This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/media/2017/mar/09/wikileaks-julian-assange-help-tech-companies-cia-hacking-leak

The article has changed 4 times. There is an RSS feed of changes available.

Version 0 Version 1
WikiLeaks says it will help Silicon Valley defend against CIA hacking WikiLeaks says it will help Silicon Valley defend against CIA hacking
(35 minutes later)
WikiLeaks will work with technology companies to help defend them against the CIA’s hacking tools, founder Julian Assange said Thursday. The move sets up a potential conflict between Silicon Valley firms eager to protect their products and an intelligence agency stung by the radical transparency group’s disclosures. WikiLeaks founder Julian Assange said he would contact technology companies and privately supply technical details of the CIA’s collection of bugs in some of the world’s most commonly used smartphone software. Assange made the announcement in a live-streamed press conference on Thursday, two days after WikiLeaks published the cache of classified documents containing the bugs.
In an online news conference, Assange acknowledged that some companies had asked for more details about the CIA cyber espionage toolkit that he purportedly revealed in a massive disclosure earlier this week. Assange cast WikiLeaks as a rare trustworthy actor in a world of shadowy interests, describing his operation as “a neutral, digital Switzerland” on the heels of harsh criticism from the CIA and renewed accusations of involvement by Russian intelligence with the organization’s information-gathering apparatus.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” Assange said. Once tech firms had patched their products, he said, he would release the full data of the hacking tools to the public. Assange denied the involvement of Russian intelligence in WikiLeaks’ acquisition of its latest documents, which it calls “Vault7”, and made a point of impugning the motivations of news organizations that questioned him along those lines. “There are many question that might be asked by CNN; one that defends the interests of the CIA might be a bit problematic to ask,” Assange said when asked by CNN whether the release simply hampered the unsurprising operations of one country’s intelligence service.
In response to Assange’s news conference, CIA spokeswoman Heather Fritz Horniak said: “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity. Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.” A source told NBC News Wednesday that Russian intelligence is among the suspects in the latest round of leaks. Russian state operators were said to be “one step” removed from the emails published by WikiLeaks during Donald Trump’s presidential campaign, according to a US intelligence official who spoke to the Washington Post.
The CIA has so far declined to comment directly on the authenticity of the leak, but in a statement issued Wednesday it said such releases are damaging because they equip adversaries “with tools and information to do us harm”. The press conference was broadcast from the Ecuadorian embassy in west London, where Assange is effectively confined. Nigel Farage visited the embassy shortly before the press conference began, according to BuzzFeed, and refused to tell reporters why he was there.
Assange began his online press conference with a dig at the agency for losing control of its cyber espionage arsenal, saying that all the data had been kept in one place. “This is a historic act of devastating incompetence,” he said, adding that, “WikiLeaks discovered the material as a result of it being passed around.” Assange said the technology was nearly impossible to keep under wraps or under control. The WikiLeaks founder pointed to events revealed in a three-part report last year in the Guardian as evidence that the CIA acted outside its jurisdiction on American soil. “The CIA has a habit of behaving badly in the United States as well,” he said.
“There’s absolutely nothing to stop a random CIA officer” or even a contractor from using the technology, Assange said. “The technology is designed to be unaccountable, untraceable; it’s designed to remove traces of its activity.” “CIA was denounced by the US Senate intelligence committee because it had hacked their investigation in Congress into the CIA torture program and had used its hackers to retrieve documents,” Assange said. A domestic unit called Cyber Blue Team, essentially a white-hat group within the CIA intended to test for vulnerabilities in government networks, was asked by the CIA to break into the Senate’s own networks, according to a Freedom of Information Act (Foia) request by Vice News reporter Jason Leopold.
The CIA wouldn’t confirm Wednesday that the material came from its files, although no one is doubting that it did. The CIA wouldn’t talk about whether there was any investigation underway to figure out how the material ended up on the internet for all to see. And the agency wouldn’t say whether it suspects that a mole lurking inside the CIA secretly spirited the material to WikiLeaks, or whether the CIA could have been the victim of a hack. The CIA strongly criticized WikiLeaks in a statement issued on the agency’s website on Wednesday, saying that “CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so.”
“The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community’s ability to protect America against terrorists and other adversaries,” the agency’s spokespeople wrote. “Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm.”
The WikiLeaks disclosures were an extraordinary coup for a group that has already rocked American diplomacy with the release of 250,000 state department cables and embarrassed the Democratic party with political back-channel chatter and the US military with hundreds of thousands of logs from Iraq and Afghanistan.The WikiLeaks disclosures were an extraordinary coup for a group that has already rocked American diplomacy with the release of 250,000 state department cables and embarrassed the Democratic party with political back-channel chatter and the US military with hundreds of thousands of logs from Iraq and Afghanistan.
The intelligence-related documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features for computers, mobile phones and even smart TVs. They include the world’s most popular technology platforms, including Apple’s iPhones and iPads, Google’s Android phones and the Microsoft Windows operating system for desktop computers and laptops. The documents, classified “secret” and “top secret,” describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features for computers, mobile phones and even some Samsung smart TVs. Contrary to WikiLeaks’ assertions the company said the information dump represented all of the CIA’s hacking capabilities intelligence experts have said the released documents contain a set of tools available to many different contractors and are classified at comparatively low levels.
WikiLeaks has not released the actual hacking tools themselves, some of which were developed by government hackers while others were purchased from outsiders. However, the group is now saying that it will. The bugs, or “zero-day” exploits, so named because manufacturers have zero days to fix them, published by WikiLeaks provide workarounds for hackers seeking to break into Apple’s iOS and Google’s Android operating systems. Apple said it would “rapidly address” any security holes revealed by the list of iOS bugs in the CIA documents. The documents are said to be genuine, though the list of bugs stops well short of the current iOS release.
If sharing were to occur, it would be an unusual alliance that would give companies like Apple, Google, Microsoft, Samsung and others an opportunity to identify and repair any flaws in their software and devices that were being exploited by US spy agencies and some foreign allies, as described in the material. There are far more variations on the Android operating system and thus a much higher likelihood that some of those exploits still work. Google said in an emailed statement to the Guardian that it was confident that “security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities” and that it would continue to investigate.
WikiLeaks has not released the actual hacking tools themselves, some of which were developed by government hackers while others were purchased from outsiders. However, the group is now saying that it will once it has passed the code itself on to the affected firms.
Security experts said WikiLeaks was obligated to work privately with technology companies to disclose previously unknown software flaws, known as zero-day vulnerabilities because consumers would have no time to discover how to defend themselves against their use, and with companies that design protection software. WikiLeaks has said the latest files apparently have been circulating among former US government hackers and contractors.Security experts said WikiLeaks was obligated to work privately with technology companies to disclose previously unknown software flaws, known as zero-day vulnerabilities because consumers would have no time to discover how to defend themselves against their use, and with companies that design protection software. WikiLeaks has said the latest files apparently have been circulating among former US government hackers and contractors.
“The clear move is to notify vendors,” said Chris Wysopal, co-founder and chief technology officer of Veracode Inc. “If WikiLeaks has this data then it’s likely others have this data, too. The binaries and source code that contain zero days should be shared with people who build detection and signatures for a living.”“The clear move is to notify vendors,” said Chris Wysopal, co-founder and chief technology officer of Veracode Inc. “If WikiLeaks has this data then it’s likely others have this data, too. The binaries and source code that contain zero days should be shared with people who build detection and signatures for a living.”
One clear risk is that WikiLeaks revealed enough details to give foreign governments better opportunities to trace any of the sophisticated hacking tools they might discover back to the CIA, damaging the ability to disguise a US government hacker’s involvement. “That’s a huge problem,” said Adriel T Desautels, the chief executive at Netragard LLC, which formerly sold zero-day exploits to governments and companies. “Our capabilities are now diminished.”One clear risk is that WikiLeaks revealed enough details to give foreign governments better opportunities to trace any of the sophisticated hacking tools they might discover back to the CIA, damaging the ability to disguise a US government hacker’s involvement. “That’s a huge problem,” said Adriel T Desautels, the chief executive at Netragard LLC, which formerly sold zero-day exploits to governments and companies. “Our capabilities are now diminished.”
Apple said many of its security vulnerabilities disclosed by WikiLeaks were already fixed. In a statement late Tuesday, it said its initial analysis showed that the latest version of the iOS system software for iPhones and iPads fixed many of those flaws. Apple said it will “continue work to rapidly address any identified vulnerabilities.”