Among the thousands of documents from the Central Intelligence Agency (CIA) that WikiLeaks recently posted online, a few of the classified documents detail the agency’s best practices for developing hacking tools. However, much of the information included seems to be simple common sense or outdated information.
Ars Technica posted some excerpts from the documents, including the following:
- “DO NOT leave dates/times such as compile timestamps, linker timestamps, build times, access times, etc. that correlate to general US core working hours (i.e. 8am-6pm Eastern time).”
- “DO NOT have data that contains CIA and USG cover terms, compartments, operation code names or other CIA and USG specific terminology in the binary.”
- “DO NOT have ‘dirty words’ in the binary. Dirty words, such as hacker terms, may cause unwarranted scrutiny of the binary file in question.”
- “DO NOT perform operations that will cause the target computer to be unresponsive to the user (e.g. CPU spikes, screen flashes, screen ‘freezing’, etc.”
- “DO NOT solely rely on SSL/TLS to secure data in transit.”