WikiLeaks to help shield tech firms from CIA's hacking tools, says Assange
WikiLeaks will work with technology companies to help defend them against the CIA's hacking tools, founder Julian Assange said.
The move sets up a potential conflict between Silicon Valley firms eager to protect their products and an intelligence agency stung by the radical transparency group's disclosures.
In an online news conference, Mr Assange acknowledged that some companies had asked for more details about the CIA cyber-espionage toolkit that he purportedly revealed in a massive disclosure earlier this week.
"We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out," Mr Assange said.
Once tech firms had patched their products, he said, he would release the full data of the hacking tools to the public.
In response to Mr Assange's news conference, CIA spokeswoman Heather Fritz Horniak said: "As we've said previously, Julian Assange is not exactly a bastion of truth and integrity.
"Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries."
The CIA has so far declined to comment directly on the authenticity of the leak, but in a statement issued on Wednesday it said such releases are damaging because they equip adversaries "with tools and information to do us harm".
Mr Assange began his online news conference with a dig at the agency for losing control of its cyber-espionage arsenal, saying that all the data had been kept in one place.
"This is a historic act of devastating incompetence," he said, adding that "WikiLeaks discovered the material as a result of it being passed around".
Mr Assange said the technology was nearly impossible to keep under wraps - or under control.
"There's absolutely nothing to stop a random CIA officer" or even a contractor from using the technology, Mr Assange said.
"The technology is designed to be unaccountable, untraceable; it's designed to remove traces of its activity."
The CIA would not confirm on Wednesday that the material came from its files, although no one is doubting that it did.
The agency would not talk about whether there was any investigation under way to work out how the material ended up on the internet for all to see.
And it would not say whether it suspects that a mole lurking inside the CIA secretly spirited the material to WikiLeaks, or whether the CIA could have been the victim of a hack.
The WikiLeaks disclosures were an extraordinary coup for a group that has already rocked American diplomacy with the release of 250,000 US state department cables and embarrassed the Democratic Party with political back-channel chatter and the US military with hundreds of thousands of logs from Iraq and Afghanistan.
The intelligence-related documents describe in various levels of detail how the CIA bypasses anti-viruses, hacks into smartphones and even hijacks smart TVs.
Among the affected products are some of the world's most popular technology platforms, including Apple's iPhones and iPads, Google's Android phones and the Microsoft Windows operating system for desktop computers and laptops.
WikiLeaks has not released the actual hacking tools themselves, some of which were developed by government hackers while others were purchased from outsiders.
However, the group is now saying that it will.
If sharing were to occur, it would be an unusual alliance that would give companies such as Apple, Google, Microsoft, Samsung and others an opportunity to identify and repair any flaws in their software and devices that were being exploited by US spy agencies and some foreign allies, as described in the material.
Security experts said WikiLeaks was obligated to work privately with technology companies to disclose previously unknown software flaws, known as zero-day vulnerabilities because consumers would have no time to discover how to defend themselves against their use, and with companies that design protection software.
WikiLeaks has said the latest files have apparently been circulating among former US government hackers and contractors.
"The clear move is to notify vendors," said Chris Wysopal, co-founder and chief technology officer of Veracode.
"If WikiLeaks has this data then it's likely others have this data, too. The binaries and source code that contain zero days should be shared with people who build detection and signatures for a living."
One clear risk is that WikiLeaks revealed enough details to give foreign governments better opportunities to trace any of the sophisticated hacking tools they might discover back to the CIA, damaging the ability to disguise a US government hacker's involvement.
"That's a huge problem," said Adriel T Desautels, the chief executive at Netragard LLC, which formerly sold zero-day exploits to governments and companies.
"Our capabilities are now diminished."
Apple said many of its security vulnerabilities disclosed by WikiLeaks were already fixed.
In a statement late on Tuesday, it said its initial analysis showed that the latest version of the iOS system software for iPhones and iPads fixed many of those flaws.
Apple said it will "continue work to rapidly address any identified vulnerabilities".