WASHINGTON (AP) — WikiLeaks will work with technology companies to help defend them against the CIA’s hacking tools, according to founder Julian Assange. The potential partnership may set up a conflict between Silicon Valley firms eager to protect their products and the intelligence agency.
In an online news conference, Assange acknowledged that some companies had asked for more details about the CIA cyber-espionage toolkit that he purportedly revealed in a massive information release earlier this week.
“We have decided to work with [online companies], to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” Assange said. He added that he would release the full data of the hacking tools to the public once tech firms had patched their products.
WikiLeaks has said the latest of these hacking files have been circulating among former U.S. government hackers and contractors.
Assange criticized the intelligence agency for losing control of such sensitive information, adding that all the data had been kept in one place. “This is a historic act of devastating incompetence,” he said, adding, “WikiLeaks discovered the material as a result of it being passed around.”
Assange also said the encryption measures surrounding the information pose a larger problem.
“There’s absolutely nothing to stop a random CIA officer” or even a contractor from using the technology, he said. “The technology is designed to be unaccountable, untraceable.”
The CIA has so far declined to comment directly on the authenticity of the leak, but in a statement issued Wednesday it said such releases are damaging because they equip adversaries “with tools and information to do us harm.”
“As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity,” CIA spokeswoman Heather Fritz Horniak said in response to Assange’s news conference.
“Despite the efforts of Assange and his ilk, [the] CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries,” Horniak added.
The WikiLeaks disclosures add more notoriety to a watchdog group that has already rocked American diplomacy with the release of hundreds of thousands of U.S. military logs from Iraq and Afghanistan in 2010.
The CIA would not confirm Wednesday that the material came from its files nor has it commented on whether there was any investigation underway to figure how the leak occurred. The agency has also been silent as to whether a mole lurking inside the CIA secretly sent the material to WikiLeaks or whether the CIA could have been the victim of a hack.
The intelligence-related documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features for computers, mobile phones and even smart TVs. They include the world’s most popular technology platforms, including Apple’s iPhones and iPads, Google’s Android phones and the Microsoft Windows operating system.
Security experts said WikiLeaks was obligated to work privately with technology companies and with companies that design protection software to disclose previously unknown software flaws. These flaws are known as zero-day vulnerabilities because consumers would have no time to discover how to defend themselves against their use.
“The clear move is to notify vendors,” said Chris Wysopal, co-founder and chief technology officer of Veracode Inc. “If WikiLeaks has this data then it’s likely others have this data, too. The binaries and source code that contain zero days should be shared with people who build detection and signatures for a living.”
Apple said many of its security vulnerabilities disclosed by WikiLeaks were already fixed. In a statement late Tuesday, it said its initial analysis showed that the latest version of the iOS system software for iPhones and iPads fixed many of the flaws. Apple said it will “continue work to rapidly address any identified vulnerabilities.”