5 Astonishing Revelations From Wikileaks Vault 7 Release

Well, the good news: a Confluence page exists to inform CIA software engineers not to put binary files in their git repos. The bad news? They put binary files in their git repos! OMG. Images? Yuck. Word documents? Wat. PDFs? Please, no! SDKs. You’re kidding.

2. The CIA uses Confluence to store code!

“You should put source files in Stash!” says embarrassed [User #524297]. Correct! You shouldn’t be storing code inside a documentation tool, folks. Let’s put this stuff in version control where we can code review our work!

3. The CIA doesn’t code review!

How many datas and idxs does it take to make a url. So much sad panda here:

data = self.request.recv(65536).strip()

data = fff.dcode(data)

idx = data.index(“\n”)

headers = data[idx+1:]

domain = data[1:51].strip()

port = data[51:61].strip()

data = data[62:].strip()

idx = data.index(‘ ‘)

operation = data[0:idx].strip()

data = data[idx+1:]

idx = data.index(‘ ‘)

url = data[0:idx].strip()

4. The CIA doesn’t escalate when blocked. :(

The CIA software engineers take their roles as secret-keepers extremely seriously. They take it so seriously they keep it a secret when they are blocked from completing their work. And, there’s also a note about product intent drifting based on decisions made by the engineers but I’m going to move on….

5. The CIA documents its problem solving patterns and uses “techniques” to do it!

Switching gears, this one is actually pretty awesome and I’d love to learn more. When creating a brand new confluence page for a project, they default to include a “technique” section on each page. Each of these techniques links out to pages describing patterns others have used to solve similar problems. It’s essentially an attempt at creating building blocks of patterns so that others can use these to solve future problems.

But again, put this code in Stash. Get it off Confluence, CIA! You can do better! I believe in you!

--

--