After publishing a trove of internal CIA documents, WikiLeaks founder Julian Assange announced last week that his organization will exclusively share the computer code for hacking tools owned by the spy agency with targeted technology firms identified in the leaked documents. As of late Monday, however, a significant number of affected companies told CyberScoop that WikiLeaks had yet to contact them.
Assange’s pledge to offer assistance to these businesses, including household names like Microsoft, Google and Cisco, comes after WikiLeaks revealed that an unnamed defense contractor had provided nearly 9,000 documents from a digital library belonging to the CIA’s Engineering Development Group — an office reportedly tasked with developing computer espionage capabilities.
More than 15 major technology vendors are mentioned in the leaked documents published last Tuesday. In some cases, an internal description for a private sector company’s technology also carries a discussion about how to compromise a product for surveillance purposes.
CyberScoop has learned that WikiLeaks has not reached out to Kaspersky Lab, Google or Trend Micro. Spokespeople for Avira, BitDefender, Avast and Comodo also said that their companies had yet to be contacted.
WikiLeaks made initial contact Monday with Microsoft via the company’s vulnerability reporting email address.
F-Secure, Panda Security, McAfee, ESET and G DATA did not respond to requests for comment, while Cisco declined to comment.
Symantec also declined to answer CyberScoop’s questions but provided the following statement:
“Based on the information contained in the Vault 7 release, to date we see no evidence of the ability to bypass or exploit vulnerabilities in Symantec products and services. In addition, we are carefully reviewing the documents and data released to identify areas where Symantec’s solutions that span the endpoint, data protection, cloud and network may be able to protect our customers and help mitigate the variety of risks included in the WikiLeaks release.”
WikiLeaks claims to have redacted a vast majority of the technical details in the document dump, titled “Day Zero,” to stop readers from independently reconstructing some of these cyber weapons. Since news broke, companies named in the release have sprinted through the library of leaked documents in hopes of better understanding their own vulnerabilities.
The CIA has yet to comment on the authenticity of the purported intelligence documents but said in a rare statement Thursday, “Julian Assange is not exactly a bastion of truth and integrity … the CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”
Information revealed by WikiLeaks suggests that the spy agency is capable of breaking into older versions of several prominent software products, including a series of Apple iPhone operating systems and popular commercial firewalls. A former U.S. intelligence officer previously told CyberScoop that some of the code names and descriptions in the data dump for the CIA’s hacking tools appear authentic.
“The majority of the antivirus-specific attack techniques disclosed by WikiLeaks last week did not originate from the CIA and is actually public information that is two years old,” said Avast Vice President Sinan Eren. “We have not been notified directly by WikiLeaks but we would welcome the chance to review any new or additional undisclosed data. We provide security services that protect more than 400 million people and businesses and depend on this level of visibility.”
Avast, Trend Micro and several other named companies said that regardless of the lack of contact so far, they are still willing to work with WikiLeaks to acquire the information.
Generally speaking, WikiLeaks’ latest publication exposed a collage of different, targeted hacking capabilities; it did not show a widespread surveillance campaign of any kind like that described in National Security Agency files taken by Edward Snowden. Experts believe the documents were likely exfiltrated in March of last year by an insider.