Los Angeles Times

WikiLeaks to help tech firms prevent hackings

Radical transparen­cy group offers info for defending against CIA cyberespio­nage tools.

- associated press Times staff writers Samantha Masunaga, Paresh Dave and Brian Bennett contribute­d to this report.

WikiLeaks will work with technology companies to help defend them against the CIA’s hacking tools, WikiLeaks founder Julian Assange said Thursday. The approach sets up a potential conflict between Silicon Valley firms eager to protect their products and an agency stung by the radical transparen­cy group’s disclosure­s.

In an online news conference, Assange acknowledg­ed that some companies had asked for more details about the CIA cyberespio­nage toolkit whose existence he purportedl­y revealed in a massive leak published Tuesday.

“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” Assange said. Once tech firms had patched their products, he said, he would release the full data of the hacking tools to the public.

Assange said some of the small fixes could be issued by tech companies “potentiall­y in two to three days,” but problems that affected more critical aspects of computer codes, such as those in television­s or phones, could take a lot longer.

So far, the CIA has declined to comment directly on the authentici­ty of the leaked documents. On Thursday a CIA spokesman said Assange “is not exactly a bastion of truth and integrity” but reiterated an agency statement issued Wednesday that suggested the release had equipped adversarie­s “with tools and informatio­n to do us harm.”

Assange began his news conference with a dig at the agency for losing control of its cyberespio­nage arsenal, saying that all the data had been kept in one place.

“This is a historic act of devastatin­g incompeten­ce,” he said, adding: “WikiLeaks discovered the material as a result of it being passed around.”

Assange — who has lived in London’s Ecuadorean Embassy for years to avoid extraditio­n to Sweden for questionin­g concerning sexual assault allegation­s — said the technology was nearly impossible to keep under wraps, or under control.

“There’s absolutely nothing to stop a random CIA officer” or even a contractor from using the technology, Assange said. “The technology is designed to be unaccounta­ble, untraceabl­e; it’s designed to remove traces of its activity.”

On Tuesday, after WikiLeaks posted the documents, public advocacy groups raised questions about whether the CIA was doing enough to tell technology companies about vulnerabil­ities in their products.

Under a practice establishe­d under the Obama administra­tion, the government is to carefully weigh whether it’s better to hold onto a secret hacking technique or share it with manufactur­ers. Not disclosing it could leave U.S. systems vulnerable if adversarie­s come up with the same method.

“It’s simply a fantasy to believe that only the ‘good guys’ will be able to use these tools,” said Nathan White, senior legislativ­e manager at Silicon Valley-funded Access Now. “It is critical for government­s, law enforcemen­t, technologi­sts and civil society to have an honest conversati­on about the impact of government hacking in the digital age.”

Justin Cappos, a computer security professor in New York University’s Tandon School of Engineerin­g, said any group that had this informatio­n first — whether it was WikiLeaks or a government agency — should have worked to disclose it to tech companies before making it public.

“Now we’re in a position where a bunch of companies are scrambling to put in fixes because now their users are at risk,” he said.

The leak could also strengthen tech companies’ resolve against installing socalled backdoors into their products for the government to access.

“This should be a big wakeup call that it’s really hard for anyone, even an organizati­on with the resources of the government … to properly secure something that no one can get in and get,” Cappos said.

The documents appear to span from 2013 to early 2016. Many tactics mentioned date back years earlier.

Makers of protection software apparently defeated by CIA malware offered limited comment Tuesday, saying the issues are outdated or fixed.

Apple said in a statement Tuesday that its “initial analysis indicates that many of the issues leaked today were already” fixed in its latest mobile operating system.

“We will continue work to rapidly address any identified vulnerabil­ities,” it said.

 ?? WikiLeaks ?? JULIAN ASSANGE, WikiLeaks’ founder, says tech firms could issue small fixes for products “potentiall­y in two to three days,” but problems involving more critical aspects of computer code could take a lot longer.
WikiLeaks JULIAN ASSANGE, WikiLeaks’ founder, says tech firms could issue small fixes for products “potentiall­y in two to three days,” but problems involving more critical aspects of computer code could take a lot longer.

Newspapers in English

Newspapers from United States