A promise by WikiLeaks to provide big tech companies with details of hacking exploits it had received via a leak from the Central Intelligence Agency has hit a snag as the organization demanded the tech firms comply with a set of “mystery demands.”
Exactly what WikiLeaks is demanding from the likes of Google Inc., Apple Inc. and Microsoft Corp. isn’t clear. According to sources quoted by Motherboard, an email sent to tech companies included a document requesting that the companies sign off on a series of conditions before being able to receive the actual technical details to deploy patches to halt the so-called zero-day exploits, or hacks that hadn’t been encountered before.
One of the odd demands is believed to be a 90-day disclosure deadline which would compel companies to commit to issuing a patch within three months. The report claims that at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Just which tech companies are considering working with WikiLeaks is not clear either. Both Apple and Google are previously on the record stating that their products were secure for the exploits disclosed in the WikiLeaks document dump.
WikiLeaks, headed by Julian Assange (pictured), in part confirmed the story, posting to Twitter that it has “exchanged letters” with the Mozilla Foundation and have provided details to them, but they had not heard back from Google and “some other tech companies” as yet.
“They have not agreed, disagreed or questioned our industry standard responsible disclosure plan,” WikiLeaks noted. It went on to suggest that the reason companies such as Google won’t work with it is that “these lagging companies [having] conflict of interests due to their classified work for U.S. Government agencies.”
In what appeared to be a tacit threat, WikiLeaks promised to create a ranking that would compare company responsiveness and government entanglements so that “users can decide for themselves.”
While WikiLeaks plays games, Motherboard claimed, the CIA is not doing anything at all, noting that the agency has apparently made no contact with the tech companies to disclose the vulnerabilities. Given that the exploits are now compromised, there’s seemingly no reason as to why the CIA would continue to sit on them.