X
Tech

WikiLeaks posts 'weaponized malware' for all to download

The long and sordid story of WikiLeaks takes an astonishingly irresponsible and very dangerous turn.
Written by David Gewirtz, Senior Contributing Editor
wikileaks-weaponized-malware-for-all-to-download

Sometimes when we seek to understand the impact of a digital scenario, we recast it in meatspace and describe an analogous situation. In seeking to understand the most recent (and probably most epically irresponsible) WikiLeaks posting, the meatspace analogy will come in handy.

Imagine, if you will, that a company located in Germany was doing biological warfare research, possibly under the guidance and using the funding of various allied governments.

As part of their research, the company has produced a strain of virus that's Ebola-dangerous and Ebola-virulent, that might be used by the varied governments to fulfill certain unspecified and undisclosed objectives.

But this time, WikiLeaks didn't just release documents. They posted the actual software.  

Now imagine that a group of concerned scientists discovers this research and illegally gets their hands on vials containing the biowarfare agent. Their justification in this theft is the desire to develop a defense against it, in case it is loosed upon an unsuspecting public.

At this point, you might side with the scientists. After all, biological warfare is nasty stuff, and protecting the public from exposure and harm is a laudable goal.

What if the thieves aren't biological scientists? They're violent activists. Similarly disturbed about the activities going on in the biowarfare lab, they also manage to get a sample of the deadly biological agent.

However, instead of securely and safely transporting the deadly biohazard back to a lab for safe and secure analysis leading to an antidote agent, the thieves inexplicably set up a kiosk at a local mall. And instead of securely managing the biohazard, they give out sample vials of the biohazard to anyone who wants one.

Anyone with a brain would immediately call the authorities and insist that this incredibly dangerous behavior be stopped, and that all the loose vials of biological warfare agent be rounded up and secured or destroyed.

There's your meatspace analogy. Now, let's look at what WikiLeaks is doing. WikiLeaks has released a trove of documents about a dangerous spyware program called FinFisher, produced by a German company named Gamma Group International. And no, I'm not posting a link. My reasoning will become crystal clear in a few paragraphs.

According to reporting by our own Chris Duckett, Gamma Group International has been selling FinFisher to "the police forces of the Netherlands and New South Wales, and the intelligence arms of the Hungarian, Qatari, Italian, and Bosnian governments."

So far, this seems like typical WikiLeaks fare: unpleasant, ethically questionable, and troublesome, but not directly destructive. But here's where our analogous story links up with the digital facts.

To prove the heinousness of the WikiLeaks actions, we'll quote none other than the Ecuadorian house guest that wouldn't leave, the townie from Townsville, the hedon of Sweden, star of film and YouTube, England's least-wanted man, a man probably more suited to an asylum of a different sort, the one and only Julian Assange.

According to Assange in the WikiLeaks release, "FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world."

But this time, WikiLeaks didn't just release documents. They posted the actual software. They posted not only the command and control software, but the actual infectious agents as well. WikiLeaks clearly knows how dangerous this stuff is because they state, "the following files have been renamed and compressed in password protected archives (the password is "infected"). They are weaponised malware, so handle carefully."

This is where WikiLeaks breaks new ground and goes from irresponsible and potentially illegal to something far worse. To use our analogy, rather than just releasing secret documents about the biotoxin, they've set the toxin itself free and into the wild. What sense does that make?

WikiLeaks actually posted the zip files containing the malware on their site, for anyone to download.

As I write this I find it hard to put words to madness of this behavior. Irresponsibility is far too mild. Criminal goes without saying. It's something beyond. It's releasing a weapon of destruction to anyone and everyone -- not only the terrorists and bad guys who can put it to terrifying use, but regular people with too much curiosity who have no idea how dangerous it is.

I have always considered WikiLeaks to be a troublesome entity skirting the edge of the law and civilized behavior. But posting technology the organization readily admits is "weaponized malware" to the whole world is destructive and stupid on a whole new scale.

Editorial standards