon Valley with a potential dilemma on how to deal with the anti-secrecy group.
If the offer is legitimate, it would place technology companies in the unusual position of relying on Assange, a man believed by some US officials and lawmakers to be an untrustworthy pawn of Russian president Vladimir Putin, to share cyber vulnerabilities stockpiled by a secretive US spy agency.
It was not clear how WikiLeaks intended to cooperate with the companies. The group published documents on Tuesday describing secret Central Intelligence Agency (CIA) hacking tools and snippets of computer code. It did not publish the full programs that would be needed to actually conduct cyber exploits against phones, computers and Internet-connected televisions.
"Considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure," Assange said during an online press conference from the Ecuadorean embassy in London.
Assange took refuge at the embassy in 2012 to avoid extradition to Sweden over allegations of rape, which he denies.
Microsoft and Cisco Systems, whose wares are subject to attacks described in the documents, said in response to Assange that they welcomed submissions of any vulnerabilities through normal reporting channels.
"We've seen Julian Assange's statement and have not yet been contacted," a Microsoft representative said. "Our preferred method for anyone with knowledge of security issues, including the CIA or WikiLeaks, is to submit details to us at firstname.lastname@example.org so we can review information and take any necessary steps to protect customers."
Representatives of Alphabet's Google, Apple, Samsung Electronics and Huawei, whose products were also featured in the CIA catalogue, did not answer requests for comment.
Responding to Assange, CIA spokesman Jonathan Liu said in a statement: "As we've said previously, Julian Assange is not exactly a bastion of truth and integrity.
"Despite the efforts of Assange and his ilk, the CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries."
WikiLeaks' disclosures this week caused alarmed in the technology world and among consumers because of the potential privacy implications of the cyber espionage tactics that were described.
One file described a program known as Weeping Angel that purportedly could take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.
Other documents described ways to hack into Apple iPhones, devices running Google's Android software and other gadgets in a way that could observe communications before they are protected by end-to-end encryption offered by messaging apps like Signal or WhatsApp.
Several companies have already said they are confident their recent security updates have accounted for the purported flaws described in the CIA documents. Apple said in a statement on Tuesday that "many of the issues" leaked had already been patched in the latest version of its operating system.
WikiLeaks' publication of the documents reignited a debate about whether US intelligence agencies should hoard serious cyber security vulnerabilities rather than share them with the public. An interagency process created under former president Barack Obama called for erring on the side of disclosure.
President Donald Trump believes changes are needed to safeguard secrets at the CIA, White House spokesman Sean Spicer told a news briefing yesterday. "He believes the systems at the CIA are outdated and need to be updated."
Two US intelligence and law enforcement officials told Reuters on Wednesday that intelligence agencies have been aware since the end of last year of a breach at the CIA, which led to WikiLeaks releasing thousands of pages of information on its Web site.
The officials, speaking on condition of anonymity, said contractors likely breached security and handed over the documents to WikiLeaks. The CIA has declined to comment on the authenticity of the documents leaked, but the officials said they believed the pages about hacking techniques used between 2013 and 2016 were authentic.
Contractors have been revealed as the source of sensitive government information leaks in recent years, most notably Edward Snowden and Harold Martin, both employed by consulting firm Booz Allen Hamilton while working for the National Security Agency.
Assange said he possessed "a lot more information" about the CIA's cyber arsenal that would be released soon. He criticised the CIA for "devastating incompetence" for not being able to control access to such sensitive material, and asked whether Obama or Trump were made aware of the breaches.
Assange's group released Democratic e-mails during the 2016 presidential campaign that US intelligence agencies say were hacked by Russia to try to tilt the election against Democratic candidate Hillary Clinton. He is regarded with distaste by many in Washington, although Trump, then the Republican candidate, supported the group's e-mail releases last year.
Ben Sasse, a Republican senator, said in a statement yesterday that Assange should "spend the rest of his life wearing an orange jumpsuit". He is "an enemy of the American people and an ally to Vladimir Putin" who has "dedicated his life's work to endangering innocent lives, abetting despots, and stoking a crisis of confidence in the West," Sasse said.