(Adds company responses, Sasse comment)
By Dustin Volz and Joseph Menn
WASHINGTON/SAN FRANCISCO, March 9 Wikileaks will
provide technology companies with exclusive access to CIA
hacking tools that it possesses so they can patch software
flaws, founder Julian Assange said on Thursday, presenting
Silicon Valley with a potential dilemma on how to deal with the
anti-secrecy group.
If the offer is legitimate, it would place technology
companies in the unusual position of relying on Assange, a man
believed by some U.S. officials and lawmakers to be an
untrustworthy pawn of Russian President Vladimir Putin, to share
cyber vulnerabilities stockpiled by a secretive U.S. spy agency.
It was not clear how WikiLeaks intended to cooperate with
the companies. The group published documents on Tuesday
describing secret Central Intelligence Agency hacking tools and
snippets of computer code. It did not publish the full programs
that would be needed to actually conduct cyber exploits against
phones, computers and Internet-connected televisions.
"Considering what we think is the best way to proceed and
hearing these calls from some of the manufacturers, we have
decided to work with them to give them some exclusive access to
the additional technical details that we have so that the fixes
can be developed and pushed out, so people can be secure,"
Assange said during an online press conference from the
Ecuadorean embassy in London.
Assange took refuge at the embassy in 2012 to avoid
extradition to Sweden over allegations of rape, which he denies.
Microsoft Corp and Cisco Systems Inc,
whose wares are subject to attacks described in the documents,
said in response to Assange that they welcomed submissions of
any vulnerabilities through normal reporting channels.
"We've seen Julian Assange's statement and have not yet been
contacted," a Microsoft representative said. "Our preferred
method for anyone with knowledge of security issues, including
the CIA or Wikileaks, is to submit details to us at
secure@microsoft.com so we can review information and take any
necessary steps to protect customers."
Representatives of Alphabet Inc's Google, Apple
Inc, Samsung Electronics Co Ltd and
Huawei, whose products were also featured in the CIA
catalog, did not answer requests for comment.
Responding to Assange, CIA spokesman Jonathan Liu, said in a
statement: "As we’ve said previously, Julian Assange is not
exactly a bastion of truth and integrity."
"Despite the efforts of Assange and his ilk, CIA continues
to aggressively collect foreign intelligence overseas to protect
America from terrorists, hostile nation states and other
adversaries."
WikiLeaks' disclosures this week caused alarmed in the
technology world and among consumers because of the potential
privacy implications of the cyber espionage tactics that were
described.
One file described a program known as Weeping Angel that
purportedly could take over a Samsung smart television, making
it appear it was off when in fact it was recording conversations
in the room.
Other documents described ways to hack into Apple iPhones,
devices running Google's Android software and other gadgets in a
way that could observe communications before they are protected
by end-to-end encryption offered by messaging apps like Signal
or WhatsApp.
Several companies have already said they are confident that
their recent security updates have accounted for the purported
flaws described in the CIA documents. Apple said in a statement
on Tuesday that "many of the issues" leaked had already been
patched in the latest version of its operating system.
WikiLeaks' publication of the documents reignited a debate
about whether U.S. intelligence agencies should hoard serious
cyber security vulnerabilities rather than share them with the
public. An interagency process created under former President
Barack Obama called for erring on the side of disclosure.
CIA SECURITY
President Donald Trump believes changes are needed to
safeguard secrets at the CIA, White House spokesman Sean Spicer
told a news briefing on Thursday. "He believes that the systems
at the CIA are outdated and need to be updated."
Two U.S. intelligence and law enforcement officials told
Reuters on Wednesday that intelligence agencies have been aware
since the end of last year of a breach at the CIA, which led to
WikiLeaks releasing thousands of pages of information on its
website.
The officials, speaking on condition of anonymity, said
contractors likely breached security and handed over the
documents to WikiLeaks. The CIA has declined to
comment on the authenticity of the documents leaked, but the
officials said they believed the pages about hacking techniques
used between 2013 and 2016 were authentic.
Contractors have been revealed as the source of sensitive
government information leaks in recent years, most notably
Edward Snowden and Harold Martin, both employed by consulting
firm Booz Allen Hamilton while working for the National
Security Agency.
Assange said he possessed "a lot more information" about the
CIA's cyber arsenal that would be released soon. He criticized
the CIA for "devastating incompetence" for not being able to
control access to such sensitive material, and asked whether
Obama or Trump were made aware of the breaches.
Assange's group released Democratic emails during the 2016
presidential campaign that U.S. intelligence agencies say were
hacked by Russia to try to tilt the election against Democratic
candidate Hillary Clinton. He is regarded with distaste by many
in Washington, although Trump, then the Republican candidate,
supported the group's email releases last year.
Ben Sasse, a Republican senator, said in a statement on
Thursday that Assange should "spend the rest of his life wearing
an orange jumpsuit." He is "an enemy of the American people and
an ally to Vladimir Putin" who has "has dedicated his life’s
work to endangering innocent lives, abetting despots, and
stoking a crisis of confidence in the West," Sasse said.
(Reporting by Dustin Volz; Additional reporting by Eric Auchard
in Frankfurt, Joseph Menn in San Francisco and Guy Falconbridge
in London; Editing by Grant McCool and Frances Kerry)