WikiLeaks will share CIA hacking details with companies, but can they use it?

The White House is reminding companies that accepting classified information is illegal

WikiLeaks plans to share details about what it says are CIA hacking tools with the tech companies so that software fixes can be developed.

But will software companies want it?

The information WikiLeaks plans to share comes from 8,700-plus documents it says were stolen from an internal CIA server. If the data is classified -- and it almost certainly is -- possessing it would be a crime.

That was underlined on Thursday by White House press secretary Sean Spicer, who advised tech vendors to consider the legal consequences of receiving documents from WikiLeaks.

“If a program or a piece of information is classified, it remains classified regardless of whether or not it is released into the public venue or not,” he said. “There’s a reason that we have classification levels, and that’s to protect our country and our people.”

However, his comments aren’t sitting well with some legal experts.

“The idea that the government might stand in the way of companies fixing vulnerabilities that have already been disclosed is remarkable -- and reckless,” Patrick Toomey, an attorney with the American Civil Liberties Union, said in an email.

Cindy Cohn, an attorney and executive director at the Electronic Frontier Foundation said using U.S. law to penalize vendors would be a "gross misuse."

U.S. laws about security clearances on classified documents were never designed with software patching in mind, she said.

“It would be really wrong-headed for the government to go after these companies for simply trying to make their technologies more secure,” Cohn said. “It’s exactly the opposite of what they (the U.S. government) should be doing.”

To-date, the CIA hasn’t confirmed whether any of the documents published by Wikileaks are legitimate, but there is widespread belief they are.

Tuesday's dump by WikiLeaks contained information on numerous exploits aimed at smartphones, PCs and software from major vendors including Apple, Google and Microsoft, but the source code for the attack tools wasn't published.

On Thursday, WikiLeaks founder Julian Assange said tech vendors would be given “exclusive access” to the tools, so they could learn how to better secure their products.

“WikiLeaks has a lot more information on what has been going on with the (CIA) cyberweapons program,” Assange said.

And there's another worry: If WikiLeaks managed to get its hands on the data, it could be elsewhere too, increasing the risk that companies and consumers are being watched online.

So the U.S. government should be helping tech vendors patch the vulnerabilities involved in the leak, said John Bambenek, manager of threat systems at Fidelis Cybersecurity.

“Right now, there’s only risk and no reward,” Bambenek said. “We need to fix that risk.”

It's unclear when WikiLeaks plans to begin sharing the information.

On Thursday, vendors including Microsoft, along with the security firms Avira and Comodo, said that WikiLeaks hasn’t contacted them yet.

“Our preferred method for anyone with knowledge of security issues, including the CIA or WikiLeaks, is to submit details to us at secure@microsoft.com,” Microsoft said in an email.

Others such as antivirus vendor Bitdefender said they expect WikiLeaks to reach out to them probably over the following days.

“If WikiLeaks do want to reach out to us, we are always grateful for an opportunity to make our products even better,” the company said in an email.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?