WikiLeaks is ready to share information about the CIA tools so that companies close vulnerabilities

On March 8, the WikiLeaks website published the first part of a collection of classified documents by the Central Intelligence Agency of the United States, which give an idea of ​​the scale of the organization’s cyberspy work. The first archive, called Year Zero, contains information about thousands of different viruses, Trojans, zero-day vulnerabilities and other software tools. With their help, the CIA penetrates into the holy holy tech-giants of Microsoft, Apple and Google, receiving information about the proprietary technologies of these corporations and their users.

Wikileaks’s actions made a lot of noise, because Year Zero gives an awareness of how vulnerable technology corporations are to the CIA. Immediately after the publication of the documents, it was said that the hacking capabilities of the CIA even exceed the capabilities of their colleagues from the NSA. Representatives of Wikileaks said that the published - only the introduction, followed by the first archive, and others will follow. In addition, Wikileaks said they are going to provide the most famous technology companies with information that will allow them to eliminate the problems in the safety of their products, which allowed the CIA to carry out their cyber espionage work.

Julian Assange, the head of Wikileaks, said that he was contacted by representatives of companies that would like to know more details about the capabilities of the CIA, in order to eliminate any loopholes and holes in their products used by US intelligence. He also said that the Wikileaks site did not publish the main technical details about the CIA arsenal, since he himself did not want this weapon to fall into anyone else’s hands. The best way to avoid this, according to Assange, to establish direct contact with Apple, Google, Samsung and other companies. “We decided to work with them, providing exclusive access to the technical information that we have, so that they can fix the problem,” Assange said.
')
Companies, in turn, have already reported closing a number of vulnerabilities, information about which was provided by Wikileaks. The General Counsel of the Electronic Frontier Foundation claims that technology companies have no legal obstacles to prevent them from using published or otherwise provided information to fix potential vulnerabilities in their software.

A few days ago, Wikileaks representatives actually contacted technology companies, not to provide the information mentioned above, but to discuss the conditions for its transfer. "Despite the fact that the first contact was, the data was not transmitted," an anonymous source familiar to the relationship between Google, Apple, Microsoft and Wikileaks told Motherboard reporters.


First, Julian Assange sent an e-mail to technology companies with a proposal to discuss what had happened. But instead of immediately providing the necessary information to the interlocutors, Assange put forward several requirements. Namely - Wikileaks requires potential partners to sign certain conditions for the use of the data provided. What kind of conditions is not yet clear, although information about one of them leaked to the Web: companies, in exchange for data from Wikileaks, should promise to fix all the vulnerabilities that they will be aware of within three months.

But the management of the companies does not yet know what to do, because the situation has turned out to be difficult. First, there is no certainty that all the data are true. Secondly, it is not clear how the documents about the CIA toolkit came to Wikileaks. Thirdly, it is unclear how large these vulnerabilities are and whether the problem can be solved within the required three months.

In addition, there is another nuance. It may well be that the CIA, realizing that nothing more can be done, will provide data on its tools on its own. The leadership of the CIA can go for it to prevent attackers from around the world from using Wikileaks information. And this is not an unlikely opportunity. Last year, the Shadow Brokers group laid out the code for the NSA tools, after which the cybercriminals quickly used them.

So far, Wikileaks has not published the source code of the documents - but another leak could happen or the organization decides to put it all on its own. "Wikileaks and the government opened all the cards, there is not much room for maneuver of technology companies, they need to fix holes in their products," - said the source, which was discussed above.



Of all the companies mentioned in the post about their contact with Wikileaks, only Microsoft has told so far: “Wikileaks representatives contacted us at secure@microsoft.com”.

As for the CIA, the administration does not comment on possible plans or actions to work together with technology companies. So far, representatives of the organization have stated only the absence of comments regarding the authenticity of documents provided by Wikileaks or on possible searches for the source of the leak. “As we said earlier, Julian Assange is not a bastion of truth and honesty. American society must be deeply moved by the disclosure of Wikileaks documents, which limits the ability of the CIA to protect America from terrorists and other intruders, ”said a spokesman for the department.