Joan Gamell


Unexpected learnings from the CIA leak

Today WikiLeaks published the Vault 7 CIA leak. The leak is a dump of over 7,500 internal CIA Confluence pages which include documentation of their tools, how-to guides, best practices and more.

Instead of discussing the (im)morality of the CIA not disclosing the exploits they use on Android, iOS and Windows system — you can find plenty of those elsewhere — I will go through some unexpected gems of tech wisdom I found during a quick read of some of the documents.

It’s amusing to see how, after all, under all the layers of secrecy and mystery we are all engineers facing similar challenges and using the same tools. Starting with the obvious: the CIA uses JIRA, Confluence and git. Yes, the very same tools you use every day and love/hate. But there’s much more.

CIA developers also hate process

Our workflow is pretty simple. A developer picks the item he is going to work on (something like implement compression) and creates a feature branch off of DEVELOP. The developer then goes and implements the changes and when complete a pull request is created to inform the team that he is done, and the changes should be merged. This is a pull request in a nutshell.
That sounds like process, wait one second while I grab my pitchfork.
User #1179751 — “Justifying Implementing Pull Requests on Small Teams

Not only they hate process as most of us do, but they seem to have a sharp sense of humor.

They do Code Reviews & prefer small Pull Requests

Keep the scope of feature branches narrow. It is much easier to do a code review on 100 lines of code, over a couple of thousand.
User #1179751 — “Justifying Implementing Pull Requests on Small Teams

Words of wisdom, right here.

They store passwords in clear text

OSB unclass laptop #1 password (tag 2005K676, Dell service tag: 7731Y32): “OSBDemoLap9W53!” (Without quotes)
OSB unclass laptop #2 password (tag 2005K677, Dell service tag: CN81Y32): “0sbP@ss” (no quotes, first chracter is a zero)
User #7995631 — “OSB Passwords” (added emphasis)

Not only they store passwords in clear text in a public wiki but it seems that even top notch government hackers need clarifying notes to solve the eternal conundrum of “Are the quotes part of the password?”. The hilarious and sarcastic responses to the post feel almost as witty as a Reddit thread (emphasis added):

2015–01–30 15:29 [User #9535837]:
That was a smart security decision. Please like my comment.
2015–01–30 15:10 [User #14588054]:
I noticed, but I still cringed when I first saw the page.
2015–01–30 14:50 [User #7995631]:
Its locked down to the OSB group… idk if that helps.
2015–01–30 14:30 [User #14588054]:
Am I the only one who looked at this page and thought, “I wonder if security would have a heart attack if they saw this.”?

They believe in the “Bus Factor”

If your physical form were forcibly displaced from the space-time in which it occupied, by the sudden and urgent presence of a large commuter bus, would all the development work, ideas, and knowledge that you have contributed to the organization continue to be useful or even AVAILABLE?
User #524297 — “Single Bus Theory

Which is a grandiloquent way of saying: “Make sure you document everything and transfer knowledge in case you get ran over by a bus”.

They need git cheatsheets too

The “Oh crap I didn’t mean to commit yet” Trick
# undo last commit and bring changes back into staging (i.e. reset to the commit one before HEAD) $ git reset — soft HEAD^
User #524297 — “Git Trips & Tricks

I agree, git CLI is far from perfect and hard to learn.

They do use IRC, like in the movies

Why IRC?
For colloboration<sic>! We can easily chat with each other now!
IRC is 1337!
Author unknown — “Internet Relay Chat

Slack and HipChat are too mainstream.

They also used pirated versions of Windows

Skipping Windows 8 Activation
The default MDSN Windows 8 installation requires Product Key Activation in order to setup. The following steps are useful in editing the MSDN iso to enable the Skip button during the install.
User #3375374 — “Funny Code 2013a

C’mon… we’ve all done it.

Yes, they search answers on StackOverflow too

The answer came from a single StackOverflow post that mentioned a side-effect of opening a volume handle in a peculiar way. Although the author of the post cautioned the technique may not be reliable, we found in our testing that it was 100% effective on our target platform (Windows XP x64).
User #71473 — ”Wait, didn’t I just securely delete that file?”

Finally, they love their memes as much as anyone

Sharp sense of humor, as I said.

More by Joan Gamell

Topics of interest

More Related Stories