informa
/
Attacks/Breaches
Quick Hits

CIA's 'Lax' Security Led to 2017 Compromise of Its Hacking Tools

Internal CIA report released today shows poor security controls surrounding the intelligence agency's hacking tools.

An internal CIA report found that the majority of the agency's top-secret hacking tools were improperly secured, including the use of shared administrator passwords and a lack of proper control over removable media. The report, released today by Sen. Ron Wyden (D-Ore.), found that it wasn't until the tools were posted on WikiLeaks in 2017 that the agency learned of its data breach.

In a letter today to US Director of National Intelligence John Ratcliffe, Wyden noted that the CIA's lax security surrounding its so-called cyberweapons appears to reflect a systemic problem in the intelligence community.

The redacted CIA report said: "We assess that in spring 2016 a CIA employee stole at least 180 gigabytes to as much as 34 terabytes of information. This is roughly equivalent to 11.6 million to 2.2 billion pages in Microsoft Word. This data loss includes cyber tools that resided on the Center for Cyber Intelligence (CCI) software development network (DevLAN)."

The report goes on to state: "In a press to meet growing and critical mission needs, CCI had prioritized building cyber weapons at the expense of securing their own systems." 

Read more here and here.

 
 
 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register


Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5