If I had to guess right now, I'd say the documents came from an outsider and not an insider. My reasoning: One, there is absolutely nothing illegal in the contents of any of this stuff. It's exactly what you'd expect the CIA to be doing in cyberspace. That makes the whistleblower motive less likely. And two, the documents are a few years old, making this more like the Shadow Brokers than Edward Snowden. An internal leaker would leak quickly. A foreign intelligence agency -- like the Russians -- would use the documents while they were fresh and valuable, and only expose them when the embarrassment value was greater.
James Lewis agrees:
But James Lewis, an expert on cybersecurity at the Center for Strategic and International Studies in Washington, raised another possibility: that a foreign state, most likely Russia, stole the documents by hacking or other means and delivered them to WikiLeaks, which may not know how they were obtained. Mr. Lewis noted that, according to American intelligence agencies, Russia hacked Democratic targets during the presidential campaign and gave thousands of emails to WikiLeaks for publication.
To be sure, neither of us has any idea. We're all guessing.
To the documents themselves, I really liked these best practice coding guidelines for malware, and these crypto requirements.
EDITED TO ADD: Herbert Lin comments.
The most damning thing I've seen so far is yet more evidence that -- despite assurances to the contrary -- the US intelligence community hoards vulnerabilities in common Internet products and uses them for offensive purposes.
from More on the CIA Document Leak
No comments:
Post a Comment