IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

CIA Vault 7 leak blamed on "woefully lax" attitude to cyber security

Internal report reveals CIA division was ‘so focused on cyber weapons’ it neglected the security basics

The CIA was embedded with a workplace culture in which elite hackers were so preoccupied with building cyber weapons they neglected to secure their own systems, an internal report has suggested.

The theft of documents revealing hacking tools in March 2017, infamously publicised by WikiLeaks, was in-part the result of an agency more concerned with reinforcing its arsenal than securing those tools.

Dubbed Vault 7, the 2017 leaks outlined how the CIA could pretty much hack into any device with a suite of tools designed to read and copy data from electronic devices. The stolen documents detailed how, for example, authorities found a way to bypass encryption in a host of secure messaging apps such as WhatsApp and Telegram,

Several months later, the CIA’s WikiLeaks Task Force produced a report, now seen by the Washington Post, that revealed “woefully lax” security procedures within the team that developed those tools were partially responsible for the disclosure.

The leaked tools were developed by the Center for Cyber Intelligence, where the most sophisticated operatives devised methods of infiltrating hard-to-penetrate networks. Their security procedures were so lackadaisical, however, that without the WikiLeaks disclosure, the CIA may never have known the tools had been stolen, according to the report.

This particular section of the CIA’s “mission systems” division is distinct and segregated from the agency’s “enterprise information technology system”, which makes up the vast majority of the agency’s computer networks.

“CIA has moved too slowly to put in place the safeguards that we knew were necessary given successive breaches to other US Government agencies,” the report said. 

Related Resource

How enterprises are embracing cyber security challenges

Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation

Download now

The research also found that “most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely”.

Prepared for the then director Mike Pompeo, and deputy Gina Haspel, who is now the CIA’s director, the report was introduced as evidence in the trial of Joshua Schulte. 

The former CIA operative is being accused of stealing the hacking tools on behalf of WikiLeaks. Schulte, however, has pled not guilty, with his lawyers arguing the security regime was so poor that hundreds of employees or contractors may have had access to the same information.

The task force reported that it could not determine the exact size of the breach because the hacking team did not demand the monitoring of who used its network. A rough estimate suggested that a CIA employee stole as much as 34TB of data.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022