boingboing / Cory Doctorow /
In March, Wikileaks published the Vault 7 leaks, a cache of CIA cyberweapons created under the doctrine of “NOBUS” (“No One But Us”), in which security agencies suppress the publication of bugs in widely used software, choosing instead to develop attack-tools that exploit these bugs, on the assumption that no one else will ever discover those bugs and use them to attack the people they’re charged with defending.
Though Wikileaks shared the sourcecode for these weapons with a few select tech giants shortly after the initial leak publication, they withheld it from wider publication until now.
The Vault 8 leaks are a trove of sourcecode and analysis of the Vault 7 weapons, presented to “enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components.”
Access to this sourcecode will reveal, for example, whether the CIA is recycling existing cyberweapons used by criminals in its tools, whether and how the CIA misdirects attribution for its cyberwarfare operations (for example, by leaving false clues like foreign-language variable names or timestamps from exotic locales), and it provides critical data on the practical realities of NOBUS, allowing researchers to track the rate of independent rediscovery and exploitation of the bugs that the CIA has deliberately left intact on our computers.
Vault 8 [Wikileaks]