WikiLeaks has decided to share information on the alleged CIA hacking tools with the tech companies whose products are affected, but the White House has warned that there may be legal repercussions.
The Vault 7 files made public this week by WikiLeaks appear to show that the intelligence agency has had the tools and capabilities to hack a wide range of systems, including mobile and desktop devices, networking equipment, and Internet of Things (IoT) devices.
The products of several major companies are mentioned in the leaks and many of them have asked the whistleblower organization to share additional information to help them ensure that their customers are protected against possible cyberattacks.
While it has published numerous documents containing technical information, WikiLeaks initially said it would not release any actual tools or exploits “until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.”
However, WikiLeaks founder Julian Assange said in a press conference on Thursday that the decision to not release the exploits limits the ability of vendors to issue security fixes. That is why WikiLeaks has decided to share information with impacted companies.
“We have decided to work with them, to give them some exclusive access to the additional technical details we have so that fixes can be developed and pushed out so that people can be secured,” Assange said. “And then, once this material is effectively disarmed by us, by removing critical components, we will publish additional details about what has been occurring.”
It’s worth noting that WikiLeaks has launched a poll on Twitter, asking users if more details should be shared with tech companies, and 57 percent of respondents said “Yes, make people safe,” while 36 percent of respondents said “No, they’re the problem.”
While the decision to share technical details with technology companies may be good news, White House representatives have warned about the possible legal repercussions for these firms.
“If a program or a piece of information is classified, it remains classified regardless of whether or not it is released into the public venue or not,” said White House press secretary Sean Spicer. “I would just suggest that someone consult with [the Department of Justice] regarding the legal repercussions of any individual or entity using any piece of still-classified information or technique or product that hasn’t been declassified.”
Based on the information made public by WikiLeaks, security firms and major tech companies such as Microsoft, Apple and Google have determined that many of the vulnerabilities leveraged by the alleged CIA tools don’t affect the latest versions of their products. In fact, some of the flaws were patched several years ago.
The CIA has refused to comment on the authenticity of the leaked documents, but pointed out that the agency is legally prohibited from spying on individuals in the United States.
Related: “Vault 7” Leak Shows CIA Learned From NSA Mistakes
Related: Government Contractor Indicted Over Theft of Secret Documents
Related: Required Insider Threat Program for Federal Contractors – Will It Help?

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- NIST Publishes Final Version of 800-82r3 OT Security Guide
- Johnson Controls Hit by Ransomware
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Government Shutdown Could Bench 80% of CISA Staff
- Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
- macOS 14 Sonoma Patches 60 Vulnerabilities
- New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
