Smaller firms wait for WikiLeaks to fulfill info-sharing promise

Smaller firms wait for WikiLeaks to fulfill info-sharing promise
© Getty Images

WikiLeaks has not yet fulfilled its vow to contact all of the companies whose products were targeted by the CIA and help them repair security problems unveiled by the anti-secrecy website's "Vault 7" leaks.

WikiLeaks earlier this month published a large cache of documents, which appear to have been taken from highly secure CIA networks, describing hacking techniques used by the agency. The site redacted critical information needed to actually conduct those attacks.

While WikiLeaks has since contacted major tech sites such as Apple and Google to help them patch their weaknesses, they have not yet done so for a number of smaller firms, including Trend Micro, Avast, and Comodo, multinational companies whose products appear in the leaks.

The firms tell The Hill they have not been contacted by the site.

“We have not been notified directly by WikiLeaks but we would welcome the chance to review any new or additional undisclosed data. Our goal is to provide the best security we can to the more than 400 million people and businesses that depend on us, and would welcome any information that helps us do so,” said Avast Vice President Sinan Eren, in a statement.

The story was first reported by CyberScoop. 

ADVERTISEMENT

WikiLeaks founder Julian Assange said during a March 9 online Q-and-A the site would share the techniques the CIA used with manufacturers, "affirming our role as a digital Switzerland that helps people all over the world."

On March 16, the site tweeted "WikiLeaks has contacted Apple, Microsoft, Google, Mozilla & MicroTik to help protect users against CIA malware," which many of those companies confirmed. 

The following Saturday, WikiLeaks chided many of those companies for not accepting its help. 

"Should such companies choose to not secure their users against CIA or NSA attacks users may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts," read a screenshot statement the site tweeted.

According to CyberScoop, companies that have not been contacted also include BitDefender, and Avira. 

At least two companies, including BitDefender, told Cyberscoop they had contacted WikiLeaks to request the site's help to no avail. 

“Our research department sent weeks ago more than one time an email to WikiLeaks but without any response. As one of the vendors which are mentioned on the website, we are of course interesting about the document,” Thorsten Urbanski, head of corporate communications and government affairs at the German software firm G DATA, told CyberScoop.

This story was updated at 6:07 p.m.