It was the agency’s own inability to secure its systems, which led to the WikiLeaks leak of highly sensitive information.
Report Highlights Widespread Securirity Problems in the CIA Leading to Vault 7 Leaks
A redacted version of the report, prepared by the CIA’s WikiLeaks Task Force in 2017, was released yesterday, June 16, by Ron Wyden, a member of the Senate Intelligence Committee. The purpose of the report is “to seek information about widespread cybersecurity problems across the intelligence community”.
Ron Wyden recently wrote to John Ratcliffe, the director of national intelligence, demanding to know whether the U.S. intelligence community plans to enforce more efficient cybersecurity practices, further questioning CIA’s inability to do more to protect its internal security operations from both internal and external threats.
“The lax cybersecurity practices documented in the CIA’s WikiLeaks Task Force report do not appear to be limited to just one part of the intelligence community.The Office of the Inspector General of the Intelligence Community revealed in a public summary of a report it published last year that it found a number of deficiencies in the intelligence community’s cybersecurity practices,” Wyden points out.
As for the WikiLeaks Task Force report, it was created after the CIA hacking tools were leaked. The leak has been known as Vault 7. It is noteworthy that the incident was not known until WikiLeaks went public and published the Vault 7 series of leaks in 2017. A suspect for the theft of the documents was a CIA employee, who was charged by the U.S. Justice Department.
Joshua Schulte was also suspected of giving the hacking tools to WikiLeaks, the Washington Post wrote. Schulte will be charged again for the same crime later this year, and the WikiLeaks Task Force report seems to be part of the case against the ex-CIA employee. The first trial against him ended in a hung jury this March. The report depicts how an unnamed ex-employee of the CIA managed to take between 180 GB to 34 TB of highly classified information.
The report also goes to highlight a CIA culture that is primarily focused on developing offensive weapons rather than focusing on security procedures. These so-called lax cybersecurity practices have led to a series of serious data breaches. Here’s what the report says:
Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely.
WikiLeaks claimed that the Vault 7 tools came from an isolated, high-security network inside the CIA’s Center for Cyber Intelligence in Langley, Virginia. For further details, you can read Wyden’s letter and the redacted report.