WikiLeaks Will Share CIA's Hacking Secrets

WikiLeaks plans to share details about what it says are CIA hacking tools with the tech companies so that software fixes can be developed.

But will software companies want it?

The information WikiLeaks plans to share comes from 8,700-plus documents it says were stolen from an internal CIA server. If the data is classified, and it almost certainly is, possessing it would be a crime.

That was underlined by White House press secretary Sean Spicer, who advised tech vendors to consider the legal consequences of receiving documents from WikiLeaks.

“If a program or a piece of information is classified, it remains classified regardless of whether or not it is released into the public venue or not,” he said. “There’s a reason that we have classification levels, and that’s to protect our country and our people.”

However, his comments aren’t sitting well with some legal experts.

“The idea that the government might stand in the way of companies fixing vulnerabilities that have already been disclosed is remarkable, and reckless,” Patrick Toomey, an attorney with the American Civil Liberties Union, said in an email.

Cindy Cohn, an attorney and executive director at the Electronic Frontier Foundation said using US law to penalise vendors would be a "gross misuse."

US laws about security clearances on classified documents were never designed with software patching in mind, she said.

“It would be really wrong-headed for the government to go after these companies for simply trying to make their technologies more secure,” Cohn said. “It’s exactly the opposite of what the US government should be doing.”

To-date, the CIA hasn’t confirmed whether any of the documents published by Wikileaks are legitimate, but there is widespread belief they are.

WikiLeaks contained information on numerous exploits aimed at smartphones, PCs and software from major vendors including Apple, Google and Microsoft, but the source code for the attack tools wasn't published.

WikiLeaks founder Julian Assange said tech vendors would be given “exclusive access” to the tools, so they could learn how to better secure their products.

“WikiLeaks has a lot more information on what has been going on with the (CIA) cyber-weapons program,” Assange said.

And there's another worry: If WikiLeaks managed to get its hands on the data, it could be elsewhere too, increasing the risk that companies and consumers are being watched online.

So the US government should be helping tech vendors patch the vulnerabilities involved in the leak, said John Bambenek, manager of threat systems at Fidelis Cybersecurity.

“Right now, there’s only risk and no reward,” Bambenek said. “We need to fix that risk.”

It's unclear when WikiLeaks plans to begin sharing the information.

Vendors including Microsoft, along with the security firms Avira and Comodo, said that WikiLeaks hasn’t contacted them yet. 

“Our preferred method for anyone with knowledge of security issues, including the CIA or WikiLeaks, is to submit details to us at secure@microsoft.com,” Microsoft said in an email.  

Others such as antivirus vendor Bitdefender said they expect WikiLeaks to reach out to them probably over the following days.

“If WikiLeaks do want to reach out to us, we are always grateful for an opportunity to make our products even better,” the company said in an email.

Computerworld

The CIA Has Lost Control Of Its Cyber Weapon Documents:

CIA Silent about Wikileaks Agency Files:

WikiLeaks Dump Shines Light On US Intelligence’s Zero-Day Policy:

 

 

« Here Comes China’s Crypto-Currency
Cyber Insurance: 7 Questions To Ask »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Security Compass

Security Compass

Security Compass, the Security by Design Company, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

ZenMate

ZenMate

ZenMate is a Virtual Private Network services provider offering secure encrypted access to the internet.

Total Cyber-Sec

Total Cyber-Sec

Total Cyber-Sec is a company specialized in providing Professional Information Security and Cybersecurity Services.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

Mayhem

Mayhem

Mayhem, by ForAllSecure, is a developer-first application and API security testing solution.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Flix11

Flix11

Flix11 is a Cyber Security & ICT Solutions focused company. We provide a range of products and services in Cyber Security, Internet of Things (IoT) and infrastructure solutions.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

iSPIRAL IT Solutions

iSPIRAL IT Solutions

iSPIRAL is a leading regulatory technology software provider delivering state-of-art AML, KYC, Risk and Compliance solutions.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.

BlackSwan Technologies

BlackSwan Technologies

BlackSwan Technologies is reinventing enterprise software through Agile Intelligence for the Enterprise – a fusion of data, artificial intelligence, and cloud technologies.