• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The WikiLeaks breach might just have done the CIA a favor

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
49,808
26
pchelpforum.net
A new report has revealed that the largest data loss in CIA history occurred as the result of “woefully lax” security practices.

Back in early 2017, WikiLeaks published details on top-secret CIA hacking tools that were actually part of a larger set of data (37TB) stolen from one of the US agency's high-security networks. These hacking tools were developed by the CIA's Center for Cyber Intelligence (CCI) and were published by WikiLeaks as part of its Vault 7 leak series.

A WikiLeaks Task Force was assembled to investigate the practices that led to the agency's massive data loss and it issued a report seven months after the first Vault 7 leak that provided more details on the extent and cause of the leak. The report found that the CCI was more concerned with creating cyber weapons than it was with securing them.


In a letter to the Director of National Intelligence John Ratcliffe, US senator Ron Wyden provided further details on the CCI's failure to secure the cyber weapons it had created, saying:

"The CIA's [Center for Cyber Intelligence (CCI)] has prioritized building cyber weapons at the expense of securing their own systems. Day-to-day security practices had become woefully lax....Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely. Furthermore, CCI focused on building cyber weapons and neglected to also prepare mitigation packages if those tools were exposed. These shortcomings were emblematic of a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security."

Woefully lax security


According to the report, the CIA employee responsible for the Vault 7 leaks stole at least 180 GB of data in the spring of 2016. However, the task force said that the employee may have actually taken as much as 34 TB of the agency's data.

In 2018, federal authorities identified former CIA employee Joshua Adam Schulte as the suspect who had leaked the data. He was later indicted and plead not guilty to the charges. However, during Schulte's criminal trial, the jury was unable to reach a verdict on the most serious charges.

The task force's report also revealed that WikiLeaks did not obtain final versions of the CIA's hacking tools and source code as they were stored in a Gold folder which was better protected.

While WikiLeaks' Vault 7 data leak was embarrassing for the CIA, it likely taught the agency a lesson when it comes to securing sensitive data.


Via Ars Technica

t2mv9nNL69w


Continue reading...