The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency's elite computer hackers "prioritized building cyber weapons at the expense of securing their own systems," according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the director.
The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks in March 2017. The anti-secrecy group dubbed the release "Vault 7," and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA's history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agency's techniques.
The October 2017 report by the CIA's WikiLeaks Task Force, several pages of which were missing or redacted, portrays an agency more concerned with bulking up its cyber arsenal than keeping those tools secure. Security procedures were "woefully lax" within the special unit that designed and built the tools, the report said.
Without the WikiLeaks disclosure, the CIA might never have known the tools had been stolen, according to the report. "Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss," the task force concluded.
The task force report was provided to The Washington Post by the office of Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, who has pressed for stronger cybersecurity in the intelligence community. He obtained the redacted, incomplete copy from the Justice Department.
The breach came nearly three years after Edward Snowden, then a National Security Agency contractor, stole and disclosed classified information about the NSA's surveillance operations.
"CIA has moved too slowly to put in place the safeguards that we knew were necessary given successive breaches to other U.S. Government agencies," the report said, finding that "most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media [thumb drive] controls, and historical data was available to users indefinitely."
(Score: 5, Informative) by c0lo on Thursday June 18 2020, @11:44AM (7 children)
My initial reaction: why the heck "Vault7" makes "news" when it happened in 2017?
Turns out our editors are lazy, overworked or both. The actual news - not captured by the summary - are the details about how it may have happened:
Also
Former CIA Software Engineer Joshua Schulte Convicted of Minor Charges, Not Espionage [soylentnews.org]
Ex-CIA Employee Charged In Leak Of Classified Hacking Tools [soylentnews.org]
Wikileaks Releases Code That Could Unmask CIA Hacking Operations [soylentnews.org]
WikiLeaks Says It Has Obtained Trove of CIA Hacking Tools [soylentnews.org]
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by PiMuNu on Thursday June 18 2020, @12:35PM (5 children)
If you want to whinge - then a similar article was on theregister about a month ago. But it is an interesting story, and it doesn't really matter that it is a couple of weeks, months or even years old.
(Score: 4, Informative) by c0lo on Thursday June 18 2020, @12:44PM (4 children)
I'd like to learn what's new from TFS, before RTFA. Do I ask too much?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by sjames on Thursday June 18 2020, @02:40PM (3 children)
It was in the first line of TFS, an internal report found that Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak. The internal report and the reaction to it are what's new.
(Score: 0) by Anonymous Coward on Thursday June 18 2020, @02:48PM (2 children)
That's what they want you to believe.
(Score: 0, Troll) by Ethanol-fueled on Thursday June 18 2020, @06:04PM (1 child)
Well, it was a Jew who was charged with leaking the code, so the only surprise here is that he leaked it to Wikileaks and not China, UAE, or Quatar.
(Score: 0) by Anonymous Coward on Thursday June 18 2020, @06:49PM
Dimwit racist
git a jerb lowlife slacker
(Score: 0) by Anonymous Coward on Thursday June 18 2020, @03:57PM
Implementing preventive measures often causes the very problem you are trying to prevent.