Vault 8: Wikileaks publishes sourcecode from last spring’s CIA Vault 7 cyberweapons leak
In March, Wikileaks published the Vault 7 leaks, a cache of CIA cyberweapons created under the doctrine of “NOBUS” (“No One But Us”), in which security agencies suppress the publication of bugs in widely used software, choosing instead to develop attack-tools that exploit these bugs, on the assumption that no one else will ever discover those bugs and use them to attack the people they’re charged with defending.
Though Wikileaks shared the sourcecode for these weapons with a few select tech giants shortly after the initial leak publication, they withheld it from wider publication until now.
The Vault 8 leaks are a trove of sourcecode and analysis of the Vault 7 weapons, presented to “enable investigative journalists, forensic experts, and the general public to better identify and understand covert CIA infrastructure components.”
Access to this sourcecode will reveal, for example, whether the CIA is recycling existing cyberweapons used by criminals in its tools, whether and how the CIA misdirects attribution for its cyberwarfare operations (for example, by leaving false clues like foreign-language variable names or timestamps from exotic locales), and it provides critical data on the practical realities of NOBUS, allowing researchers to track the rate of independent rediscovery and exploitation of the bugs that the CIA has deliberately left intact on our computers.
Vault 8 [Wikileaks]
WikiLeaks published new alleged material from the CIA on Thursday, releasing source code from a tool called Hive, which allows its operators to control malware it installed on different devices. WikiLeaks previously released documentation pertaining to the tool, but this is the first time WikiLeaks has released the extensive source code for any CIA spying tool.
This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7.
— WikiLeaks (@wikileaks) November 9, 2017