WikiLeaks Says Tech Firms Slow to Co-operate on Patching

WikiLeaks Says Tech Firms Slow to Co-operate on Patching

WikiLeaks founder Julian Assange has claimed that some US tech giants affected by the recent “Vault7” leak of CIA exploits have been slow to co-operate because of a conflict of interest with their government work.

The whistleblower site made public a treasure trove of info on vulnerabilities developed by the agency to hack products and services from the likes of Microsoft, Google, Apple, WhatsApp and Cisco, as well as many non-US firms.  

Although they shone a light on shady intelligence practices, the leaks have also given black hat hackers a gold mine of info which could help them craft their own cyber-attacks against innocent users.

WikiLeaks’ editor-in-chief noted in an update over the weekend that Mozilla and others had “exchanged letters” with the non-profit and received technical details on some of the vulnerabilities – which were not made public in the initial release.

However, he claimed: “Google and some other companies have yet to respond other than to confirm receipt of our initial approach.”

Assange added that most of these “lagging companies” have a conflict of interest because they carry out sensitive work with US government agencies.

He added:

“In practice such associations limit industry staff with US security clearances from fixing holes based on leaked information from the CIA. Should such companies choose to not secure their users against CIA or NSA attacks users may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts.”

Assange signed off by warning that if such firms continue to “drag their feet”, WikiLeaks will compile and publish a league table ranking their responsiveness and “government entanglements” for users.

The organization is thought to be keen on holding the affected companies to a 90-day disclosure deadline, in the manner of Google’s own Project Zero initiative.

One organization affected by the leaks, Cisco, has already released an advisory on Friday for a bug affecting over 300 switch models.

Source: Information Security Magazine