Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found

[InfoSec News <alerts () infosecnews org>]

https://www.washingtonpost.com/national-security/elite-cia-unit-that-developed-hacking-tools-failed-to-secure-its-own-systems-allowing-massive-leak-an-internal-report-found/2020/06/15/502e3456-ae9d-11ea-8f56-63f38c990077_story.html

By Ellen Nakashima and Shane Harris
The Washington Post
June 16, 2020

The theft of top-secret computer hacking tools from the CIA in 2016 was the 
result of a workplace culture in which the agency’s elite computer hackers 
“prioritized building cyber weapons at the expense of securing their own 
systems,” according to an internal report prepared for then-director Mike 
Pompeo as well as his deputy, Gina Haspel, now the current director.

The breach — allegedly by a CIA employee — was discovered a year after it 
happened, when the information was published by WikiLeaks, in March 2017. The 
anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have said 
it was the biggest unauthorized disclosure of classified information in the 
CIA’s history, causing the agency to shut down some intelligence operations and 
alerting foreign adversaries to the spy agency’s techniques.

The October 2017 report by the CIA’s WikiLeaks Task Force, several pages of 
which were missing or redacted, portrays an agency more concerned with bulking 
up its cyber arsenal than keeping those tools secure. Security procedures were 
“woefully lax” within the special unit that designed and built the tools, the 
report said.

Absent WikiLeaks’s disclosure, the CIA might never have known the tools had 
been stolen, according to the report. “Had the data been stolen for the benefit 
of a state adversary and not published, we might still be unaware of the loss,” 
the task force concluded.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_