Elite CIA Unit Developed Hacking Tools But Failed To Secure Its Own Systems, Allowing Massive Leak

Elite CIA Unit Developed Hacking Tools But Failed To Secure Its Own Systems, Allowing Massive Leak

An elite CIA unit developed hacking tools to break into foreign computer networks but failed to secure its own systems, allowing a massive leak. Image: Unsplash

A CIA team of elite computer hackers prioritized building cyber weapons at the expense of securing its own systems, leading to the theft of top-secret computer-hacking tools in 2016, according to the Washington Post.

The breach — allegedly committed by a CIA employee — may never have been discovered if the information hadn’t been published a year later by WikiLeaks in March 2017. WikiLeaks called the release “Vault 7,” and U.S. officials said it was the biggest unauthorized disclosure of classified information in the CIA’s history. The CIA was forced to shut down some intelligence operations and alert foreign adversaries to its techniques.

For example, Vault 7 showed how the CIA could break into foreign computer networks or activate the microphone or camera on electronic devices to eavesdrop.

An internal report of the breach was prepared by the WikiLeaks Task Force for then-director Mike Pompeo and his deputy, Gina Haspel, now the director.

The CIA needs a WikiLeaks Task Force — “literally a WTF operation,” Spencer Ackerman wrote for Wired — because of its own cyber-insecurity.

For example, in 1995, then-Director John Deutch put classified information on his home computer, which his AOL account left vulnerable to cookies, malware or phishing, Ackerman wrote. A CIA inquiry concluded that no harm was done. In 2004, in what might be “the biggest reply-all-fail of all time,” a CIA agent accidentally emailed the agency’s entire Iran spy network, allowing a double agent to identify and then neutralize all the CIA’s snitches.

Black Americans Have the Highest Mortality Rates But Lowest Levels of Life Insurance
Are you prioritizing your cable entertainment bill over protecting and investing in your family?
Smart Policies are as low as $30 a month, No Medical Exam Required
Click Here to Get Smart on Protecting Your Family and Loves Ones, No Matter What Happens

A redacted version of the WikiLeaks Task Force’s internal report was provided to The Washington Post by the office of Sen. Ron Wyden (D-Ore.). Wyden is a member of the Senate Intelligence Committee and has pushed for stronger cybersecurity in the intelligence community. He obtained the incomplete copy from the Justice Department, according to the Washington Post.

The report “portrays an agency more concerned with bulking up its cyber arsenal than keeping those tools secure. Security procedures were ‘woefully lax’ within the special unit that designed and built the tools,” according to the Post.

The C.I.A. fostered an innovative culture in its hacking team, which took great risks to create untraceable tools to steal secrets from foreign governments, the New York Times reported. However, the team and its managers were focused on building cutting-edge cyberweapons and spent too little energy protecting those tools. They didn’t put in place even common security standards like basic monitoring of who had access to the information, the report said.

The report was partially declassified for this year’s trial of Joshua Schulte, a former C.I.A. officer who has been accused of giving the information to WikiLeaks. Schulte was convicted of contempt of court and making false statements to the F.B.I. The government said it plans to retry him, NYT reported.

Listen to GHOGH with Jamarlin Martin | Episode 72: Jamarlin Martin    Part 2. J. Edgar Hoover, the first director of the FBI, may not be around but his energy is present in new Black politics.FBI agents and informants were used to weaken Marcus Garvey, the Nation of Islam and the Black Panthers — in many cases for money and career advancement. How could this energy metastasize into the “New Blacks” politics in 2020? Jamarlin goes solo to discuss who is doing the trading and what is being traded to weaken the aggregate Black political position.

The report showed how different arms of the CIA developed their own information technology capabilities and systems of policing themselves. That culture of “shadow I.T.” created “unacceptable risk” for the C.I.A.

Congress in 2014 gave the Department of Homeland Security the power to require federal agencies to meet minimum cybersecurity standards, according to the Washington Post. Spy agencies were exempt.The reasoning was that as guardians of the nation’s most valuable secrets, they would take extra care to secure their systems, Wyden said.

“It is now clear that exempting the intelligence community from baseline federal cybersecurity requirements was a mistake,” Wyden wrote in a letter Tuesday to National Intelligence Director John Ratcliffe.