Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #1179751
What did Equation do wrong, and how can we avoid doing the same?
To the left is Kaspersky's report on Equation. What do you think Equation did wrong, and how do you think we can avoid the same pitfalls? Feel free to edit and comment on this page as you see fit!
Here are some ideas to get things started:
ISSUE: Use of customized crypto:
- If using a custom crypto algorithm limit its use to a specific tool set
- Use publicly available crypto (Microsoft's Encryption Libraries, OpenSSL, PolarSSL)
ISSUE: Unique MUTEX in privlib
- If a mutex like this is needed, a compiler warning should be generated and the mutex used should be documented
ISSUE: Pdb string in the binary:
- We need to create a string scanner that queries active directory for user names, and such
ISSUE: Reuse of exploits
- This is becoming harder and harder to avoid, we may have to accept this and ensure a database of which tool uses which exploit is maintained.