GOOG Alphabet Inc

By Robert McMillan 

WikiLeaks founder Julian Assange on Thursday pledged to share with technology companies technical details of the purported Central Intelligence Agency hacking tools his organization revealed this week.

The 8,761 documents that WikiLeaks released on Tuesday described malware and other tools used to exploit a wide range of commercial products including smartphones, software and equipment from Apple Inc., Alphabet Inc.'s Google, Samsung Electronics Co., and Microsoft Corp. The documents sent companies scrambling to uncover what specific security flaws the attacks might be exploiting.

Mr. Assange's statement Thursday appeared aimed at addressing a paradox raised by WikiLeaks's previous disclosure. The organization says it promotes transparency, but by releasing only part of the information from the CIA files, it had put tech companies in the position of knowing they might have security vulnerabilities but not knowing enough to ensure they address the flaws and protect their customers.

"After considering what we think is the best way to proceed and hearing the calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details we have so that fixes can be developed and pushed out," Mr. Assange said in a news conference broadcast online.

The CIA on Thursday lashed out at Mr. Assange and WikiLeaks for disclosures the anti-secrecy group has said represents overreach by U.S. intelligence officials.

"As we've said previously, Julian Assange is not exactly a bastion of truth and integrity," CIA Spokesman Jonathan Liu said Thursday. "Despite the efforts of Assange and his ilk, [the] CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries."

WikiLeaks's offer puts the tech companies in a sticky position. Having in hand the actual code used in the purported CIA hacking tools would enable them to understand the exact holes in their products and plug them. But the prospect of working with an organization that publishes stolen government secrets raises delicate ethical, legal and public relations issues.

Apple, Google, and Samsung didn't immediately respond to requests for comment Thursday.

"We've seen Julian Assange's statement and have not yet been contacted," a Microsoft spokesman said on Thursday. "Our preferred method for anyone with knowledge of security issues, including the CIA or Wikileaks, is to submit details to us at secure@microsoft.com so we can review information and take any necessary steps to protect customers." The spokesman said that Microsoft's initial investigation of the WikiLeaks documents showed that most of the issues are dated and likely have been addressed in its latest software.

Several other companies named in the documents, including Apple and Google, on Wednesday said that their initial reviews indicated that existing software updates had already addressed many of the vulnerabilities described in the WikiLeaks documents -- but they also said their investigations were continuing.

In a blog post Wednesday, Cisco Systems Inc. said that its ability to address issues the documents raised was limited without more detail, but that once the code was released it would be able to analyze it and produce updates if necessary. That is a scenario that is likely to be repeated within the other companies whose products are covered in the WikiLeaks documents, security experts say.

Cisco on Thursday declined to comment on whether it is willing to work with Wikileaks. It said it has an established process for investigating and fixing bugs if it receives a report of a vulnerability.

WikiLeaks plans to eventually publish more details of the attacks. "Once this material is effectively disarmed by us by removing critical components, we will publish additional details of what has been occurring," Mr. Assange said Thursday.

Mr. Assange said that the need to patch these flaws is pressing, given that others might be in possession of the tools. "It is impossible to keep effective control of cyber weapons," he said. "If you build them, you will lose them."

Since Tuesday's disclosure, the CIA has declined to comment on the authenticity of the documents WikiLeaks released or the status of any investigation into the leak.

But in a statement Wednesday, the agency gave what appeared to be a justification for amassing an arsenal of high-tech hacking tools, without mentioning them or the leak.

"It is the CIA's job to be innovative, cutting-edge, and the first line of defense in protecting this country form enemies abroad," the agency said. "America deserves nothing less."

The agency also said it is legally prohibited from conducting electronic surveillance targeting Americans at home in the U.S. and doesn't do so. The CIA said Americans should be troubled by any WikiLeaks disclosure designed to damage the U.S. intelligence community's ability to protect America from adversaries.

"Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm," the CIA said.

--Shane Harris, Rachael King and Paul Sonne contributed to this article.

Write to Robert McMillan at Robert.Mcmillan@wsj.com

(END) Dow Jones Newswires

March 09, 2017 14:11 ET (19:11 GMT)

Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Mar 2024 to Apr 2024

Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Apr 2023 to Apr 2024