https://www.washingtonpost.com/national-security/elite-cia-unit-that-developed-hacking-tools-failed-to-secure-its-own-systems-allowing-massive-leak-an-internal-report-found/2020/06/15/502e3456-ae9d-11ea-8f56-63f38c990077_story.html
By Ellen Nakashima and Shane Harris
The Washington Post
June 16, 2020
The theft of top-secret computer hacking tools from the CIA in 2016 was the
result of a workplace culture in which the agency’s elite computer hackers
“prioritized building cyber weapons at the expense of securing their own
systems,” according to an internal report prepared for then-director Mike
Pompeo as well as his deputy, Gina Haspel, now the current director.
The breach — allegedly by a CIA employee — was discovered a year after it
happened, when the information was published by WikiLeaks, in March 2017. The
anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have said
it was the biggest unauthorized disclosure of classified information in the
CIA’s history, causing the agency to shut down some intelligence operations and
alerting foreign adversaries to the spy agency’s techniques.
The October 2017 report by the CIA’s WikiLeaks Task Force, several pages of
which were missing or redacted, portrays an agency more concerned with bulking
up its cyber arsenal than keeping those tools secure. Security procedures were
“woefully lax” within the special unit that designed and built the tools, the
report said.
Absent WikiLeaks’s disclosure, the CIA might never have known the tools had
been stolen, according to the report. “Had the data been stolen for the benefit
of a state adversary and not published, we might still be unaware of the loss,”
the task force concluded.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
