WikiLeaks offers to shield tech firms from CIA hacking tools

Julian Assange Wikileaks
Wikileaks founder Julian Assange participates via videolink a news conference marking the 10th anniversary of the secrecy-spilling group in Berlin, Tuesday, Oct. 4, 2016. (AP Photo/Markus Schreiber)

WASHINGTON (AP) — WikiLeaks will work with technology companies to help defend them against the CIA’s hacking tools, founder Julian Assange said Thursday. The move sets up a potential conflict between Silicon Valley firms eager to protect their products and an intelligence agency stung by the radical transparency group’s disclosures.

In an online news conference, Assange said some companies had asked for more details about the purported CIA cyberespionage toolkit that he revealed in a massive disclosure on Tuesday.

“We have decided to work with them, to give them some exclusive access to the additional technical details we have, so that fixes can be developed and pushed out,” Assange said. The digital blueprints for what he described as “cyberweapons” would be published to the world “once this material is effectively disarmed by us.”

The CIA did not respond directly to Assange’s offer, but it appeared to take a dim view of the announcement.

“As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity,” CIA spokeswoman Heather Fritz Horniak said, adding that the CIA’s work would continue “despite the efforts of Assange and his ilk.”

Assange had plenty of criticism for the agency himself, blasting it for having lost control of its “entire cyberweapons arsenal,” something he described as “a historic act of devastating incompetence.”

The fate of that alleged arsenal is unclear. WikiLeaks has not released the actual digital espionage tools themselves, just documentation related to them which describe in various levels of detail how the CIA bypasses anti-viruses, hacks into smartphones and even hijacks smart TVs. Assange has not explicitly said how he knows that the arsenal is circulating or even that he has a full copy.

Assange did offer some hints, suggesting that spies, former intelligence officials and contractors had been sharing the cyberespionage tools behind the CIA’s back — potentially to feed the for-profit market in spy software.

“WikiLeaks discovered the material as a result of it being passed around a number of different members of the U.S. intelligence community, out of control, in an unauthorized fashion,” Assange said. “It looks like not only is that material being spread around contractors and former American computer hackers for hire, but now may be in the black market.”

If true, that would be a serious concern for ordinary internet users because the purported CIA trove could provide a “buffet of bugs for low-end hackers to draw upon,” said Steven Bellovin, a professor of computer science at Columbia University who has long studied cybersecurity issues.

That’s already worrying senior law enforcement figures like Europol chief Rob Wainwright, who said the aftershocks of the alleged breach could go way beyond the CIA.

“There is a potential here for a much more widespread impact in the way that it might fuel an increase in cybercriminal activity,” he told The Associated Press.

Assange said the CIA breach showed that this kind of technology was nearly impossible to keep under wraps — or under control.

“The technology is designed to be unaccountable, untraceable; it’s designed to remove traces of its activity,” he said.

Whether Silicon Valley will take Assange up on his offer to help beat back that technology is uncertain. Some of the alleged CIA cyberespionage tools disclosed by WikiLeaks are obsolete, meaning that his help may not be needed in many cases.

Even in the case of live vulnerabilities it’s not clear how Assange’s gambit would be seen by major companies or how the mechanics of such a collaboration might work given the U.S. government’s hostility to WikiLeaks. Even under normal circumstances, the process of flagging software flaws to technology companies can be fraught.

Bellovin said reputable companies would seek out fixes. And another expert said it would be an “unfortunate form of hubris” if U.S. firms turned down Assange’s offer.

“I think a number of companies will welcome this gesture and work hard to develop updates or at least mitigations that may make some of these flaws harder to exploit,” said Joseph Lorenzo Hall, the chief technologist at the Washington-based Center for Democracy & Technology.

Still, Hall said that companies would doubtless be wary about dealing with the notorious ex-hacker.

“If WikiLeaks gives you a gift, you probably want to be careful with it!” he said.

___

Satter reported from Paris. Paisley Dodds in London and Michael Liedtke in San Francisco contributed to this report.

___

This story has been corrected to reflect that purported CIA tools are not aimed at “defeating encryption” but at hijacking computers.