We’ve been asked numerous questions about WikiLeaks’ March 7th CIA document dump.
No. Spies spy. And that spies use hacking tools… is expected. (“Q” does cyber these days.)
The CIA’s developers would probably need to retool anyway. OS’s get major updates annually. There’s always churn, and thus, tools to be rebuilt or created anew. A vulnerability analyst and exploit developer is always busy.
The documents appear to have come from an internal wiki of some sort. They look like notes written by a developer.
A (very plausible) theory we’ve heard: former Booz Allen Hamilton contractor Harold Martin’s cache of documents.
Don’t know, ask them. (Not sure we care.) Sounds cool though.
Very seriously. Investigations began immediately. Notes don’t equal a good bug report however, so it will take time to be thorough.
Via our own bug bounty program.
A fact of life: all software has bugs. End-point protection software is a popular target of university researchers. And that’s a good thing, bug hunting makes for better software.
Cyber security companies are frequently asked if they add backdoors to their products for the benefit of law enforcement and/or nation states. We think these documents conclusively dispel that theory (at least on our part). As you can see, nation state adversaries need to make an effort to bypass our products, just like cyber criminals.