WikiLeaks Offers to Help Tech Firms Prevent CIA Hacking

WikiLeaks has offered to help the likes of Google and Apple identify the software holes used by purported CIA hacking tools, which puts the tech industry in something of a bind.

While companies have both a responsibility and financial incentive to fix problems in their software, accepting help from WikiLeaks raises legal questions, AP reported.

WikiLeaks Founder Julian Assange said on Thursday that the anti-secrecy site will help technology companies find and fix software vulnerabilities in everyday gadgets such as phones and TVs.

In an online news conference, Assange said some companies had asked for more details about the purported CIA cyber espionage toolkit that he revealed in a massive disclosure on Tuesday.

“We have decided to work with them, to give them some exclusive access to the additional technical details we have, so that fixes can be developed and pushed out,” Assange said.

The digital blueprints for what he described as “cyberweapons” would be published to the world “once this material is effectively disarmed by us”.

Any conditions WikiLeaks might set for its cooperation were not immediately known. Nor was it clear if WikiLeaks holds additional details on specific vulnerabilities, or merely the tools designed to exploit them.

Apple declined comment on the WikiLeaks offer and Google did not respond to requests for comment. Microsoft said it hopes that anyone with knowledge of software vulnerabilities would report them through the company’s usual channels.

Tech companies could run into legal difficulties in accepting the offer, especially if they have government contracts or employees with security clearances.

“The unauthorized release of classified documents does not mean it’s unclassified,” said Stewart Baker, a former official at the Department of Homeland Security and former legal counsel for the National Security Agency.

“Doing business with WikiLeaks and reviewing classified documents poses a real risk for at least their government contracting arms and their cleared employees.”

Other lawyers, however, are convinced that much of the information in the documents is so widely known that they are now part of the public domain. That means tech companies would be unlikely to face any legal liability for digging deeper with WikiLeaks.

“Alternatively, suppose tech companies don’t accept WikiLeaks’ offer to help fix any security flaws and are subsequently hacked. At that point, they could face charges of negligence, particularly in Europe where privacy laws are much stricter than in the US,” said Michael Zweiback, a former assistant US attorney and cybercrime adviser now in private practice.