Theft of CIAs "Vault Seven" Hacking Tools Due to Its Own Lousy Security – Security Boulevard

The Washington Post is reporting on an internal CIA report about its Vault 7 security breach:

The breach allegedly committed by a CIA employee was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release Vault 7, and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIAs history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agencys techniques.

The October 2017 report by the CIAs WikiLeaks Task Force, several pages of which were missing or redacted, portrays an agency more concerned with bulking up its cyber arsenal than keeping those tools secure. Security procedures were woefully lax within the special unit that designed and built the tools, the report said.

Without the WikiLeaks disclosure, the CIA might never have known the tools had been stolen, according to the report. Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss, the task force concluded.

The task force report was provided to The Washington Post by the office of Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, who has pressed for stronger cybersecurity in the intelligence community. He obtained the redacted, incomplete copy from the Justice Department.

Its all still up on WikiLeaks.

*** This is a Security Bloggers Network syndicated blog from Schneier on Security authored by Bruce Schneier. Read the original post at: https://www.schneier.com/blog/archives/2020/06/theft_of_cias_v.html

Read more here:
Theft of CIAs "Vault Seven" Hacking Tools Due to Its Own Lousy Security - Security Boulevard