Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday June 18 2020, @09:46AM   Printer-friendly
from the do-as-we-say,-not-as-we-do dept.

Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found:

The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency's elite computer hackers "prioritized building cyber weapons at the expense of securing their own systems," according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the director.

The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks in March 2017. The anti-secrecy group dubbed the release "Vault 7," and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA's history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agency's techniques.

The October 2017 report by the CIA's WikiLeaks Task Force, several pages of which were missing or redacted, portrays an agency more concerned with bulking up its cyber arsenal than keeping those tools secure. Security procedures were "woefully lax" within the special unit that designed and built the tools, the report said.

Without the WikiLeaks disclosure, the CIA might never have known the tools had been stolen, according to the report. "Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss," the task force concluded.

The task force report was provided to The Washington Post by the office of Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, who has pressed for stronger cybersecurity in the intelligence community. He obtained the redacted, incomplete copy from the Justice Department.

The breach came nearly three years after Edward Snowden, then a National Security Agency contractor, stole and disclosed classified information about the NSA's surveillance operations.

"CIA has moved too slowly to put in place the safeguards that we knew were necessary given successive breaches to other U.S. Government agencies," the report said, finding that "most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media [thumb drive] controls, and historical data was available to users indefinitely."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0, Troll) by Ethanol-fueled on Thursday June 18 2020, @06:04PM (1 child)

    by Ethanol-fueled (2792) on Thursday June 18 2020, @06:04PM (#1009624) Homepage

    Well, it was a Jew who was charged with leaking the code, so the only surprise here is that he leaked it to Wikileaks and not China, UAE, or Quatar.

    Starting Score:    1  point
    Moderation   -1  
       Troll=2, Interesting=1, Total=3
    Extra 'Troll' Modifier   0  

    Total Score:   0  
  • (Score: 0) by Anonymous Coward on Thursday June 18 2020, @06:49PM

    by Anonymous Coward on Thursday June 18 2020, @06:49PM (#1009654)

    Dimwit racist

    git a jerb lowlife slacker