WikiLeaks Docs Reveal CIA Coding Practices

by Developer.com Staff

Experts say these tips don't seem all that secret or all that helpful.

Among the thousands of documents from the Central Intelligence Agency (CIA) that WikiLeaks recently posted online, a few of the classified documents detail the agency's best practices for developing hacking tools. However, much of the information included seems to be simple common sense or outdated information.

Ars Technica posted some excerpts from the documents, including the following:

  • "DO NOT leave dates/times such as compile timestamps, linker timestamps, build times, access times, etc. that correlate to general US core working hours (i.e. 8am-6pm Eastern time)."
  • "DO NOT have data that contains CIA and USG cover terms, compartments, operation code names or other CIA and USG specific terminology in the binary."
  • "DO NOT have 'dirty words' in the binary. Dirty words, such as hacker terms, may cause unwarranted scrutiny of the binary file in question."
  • "DO NOT perform operations that will cause the target computer to be unresponsive to the user (e.g. CPU spikes, screen flashes, screen 'freezing', etc."
  • "DO NOT solely rely on SSL/TLS to secure data in transit."

View article

This article was originally published on Thursday Mar 9th 2017
Mobile Site | Full Site