Wikileaks’ Julian Assange on Thursday held a press conference on Periscope, expressing that the polarizing data dumpers want to help the world’s biggest corporations — now revealed to be selling products through which the CIA can spy on people — patch those security holes before releasing the rest of its data, apparently leaked officials in the U.S. government.
Assange said his organization would contact companies named in the “Vault 7” data dump to see how the CIA might exploit their devices, before eventually publishing on the internet the hacks that might be used by other actors in addition to the CIA. For example, Vault 7 shows how to gain access to an iPhone, which might render irrelevant any encrypted messaging apps. It also shows how the CIA could create a “fake off” mode for Samsung smart TVs that would leave the microphone turned on. Assange also drew attention to “growing automation” in the CIA’s hacking practices.
“We have quite a lot of exploits, this key attack code that we want to disarm before we think about publishing it,” Assange said in the press conference. The idea is that if the attacks are patched before they are released, then the CIA can be foiled without handing their powers to every basement hacker in the world.
When Edward Snowden released the last enormous leak of government surveillance tools to the public, much of corporate America responded to a multitude of newly revealed hacking threats by tightening its own security — but this week’s release of an enormous trove of documents detailing the CIA’s hacking tools allegedly dwarfs even the Snowden leaks in terms of sheer scale.
One thing to consider is that because Wikileaks will be in contact with these affected companies, there might be long delays before the release of information. Some fixes will be trivial, but if these tools are anything like the NSA’s roughly equivalent versions, many will also exploit the lowest-level code on the widest platforms in the world today. These are problems that could take months or even years to fully address — and since Wikileaks has confirmed that at least some of the hacks affect peripheral devices on the Internet of Things, it will almost certainly involve pushing code to all sorts of hard-to-update fridges, garage doors, and thermostats.
It’s worth noting that some companies, most notably Apple, are already assuring customers that they’re taking proactive steps the protect them from the CIA’s hacks. But Apple can only patch against the threats it knows about, and right now Apple is finding out at the very same time as Romanian hacking groups, creepy stalkers, and North Korea.
This is an intriguing change of direction for Assange and Wikileaks, to suddenly care about the impact of its releases. Assange was reportedly uncaring about the prospect of the murder of innocent Afghans, following his group’s releases of information on the Afghanistan war. He didn’t care at all about potentially harming peace processes by releasing unvarnished and totally legal diplomatic cables. He was totally callous about the prospect that he and his organization had become nothing more than a mouthpiece for Russian counter-intelligence.
But an attack on the integrity of the Internet of Things? That’s where Julian draws the line. According to Assange, Wikileaks redacted on the order of “seventy to eighty thousand” pieces of information from the first Vault 7 leak, mostly IP addresses of individuals.
This attempt to seem like a responsible player in security is likely motivated by little more than hatred for the United States. The only thing connecting this policy with Assange’s previous actions is that it will infuriate the U.S. security world — and while that’s not necessarily an inherently bad thing to want to do, it’s a far cry from wanting to help keep the world’s data secure. In reality, Wikileaks exists to do the exact opposite.