Many of the CIA’s most sensitive hacking tools were so poorly secured that it was only when WikiLeaks published them online in 2017 that the agency realised they had been compromised, according to a new report.
- New report suggests many of the CIA’s hacking tools were so poorly secured that it was only when WikiLeaks published them that they realised they had been compromised
- An internal report released by Senator Ron Wyden described security at the unit responsible for designing the tools as “woefully lax”
- The digital tools provided a granular look at how the CIA conducts its international hacking operations
The secret-spilling site drew international attention when it dumped a vast trove of malicious CIA code on the internet in March 2017.
The digital tools, sometimes described as “cyber weapons,” provided a granular look at how the CIA conducts its international hacking operations. It also deeply embarrassed the US intelligence community, which has repeatedly been hit by large-scale leaks over the past decade.
An internal CIA report dated October 2017 and released by Democratic US Senator Ron Wyden on Tuesday described security at the agency’s Center for Cyber Intelligence – the unit responsible for designing the tools – as “woefully lax.”
“Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely,” the report said. It described the WikiLeaks disclosure as “the largest data loss in CIA history.”
The Central Intelligence Agency declined to comment specifically on the report, saying only that it “works to incorporate best-in-class technologies” to keep ahead of security threats.
The report, drawn up by the CIA’s WikiLeaks Task Force, was heavily redacted, but it called out failures at the Center for Cyber Intelligence, which the report’s authors said was too focused on building hacking tools rather than securing them.
In a letter accompanying the report, Wyden suggested that the weaknesses highlighted by the report “do not appear to be limited to just one part of the intelligence community,” which he said was “still lagging behind.”
Via our content partners at Reuters. Reporting by Raphael Satter. editing by Jonathan Oatis.