Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

CIA’s ‘Lax’ Security Led To Massive Theft of Hacking Tools, Internal Report Finds

Poor security culture at the Central Intelligence Agency’s hacking unit permitted the ‘largest data loss in CIA history’ in 2016, a report says. CIA’s ‘Lax’ Security Led To Massive Theft of Hacking Tools, Internal Report Finds

A “woefully lax” security culture within the Central Intelligence Agency’s elite hacking unit that favored building cyber weapons over protecting its own computer systems from intrusion allowed for the 2016 theft of top-secret hacking tools, according to an internal report written by the spy agency disclosed on Tuesday.

The hacking tools were published by the anti-secrecy group WikiLeaks in early 2017, a disclosure totaling more than 8,000 pages. The leak of the so-called Vault 7 documents was widely viewed as one of the most devastating security breaches in the CIA’s history. It included details about the agency’s playbook for hacking smartphones, computer operating systems, messaging applications and internet-connected televisions.

The internal audit, published in October 2017 by CIA’s WikiLeaks Task Force, described the theft as the “largest data loss in CIA history.” It said an employee stole anywhere from 180 gigabytes to 34 terabytes of information, a haul roughly equivalent to 11.6 million to 2.2 billion pages in Microsoft Word.

The report said it was possible the CIA may have never learned of the theft had the trove not been published by WikiLeaks.

“While CIA was an early leader in securing our enterprise information technology (IT) system, we failed to correct acute vulnerabilities to our mission IT systems,” said the report prepared for former CIA Director Mike Pompeo and Gina Haspel, the current director.

Timothy Barrett, a CIA spokesman, declined to comment on the specifics of the report. “CIA works to incorporate best-in-class technologies to keep ahead of and defend against ever-evolving threats,” Mr. Barrett said.

Sen. Ron Wyden (D., Ore.), who sits on the Senate Intelligence Committee, obtained the redacted version of the report from the Justice Department, and released it on Tuesday. The Washington Post first published details of it Tuesday.

In a letter Tuesday to Director of National Intelligence John Ratcliffe, Mr. Wyden asked for information regarding the steps being taken to improve the cybersecurity protections surrounding the intelligence community’s most sensitive secrets. He additionally said in a statement that Congress should reconsider a federal law making intelligence agencies exempt from federal cybersecurity standards.

“Congress did so reasonably expecting that intelligence agencies that have been entrusted with our nation’s most valuable secrets would of course go above and beyond the steps taken by the rest of the government to secure their systems,” Mr. Wyden said. “Unfortunately, it is now clear that exempting the intelligence community from baseline federal cybersecurity requirements was a mistake.”

A spokeswoman for Mr. Ratcliffe’s office said the letter from Mr. Wyden had been received and that the intelligence director would “respond accordingly.”

Earlier this year federal prosecutors in Manhattan tried Joshua Schulte, a former CIA software engineer, on charges he stole the Vault 7 documents when he was working with the agency unit that designed the hacking tools. One former top CIA official who testified called the leak of hacking tools “the equivalent of a digital Pearl Harbor.”

Mr. Schulte has pleaded not guilty, and his defense team argued that the security protocols in place at the CIA were so weak that it made it impossible to know who was responsible for the heist of classified information and whether it was the work of an employee or foreign actor. In March a jury failed to reach a verdict on whether he was responsible for the leak, but convicted him of making false statements and contempt of court.

Among the report’s critical assessments is that the CIA was too slow to put in place necessary cybersecurity measures “given successive breaches to other U.S. government agencies.” The theft took place about three years after former intelligence contractor Edward Snowden pilfered a massive trove of documents from the National Security Agency concerning its domestic and international surveillance operations.

“In a press to meet growing and critical mission needs, CCI had prioritized building cyber weapons at the expense of securing their own systems,” the report states, referring to the Center for Cyber Intelligence, the elite hacking unit at the CIA from where the tools were stolen. “Day-to-day security practices had become woefully lax.”

Most of the cyber weapons lacked segmented access protections, employees shared administrator-level passwords, and there existed no controls on using devices like thumb drives to remove files from internal systems, the report found.

While extremely sensitive material was compromised, the CIA task force concluded with moderate confidence that WikiLeaks didn’t obtain the “Gold folder” of its most sensitive files, containing final versions of all developed hacking tools and source code. That folder was better protected and so large it was harder to export, the report said.

CIA’s ‘Lax’ Security Led,CIA’s ‘Lax’ Security Led,CIA’s ‘Lax’ Security Led,CIA’s ‘Lax’ Security Led,CIA’s ‘Lax’ Security Led,CIA’s ‘Lax’ Security Led,CIA’s ‘Lax’ Security Led,



Related Articles:

Signal Is A Truly Private Chat App Ideal For Protestors (#GotBitcoin?)

Maintain Your Privacy And Security During A Protest (#GotBitcoin?)

Borrower, Beware: Credit-Card Fraud Attempts Rise During The Coronavirus Crisis

Senate Vote Allows FBI Access To Your Browsing History Without A Warrant And What You Can Do About It

Report Says Chinese And Iranian Hackers Seek To Steal Coronavirus Research

28,000 GoDaddy Hosting Accounts Compromised

Some States Dabble In Online Voting, Weighing Pandemic Against Cybersecurity Concerns

Antonopoulos: Chainalysis Is Helping World’s Worst Dictators & Regimes (#GotBitcoin?)

Survey Shows Many BTC Holders Use Hardware Wallet, Have Backup Keys (#GotBitcoin?)

Blockfolio Quietly Patches Years-Old Security Hole That Exposed Source Code (#GotBitcoin?)

Apple iPhone May Be Vulnerable To Email (Mail) Hack

Gates Foundation, WHO And Wuhan Institute of Virology All Hacked!

Google Hack Requires That You Updated Chrome Browser Now To Version: 81.0.4044.113

Privacy-Oriented Browsers Gain Traction (#GotBitcoin?)

Can Blockchain Technology Counter US Anti-Message Encryption Bill? (#GotBitcoin?)

Chinese Military Turns To U.S. University To Conduct Covert Research

CIA Has Had Keys To Global Communication Encryption Since WWII

Hostile Spies Target U.S. With Cyber, Encryption, Big Data, Report Finds

Hackers Stole And Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms

Ex-CIA Engineer Goes On Trial For Massive Leak

Multi One Password (Portable App)

After He Fell For A $40K Phone Scam, His Bank Offered To Help—If He Stayed Quiet (#GotBitcoin?)

Your PGP Key? Make Sure It’s Up To Date

Bezos’ Phone Allegedly Hacked By Account Associated With Crown Prince

Major Companies Shared Vulnerability Used In Travelex Cyberattack (#GotBitcoin?)

Microsoft Releases Patch To Patch Windows Flaw Detected By NSA

VPN Tier List 2020 (Comparison Table)

SEC Market-Surveillance Project Hits Snag Over Hacker Fears

Inside China’s Major US Corporate Hack

Twitter Bug Exposed Millions of User Phone Numbers

U.S. Cyber Officials Give Holiday Shopping Advice For Consumers

Is Cayla The Toy Doll A Domestic Spy?

Google’s “Project Nightingale” Faces Government Inquiry Over Patient Privacy.

Which Password Managers Have Been Hacked?

DNS Over HTTPS Increases User Privacy And Security By Preventing Eavesdropping And Manipulation

Russia Steps Up Efforts To Shield Its Hackers From Extradition To U.S.

Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)

Should Consumers Be Able To Sell Their Own Personal Data?

Doordash Says Security Breach Affected Millions Of People (#GotBitcoin?)

Fraudsters Used AI To Mimic CEO’s Voice In Unusual Cybercrime Case (#GotBitcoin?)

Pearson Hack Exposed Details on Thousands of U.S. Students (#GotBitcoin?)

Cyber Hack Got Access To Over 700,000 IRS Accounts (#GotBitcoin?)

Take A Road Trip With Hotel Hackers (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Hackers Target Loyalty Rewards Programs (#GotBitcoin?)

Taxpayer Money Finances IRS “Star Trek” Parody (#GotBitcoin?)

IRS Fails To Prevent $1.6 Billion In Tax Identity Theft (#GotBitcoin?)

IRS Workers Who Failed To Pay Taxes Got Bonuses (#GotBitcoin?)

Trump DOJ Declines To Charge Lois Lerner In IRS Scandal (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Poor Cyber Practices Plague The Pentagon (#GotBitcoin?)

Tensions Flare As Hackers Root Out Flaws In Voting Machines (#GotBitcoin?)

3-29-2019 FBI Retools To Counter Cyber Threats, 4-12-2019 Thousands Of FBI Personal Data Is Stolen (#GotBitcoin?)

Overseas Traders Face Charges For Hacking SEC’s Public Filings Site (#GotBitcoin?)

Group Hacks FBI Websites, Posts Personal Info On Agents. Trump Can’t Protect You! (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply