Sun Jun 21 2020
The CIA only detected the breach after classified information showed up on the WikiLeaks website.
A theft of highly classified and sensitive documents from the CIA occurred back in 2016.
It’s just come to light that this hack was only possible as the CIA’s specialist ‘hacking unit’ forgot to protect their own systems from outside hackers.
A heavily redacted document, that’s just been made available to the public, shows that the CIA’s team were so focused on developing new cyber tools of their own that an internal employee was able to steal the hacking tools and give them to WikiLeaks.
Occurring in 2016, the breach was only discovered in the March of 2017 when the WikiLeaks website published the information in a release they called ‘Vault 7’. They described the documents (containing sensitive information about the Agency’s highly advanced cyber weapons) on their website as the largest release of CIA documents ever.
An internal CIA investigation estimated that upwards of 34 terabytes of data may have been stolen, causing the Agency to immediately cease many intelligence operations around the globe.
We failed to recognise or act in a coordinated fashion on warning signs that a person or persons with access to CIA classified information posed an unacceptable risk to national security.
Interestingly, in this age of collaboration and open communication, the WikiLeaks Task Force report (although heavily redacted) highlighted the security flaws were either created or exacerbated by collaboration and creativity at the cost of security.
The reason the leak went undiscovered for so long was that the Centre for Cyber Intelligence (CCI) hadn’t implemented user monitoring or any other type of safety measure.
Excerpts of the redacted report have only come to light now as part of the trial of one Joshua Schulte, a former CIA employee who has been accused of stealing the cyber tools and offering them to WikiLeaks.
Sun Jun 21 2020