Skip to Content

Julian Assange’s Potentially Hollow Promise to Help Tech Firms Overcome CIA Hacks

Many of the problems are already fixed and technology companies may be reluctant to work with WikiLeaks—for now, at least.

A generous offer from Julian Assange to lend tech firms a hand in shoring up the security of their software in the wake of the WikiLeaks CIA data dump might not necessarily come to much.

Earlier this week, Assange’s WikiLeaks published thousands of files that are part of what it claims is the “largest ever publication of confidential documents” from the CIA. Present and former government staff say that the files appear to be genuine. We’ve already argued that the kinds of cyberweapons described in the files, and allegedly in use by the CIA, aren’t particularly revelatory from a technical perspective.

Still, they are a concern for tech companies whose hardware is compromised. That includes Samsung, whose smart TVs can apparently be repurposed as spy posts, as well as Apple and Google, whose smartphone operating systems, iOS and Android, find themselves threatened by targeted exploits that allow the CIA to gain partial remote control. WikiLeaks claims that it has source code for such attacks, though it has not yet published it.

Step forward the gallant knight Assange. “After considering what we think is the best way to proceed and hearing these calls from some of the manufacturers,” he explained during a press conference yesterday, “we have decided to work with them to give them some exclusive access to the additional technical details that we have so that fixes can be developed and pushed out, so that people can be secure.”

The technology world, it seems, is supposed to be grateful to Assange for this kindness and the fact that he’s willing to extend it despite his taste for radical transparency at all costs. But there are some problems with this promise.

First, it’s unclear why WikiLeaks didn’t simply share details of the CIA exploits with technology firms before going ahead and publishing the files. Security researchers, for instance, would typically alert companies to vulnerabilities before going public, allowing them a grace period in which to solve the problem before the news hits. Still, in WikiLeaks's defense, even opting to hold back the source code at all is an improvement on its previous "publish first, worry later" approach.

Second, a lot of the vulnerabilities listed in the files published so far are already old and fixed. Apple says that most of the flaws have already been spotted and patched in the latest version of iOS. Google says that users with the latest version of Android are protected from most of the hacks.

There’s also the fact that technology firms may not even take him up on the offer. According to the Financial Times (paywall), sources at some tech companies have decided that it might be “legally dangerous” to look at, let alone act on, the files without government permission. So even if it was useful to work with WikiLeaks, Assange’s promise may be of no practical use.

And then, of course, there’s the fact that Assange is notoriously media-savvy and the promise may be more bluster than substance. The Financial Times reports that he may be using the opportunity to sidle right into the center of an already fraught relationship between Silicon Valley and federal agencies to refresh his notoriety. Jake Williams, founder of security firm Rendition Infosec, meanwhile, is even more blunt: he told Wired that it all “sounds like pure hype.”

The situation may yet change. WikiLeaks has so far only published part of the full set of files that it claims to have in its possession, and it’s unclear how explosive the remaining tranches will be. But for now, it looks like technology companies may try to get by without his help.

(Read more: Reuters, Wired, Financial Times (paywall), "The Wikileaks CIA Stash May Prove Interesting, But Not Necessarily for the Hacks," “Transparency and Secrets”)

Keep Reading

Most Popular

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

images created by Google Imagen
images created by Google Imagen

The dark secret behind those cute AI-generated animal images

Google Brain has revealed its own image-making AI, called Imagen. But don't expect to see anything that isn't wholesome.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.