WikiLeaks has been dominating recent news when it released "Vault 7", a new series of leaks it claims came from the United States Central Intelligence Agency (CIA). WikiLeaks delared that Vault 7 "is the largest ever publication of confidential documents on the agency." Part of the series, titled "Year Zero" outlines the CIA's hacking program, and discusses "zero day" exploits. The release is totally fascinating; you may want to set aside time to read it in depth.
In response to the WikiLeaks announcement Contrast Security Co-founder and CTO, Jeff Williams, provided commentary to several news articles, including WIRED, eSecurity Planet, and CyberScoop. Below are excerpts from those articles, along with links to the full, in-depth article.
IN THE NEWS....
WIRED, by Issie Lapowsky and Lily Hay Newman
"Never accuse WikiLeaks of getting its timing wrong. Last fall, the group perfectly paced its steady drip of John Podesta’s emails to undermine Hillary Clinton’s 2016 campaign.
Now, as the capital thrums with chaos, it has unleashed a cloud of confusion that makes it hard for experts to discern the facts and easy for non-experts to see whatever they want..."
“I suspect many will be outraged by this development, and will assume that the CIA used these techniques broadly to surveil American citizens through their TVs, smartphones, computers, and other devices.”
Co-founder & CTO
Click here to read the full article, "WikiLeaks CIA Dump Gives Russian Hacking Deniers the Perfect Ammo" from WIRED.
Also, in the news...
eSecurity Planet, Jeff Goldman
WikiLeaks yesterday released the first part of what it's calling "Vault 7," a series of leaks it claims are taken from the U.S. Central Intelligence Agency. In response, Contrast Security CTO Jeff Williams said the answer isn't to focus on "cyber arms control," which he said will never work. "We need a massive increased focus on writing secure code and defending against attacks," he said. "As a nation, we are simply incapable of reliably writing code that isn’t susceptible to these attacks," Williams continued. "But it’s not impossible. It’s not even that difficult. But we have to change the incentives in the software market, which currently don’t encourage writing secure code."
CyberScoop, 3/8, Shaun Waterman
The document dump by anti-secrecy group WikiLeaks that identifies alleged CIA hacking tools has reopened a vigorous debate about whether the U.S. government should secretly stockpile cyber-weapons. Critics say the publication of source code for the CIA cyber-weapons would be a cybersecurity disaster akin to the release of anthrax from a government laboratory — and are calling for a new policy… But Contrast Security CTO Jeff Williams disagreed. “The right path forward is not to focus on ‘cyber arms control,’ which will never work,” he told CyberScoop. “We need a massive increased focus on writing secure code,” he continued. Writing secure code is “not impossible. It’s not even that difficult. But we have to change the incentives in the software market, which currently don’t encourage writing secure code.”