WikiLeaks Will Share CIA's Hacking Secrets

WikiLeaks plans to share details about what it says are CIA hacking tools with the tech companies so that software fixes can be developed.

But will software companies want it?

The information WikiLeaks plans to share comes from 8,700-plus documents it says were stolen from an internal CIA server. If the data is classified, and it almost certainly is, possessing it would be a crime.

That was underlined by White House press secretary Sean Spicer, who advised tech vendors to consider the legal consequences of receiving documents from WikiLeaks.

“If a program or a piece of information is classified, it remains classified regardless of whether or not it is released into the public venue or not,” he said. “There’s a reason that we have classification levels, and that’s to protect our country and our people.”

However, his comments aren’t sitting well with some legal experts.

“The idea that the government might stand in the way of companies fixing vulnerabilities that have already been disclosed is remarkable, and reckless,” Patrick Toomey, an attorney with the American Civil Liberties Union, said in an email.

Cindy Cohn, an attorney and executive director at the Electronic Frontier Foundation said using US law to penalise vendors would be a "gross misuse."

US laws about security clearances on classified documents were never designed with software patching in mind, she said.

“It would be really wrong-headed for the government to go after these companies for simply trying to make their technologies more secure,” Cohn said. “It’s exactly the opposite of what the US government should be doing.”

To-date, the CIA hasn’t confirmed whether any of the documents published by Wikileaks are legitimate, but there is widespread belief they are.

WikiLeaks contained information on numerous exploits aimed at smartphones, PCs and software from major vendors including Apple, Google and Microsoft, but the source code for the attack tools wasn't published.

WikiLeaks founder Julian Assange said tech vendors would be given “exclusive access” to the tools, so they could learn how to better secure their products.

“WikiLeaks has a lot more information on what has been going on with the (CIA) cyber-weapons program,” Assange said.

And there's another worry: If WikiLeaks managed to get its hands on the data, it could be elsewhere too, increasing the risk that companies and consumers are being watched online.

So the US government should be helping tech vendors patch the vulnerabilities involved in the leak, said John Bambenek, manager of threat systems at Fidelis Cybersecurity.

“Right now, there’s only risk and no reward,” Bambenek said. “We need to fix that risk.”

It's unclear when WikiLeaks plans to begin sharing the information.

Vendors including Microsoft, along with the security firms Avira and Comodo, said that WikiLeaks hasn’t contacted them yet. 

“Our preferred method for anyone with knowledge of security issues, including the CIA or WikiLeaks, is to submit details to us at secure@microsoft.com,” Microsoft said in an email.  

Others such as antivirus vendor Bitdefender said they expect WikiLeaks to reach out to them probably over the following days.

“If WikiLeaks do want to reach out to us, we are always grateful for an opportunity to make our products even better,” the company said in an email.

Computerworld

The CIA Has Lost Control Of Its Cyber Weapon Documents:

CIA Silent about Wikileaks Agency Files:

WikiLeaks Dump Shines Light On US Intelligence’s Zero-Day Policy:

 

 

« Here Comes China’s Crypto-Currency
Cyber Insurance: 7 Questions To Ask »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

Security Brigade

Security Brigade

Security Brigade is an information security firm specializing in Penetration Testing, Vulnerability Assessment, Web-application Security and Source Code Security Audit.

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Kindus

Kindus

Kindus is an IT security, assurance and cyber security risk management consultancy.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

Kubus Hitam

Kubus Hitam

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

Auraya

Auraya

Auraya develops its next generation voice biometric AI to deliver easy-to-use and highly secure speaker recognition and fraud detection capabilities.