It’s been over a week since Wikileaks promised to hand over more information on hacking tools and tactics of the Central Intelligence Agency (CIA) to the affected tech companies, following a leak of a roughly 8,761 documents that Wikileaks claimed belonged to CIA hacking units.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” WikiLeaks’ founder Julian Assange said during a Facebook Live press conference last week.
However, it looks like the things aren’t that easier for tech companies as they look.
After days of waiting, Assange made its first contact with Apple, Microsoft, and Google this week and finally made his intentions clear – no sharing of bugs and vulnerabilities the CIA is or was allegedly taking advantage of until certain demands are met.
Multiple anonymous sources familiar with the matter told Motherboard that Assange sent an email to Apple, Google, Microsoft and other companies mentioned in the Vault 7 Leak this week and instead of reporting the bugs and exploits found in the leaked CIA documents, he made some demands.
A document included in the email listed “a series of conditions” that the tech companies need to fulfill before gaining access to the actual technical details and code of the hacking tools the anti-secrecy organization has in its possession.
Although the exact conditions are still unclear, one of the sources mentioned a 90-day disclosure deadline, which would require tech companies to issue a patch for the vulnerabilities within a three-month timeframe.
It’s also not clear if any of the affected tech companies plan to comply with Wikileaks’ demands.
While major tech companies like Apple, Google and Microsoft said that their recent security updates had already fixed the bugs mentioned in Vault 7, they would probably need to check out what WikiLeaks has in its store to ensure proper deployment of patches.
What will happen next is entirely unclear, but since the CIA has had its hacking arsenal public, the best option for the agency is to personally disclose all those loopholes and exploits to the affected companies to keep itself and its citizens safe from hackers as well as foreign government.
“WikiLeaks and the government hold all the cards here, there’s not much the tech companies can do on their own besides rabidly looking through their code to look for any issues that might be related,” one of the anonymous sources said.
Vault 7 is just the beginning of WikiLeaks’ Year Zero disclosure, as the group promised to release more from the government and intelligence agencies in coming weeks.