Assange: WikiLeaks Will Help Tech Firms Defend Against CIA Hacking -- 2nd Update
March 09 2017 - 2:26PM
Dow Jones News
By Robert McMillan
WikiLeaks founder Julian Assange on Thursday pledged to share
with technology companies technical details of the purported
Central Intelligence Agency hacking tools his organization revealed
this week.
The 8,761 documents that WikiLeaks released on Tuesday described
malware and other tools used to exploit a wide range of commercial
products including smartphones, software and equipment from Apple
Inc., Alphabet Inc.'s Google, Samsung Electronics Co., and
Microsoft Corp. The documents sent companies scrambling to uncover
what specific security flaws the attacks might be exploiting.
Mr. Assange's statement Thursday appeared aimed at addressing a
paradox raised by WikiLeaks's previous disclosure. The organization
says it promotes transparency, but by releasing only part of the
information from the CIA files, it had put tech companies in the
position of knowing they might have security vulnerabilities but
not knowing enough to ensure they address the flaws and protect
their customers.
"After considering what we think is the best way to proceed and
hearing the calls from some of the manufacturers, we have decided
to work with them to give them some exclusive access to the
additional technical details we have so that fixes can be developed
and pushed out," Mr. Assange said in a news conference broadcast
online.
The CIA on Thursday lashed out at Mr. Assange and WikiLeaks for
disclosures the anti-secrecy group has said represents overreach by
U.S. intelligence officials.
"As we've said previously, Julian Assange is not exactly a
bastion of truth and integrity," CIA Spokesman Jonathan Liu said
Thursday. "Despite the efforts of Assange and his ilk, [the] CIA
continues to aggressively collect foreign intelligence overseas to
protect America from terrorists, hostile nation states and other
adversaries."
WikiLeaks's offer puts the tech companies in a sticky position.
Having in hand the actual code used in the purported CIA hacking
tools would enable them to understand the exact holes in their
products and plug them. But the prospect of working with an
organization that publishes stolen government secrets raises
delicate ethical, legal and public relations issues.
Apple, Google, and Samsung didn't immediately respond to
requests for comment Thursday.
"We've seen Julian Assange's statement and have not yet been
contacted," a Microsoft spokesman said on Thursday. "Our preferred
method for anyone with knowledge of security issues, including the
CIA or Wikileaks, is to submit details to us at
secure@microsoft.com so we can review information and take any
necessary steps to protect customers." The spokesman said that
Microsoft's initial investigation of the WikiLeaks documents showed
that most of the issues are dated and likely have been addressed in
its latest software.
Several other companies named in the documents, including Apple
and Google, on Wednesday said that their initial reviews indicated
that existing software updates had already addressed many of the
vulnerabilities described in the WikiLeaks documents -- but they
also said their investigations were continuing.
In a blog post Wednesday, Cisco Systems Inc. said that its
ability to address issues the documents raised was limited without
more detail, but that once the code was released it would be able
to analyze it and produce updates if necessary. That is a scenario
that is likely to be repeated within the other companies whose
products are covered in the WikiLeaks documents, security experts
say.
Cisco on Thursday declined to comment on whether it is willing
to work with Wikileaks. It said it has an established process for
investigating and fixing bugs if it receives a report of a
vulnerability.
WikiLeaks plans to eventually publish more details of the
attacks. "Once this material is effectively disarmed by us by
removing critical components, we will publish additional details of
what has been occurring," Mr. Assange said Thursday.
Mr. Assange said that the need to patch these flaws is pressing,
given that others might be in possession of the tools. "It is
impossible to keep effective control of cyber weapons," he said.
"If you build them, you will lose them."
Since Tuesday's disclosure, the CIA has declined to comment on
the authenticity of the documents WikiLeaks released or the status
of any investigation into the leak.
But in a statement Wednesday, the agency gave what appeared to
be a justification for amassing an arsenal of high-tech hacking
tools, without mentioning them or the leak.
"It is the CIA's job to be innovative, cutting-edge, and the
first line of defense in protecting this country form enemies
abroad," the agency said. "America deserves nothing less."
The agency also said it is legally prohibited from conducting
electronic surveillance targeting Americans at home in the U.S. and
doesn't do so. The CIA said Americans should be troubled by any
WikiLeaks disclosure designed to damage the U.S. intelligence
community's ability to protect America from adversaries.
"Such disclosures not only jeopardize US personnel and
operations, but also equip our adversaries with tools and
information to do us harm," the CIA said.
--Shane Harris, Rachael King and Paul Sonne contributed to this
article.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
March 09, 2017 14:11 ET (19:11 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Mar 2024 to Apr 2024
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Apr 2023 to Apr 2024