Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

WikiLeaks to Share CIA Hacking Tools With Tech Firms

WikiLeaks has decided to share information on the alleged CIA hacking tools with the tech companies whose products are affected, but the White House has warned that there may be legal repercussions.

WikiLeaks has decided to share information on the alleged CIA hacking tools with the tech companies whose products are affected, but the White House has warned that there may be legal repercussions.

The Vault 7 files made public this week by WikiLeaks appear to show that the intelligence agency has had the tools and capabilities to hack a wide range of systems, including mobile and desktop devices, networking equipment, and Internet of Things (IoT) devices.

The products of several major companies are mentioned in the leaks and many of them have asked the whistleblower organization to share additional information to help them ensure that their customers are protected against possible cyberattacks.

While it has published numerous documents containing technical information, WikiLeaks initially said it would not release any actual tools or exploits “until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.”

However, WikiLeaks founder Julian Assange said in a press conference on Thursday that the decision to not release the exploits limits the ability of vendors to issue security fixes. That is why WikiLeaks has decided to share information with impacted companies.

“We have decided to work with them, to give them some exclusive access to the additional technical details we have so that fixes can be developed and pushed out so that people can be secured,” Assange said. “And then, once this material is effectively disarmed by us, by removing critical components, we will publish additional details about what has been occurring.”

It’s worth noting that WikiLeaks has launched a poll on Twitter, asking users if more details should be shared with tech companies, and 57 percent of respondents said “Yes, make people safe,” while 36 percent of respondents said “No, they’re the problem.”

Advertisement. Scroll to continue reading.

While the decision to share technical details with technology companies may be good news, White House representatives have warned about the possible legal repercussions for these firms.

“If a program or a piece of information is classified, it remains classified regardless of whether or not it is released into the public venue or not,” said White House press secretary Sean Spicer. “I would just suggest that someone consult with [the Department of Justice] regarding the legal repercussions of any individual or entity using any piece of still-classified information or technique or product that hasn’t been declassified.”

Based on the information made public by WikiLeaks, security firms and major tech companies such as Microsoft, Apple and Google have determined that many of the vulnerabilities leveraged by the alleged CIA tools don’t affect the latest versions of their products. In fact, some of the flaws were patched several years ago.

The CIA has refused to comment on the authenticity of the leaked documents, but pointed out that the agency is legally prohibited from spying on individuals in the United States.

Related: “Vault 7” Leak Shows CIA Learned From NSA Mistakes

Related: Government Contractor Indicted Over Theft of Secret Documents

Related: Required Insider Threat Program for Federal Contractors – Will It Help?

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.