An internal CIA report found that the majority of the agency's top-secret hacking tools were improperly secured, including the use of shared administrator passwords and a lack of proper control over removable media. The report, released today by Sen. Ron Wyden (D-Ore.), found that it wasn't until the tools were posted on WikiLeaks in 2017 that the agency learned of its data breach.
In a letter today to US Director of National Intelligence John Ratcliffe, Wyden noted that the CIA's lax security surrounding its so-called cyberweapons appears to reflect a systemic problem in the intelligence community.
The redacted CIA report said: "We assess that in spring 2016 a CIA employee stole at least 180 gigabytes to as much as 34 terabytes of information. This is roughly equivalent to 11.6 million to 2.2 billion pages in Microsoft Word. This data loss includes cyber tools that resided on the Center for Cyber Intelligence (CCI) software development network (DevLAN)."
The report goes on to state: "In a press to meet growing and critical mission needs, CCI had prioritized building cyber weapons at the expense of securing their own systems."