WikiLeaks has confirmed that it will share sensitive details that it uncovered about the CIA hacking tools with leading technology companies. This move will aid leading technology companies whose flagships were targeted by the U.S. government’s hacker-spies to improve on their technology in ensuring that they are safe from government exploitation.
The unusual corporation will give companies like Apple, Google, Microsoft, Samsung and others an opportunity to identify and repair any flaws in their software and devices that were being exploited by U.S. spy agencies and some foreign allies, as described in nearly 9,000 pages of secret CIA files WikiLeaks published on Tuesday.
The documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features for computers, mobile phones and even smart TVs. They include the world's most popular technology platforms, including Apple's iPhones and iPads, Google's Android phones and the Microsoft Windows operating system for desktop computers and laptops.
White House spokesman Sean Spicer said that this is the kind of disclosure that undermines our security, our country and our well-being, adding that the WikiLeaks alleged leak should concern every single American.
However, Spicer has always defended then-candidate Donald Trump's comment in October 2016 — "I love WikiLeaks!" — after it published during the presidential campaign private, politically damaging emails from Hillary Clinton's campaign manager. Spicer said there was a "massive, massive difference" between WikiLeaks publishing stolen, personal emails of a political figure and files about national security tools used by the CIA.
WikiLeaks has not released the actual hacking tools themselves, some of which were developed by government hackers while others were purchased from outsiders. The group indicated it was still considering its options but said in a statement Wednesday: "Tech companies are saying they need more details of CIA attack techniques to fix them faster. Should WikiLeaks work directly with them?" It wasn't clear whether WikiLeaks — a strident critic of Google and Facebook, among others — was serious about such action.
A message seeking additional details from WikiLeaks was not immediately returned, and an attempt to speak to founder Julian Assange at the Ecuadorean Embassy in London on Tuesday was rebuffed.
Security experts said WikiLeaks was obligated to work privately with technology companies to disclose previously unknown software flaws, known as zero-day vulnerabilities because consumers would have no time to discover how to defend themselves against their use, and with companies that design protection software. WikiLeaks has said the latest files apparently have been circulating among former U.S. government hackers and contractors.
One clear risk is that WikiLeaks revealed enough details to give foreign governments better opportunities to trace any of the sophisticated hacking tools they might discover back to the CIA, damaging the ability to disguise a U.S. government hacker's involvement. "That's a huge problem," said Adriel T. Desautels, the chief executive at Netragard LLC, which formerly sold zero-day exploits to governments and companies. "Our capabilities are now diminished."
Some vendors were already sifting through the disclosures to fix flaws in their software. The first confirmed patch came from Avira Operations GmbH & Co., a German antivirus vendor, which told The Associated Press it fixed what it described as "a minor vulnerability" within a few hours of the WikiLeaks release.
Apple said many of its security vulnerabilities disclosed by WikiLeaks were already fixed. In a statement, late Tuesday, it said its initial analysis showed that the latest version of the iOS system software for iPhones and iPads fixed many of those flaws. Apple said it will continue work to rapidly address any identified vulnerabilities.