We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.


Julian Assange’s Potentially Hollow Promise to Help Tech Firms Overcome CIA Hacks

Many of the problems are already fixed and technology companies may be reluctant to work with WikiLeaks—for now, at least.

A generous offer from Julian Assange to lend tech firms a hand in shoring up the security of their software in the wake of the WikiLeaks CIA data dump might not necessarily come to much.

Earlier this week, Assange’s WikiLeaks published thousands of files that are part of what it claims is the “largest ever publication of confidential documents” from the CIA. Present and former government staff say that the files appear to be genuine. We’ve already argued that the kinds of cyberweapons described in the files, and allegedly in use by the CIA, aren’t particularly revelatory from a technical perspective.

Still, they are a concern for tech companies whose hardware is compromised. That includes Samsung, whose smart TVs can apparently be repurposed as spy posts, as well as Apple and Google, whose smartphone operating systems, iOS and Android, find themselves threatened by targeted exploits that allow the CIA to gain partial remote control. WikiLeaks claims that it has source code for such attacks, though it has not yet published it.

Step forward the gallant knight Assange. “After considering what we think is the best way to proceed and hearing these calls from some of the manufacturers,” he explained during a press conference yesterday, “we have decided to work with them to give them some exclusive access to the additional technical details that we have so that fixes can be developed and pushed out, so that people can be secure.”

The technology world, it seems, is supposed to be grateful to Assange for this kindness and the fact that he’s willing to extend it despite his taste for radical transparency at all costs. But there are some problems with this promise.

First, it’s unclear why WikiLeaks didn’t simply share details of the CIA exploits with technology firms before going ahead and publishing the files. Security researchers, for instance, would typically alert companies to vulnerabilities before going public, allowing them a grace period in which to solve the problem before the news hits. Still, in WikiLeaks's defense, even opting to hold back the source code at all is an improvement on its previous "publish first, worry later" approach.

Second, a lot of the vulnerabilities listed in the files published so far are already old and fixed. Apple says that most of the flaws have already been spotted and patched in the latest version of iOS. Google says that users with the latest version of Android are protected from most of the hacks.

There’s also the fact that technology firms may not even take him up on the offer. According to the Financial Times (paywall), sources at some tech companies have decided that it might be “legally dangerous” to look at, let alone act on, the files without government permission. So even if it was useful to work with WikiLeaks, Assange’s promise may be of no practical use.

And then, of course, there’s the fact that Assange is notoriously media-savvy and the promise may be more bluster than substance. The Financial Times reports that he may be using the opportunity to sidle right into the center of an already fraught relationship between Silicon Valley and federal agencies to refresh his notoriety. Jake Williams, founder of security firm Rendition Infosec, meanwhile, is even more blunt: he told Wired that it all “sounds like pure hype.”

The situation may yet change. WikiLeaks has so far only published part of the full set of files that it claims to have in its possession, and it’s unclear how explosive the remaining tranches will be. But for now, it looks like technology companies may try to get by without his help.

(Read more: Reuters, Wired, Financial Times (paywall), "The Wikileaks CIA Stash May Prove Interesting, But Not Necessarily for the Hacks," “Transparency and Secrets”)

Keep up with the latest in security at Business of Blockchain 2019.

May 2, 2019
Cambridge, MA

Register now
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Print + All Access Digital.
  • Print + All Access Digital {! insider.prices.print_digital !}*

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivery each weekday to your inbox

    The MIT Technology Review App

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.