Almost all government created malware uses 0days that they've kept back or held back from public disclosure, so there's nothing really you can do (aside from waiting for disclosure). That's the point of a CIA hack isn't it?
If there's something you can do, then they've failed at their job, and it's time for hiring the next batch of developers (yes these are developers with a paid day job - to make malware for the CIA).
In university, most computer science or computer engineering students had to make a choice whether to work for the country's security agencies and/or the military industries (via internships, being recruited, or just plain applying to government/pentagon/fbi/cia/nsa/csis jobs, etc), and that's their choice to make.
From the government's point of view, it's no different than recruiting soldiers for the Army/Navy/Marines. If they couldn't train you to their standards for basic fitness and basic shooting skills, they've failed and you'd probably wash out from infantry school.
The other thing you could do is to contribute to initiatives that do specific research into looking for vulnerabilities. It's no guarantee that you'll find the same vulnerabilities that the CIA is exploiting though, or you might find entirely other ones that they've been using for other exploits.
The only thing you can truly do is look for anomalies in network traffic, processes, files, etc. This malware is not immune to that unless it has features specifically to hide from monitoring tools.
Even then there will almost always be evidence if you log network traffic. But obviously this is very difficult.
> Even then there will almost always be evidence if you log network traffic.
You'd need to know what to look for though. It was shown that the CIA can hide its communication in metadata of legitimate traffic which is then recovered at intermediate hops to the target. So, do you know precisely what an innocent DNS packet looks like to detect this anomaly?
>do you know precisely what an innocent DNS packet looks like to detect this anomaly
Wouldn't an abnormal amount of DNS data also stand out? I assume for this to work they'd still have to send a lot of data unless they're willing to wait for half an eternity.
Just curious, since I hadn't heard of this before.
If there's something you can do, then they've failed at their job, and it's time for hiring the next batch of developers (yes these are developers with a paid day job - to make malware for the CIA).
In university, most computer science or computer engineering students had to make a choice whether to work for the country's security agencies and/or the military industries (via internships, being recruited, or just plain applying to government/pentagon/fbi/cia/nsa/csis jobs, etc), and that's their choice to make.
From the government's point of view, it's no different than recruiting soldiers for the Army/Navy/Marines. If they couldn't train you to their standards for basic fitness and basic shooting skills, they've failed and you'd probably wash out from infantry school.
The other thing you could do is to contribute to initiatives that do specific research into looking for vulnerabilities. It's no guarantee that you'll find the same vulnerabilities that the CIA is exploiting though, or you might find entirely other ones that they've been using for other exploits.