Analysts said CIA security was "terribly lax" while hacking tools were stolen in 2017.
They believe that a slightly more disciplined security could have stopped the criminals when they completed their crime. At least what is revealed by an internal report provided to The Washington Post by a U.S. senator named Ron Wyden. The report points to the fact that the U.S. intelligence agency had much more reliance on the development of its computer arsenal than on its protection. So that the security measure was particularly "lax".
This article will also interest you: When China accuses the CIA of hacking its government agencies
Moreover, according to the report published by the American media, that without the disclosure of information undertaken by WikiLeaks in 2017, the US intelligence agency would surely not have known that it had been the victim of a theft of hacking tools. The Democratic senator following this report issued a letter to the national director of the CIA to make him understand that some women put them to the security of the systems of the U.S. agency she describes by the report of steps it is totally the CIA.
On March 7, 2017, WikiLeaks published about 8,000 web pages called "Vault," which describes how the CIA hacking program led by a task force called CCI for the Center for Cyber Intelligence works. The publication of the whistleblower, highlighted all the tools used by this special service composed of several dozen pirate software and Zero-day-type vulnerabilities, which would never have been disclosed for use by the CIA clandestinely. Overall, we are talking about more than 90 disclosed, out of a total of up to 500. At the time, WikiLeaks stressed its goal of "launching a public debate on the security, creation, use, proliferation and democratic control of cyberweapes. since these computer tools have raised questions that "urgently need to be debated in public, including the fact that the CIA's intrusion capabilities exceed its mandate and the problem of public oversight of the agency." Finally, the CIA accused a former engineer named Joshua Schulte, who is still in the process.
This data leak, which was confronted by the CIA, prompted the authorities to set up a working group to seriously investigate the problem. Hence the recent report, published by The Washington Post. And the problem was so described above, the CIA's special unit has much more developed its "cyberArsenal" at the expense of its cyber defence. Hence the characterization of security measures as "terribly lax". "If the data had been stolen for the benefit of a state adversary and unpublished, we could still ignore this loss," the task force warned. It will highlight the fact that "most of our sensitive cyberweaps were not segmented, users shared system administrators' passwords, there was no effective control of usb key-type removable media, and historical data was available indefinitely. ». Moreover, since this vulnerability only appeared 3 years after whistleblower Edward Snowden was leaked top secret information about the intelligence procedures of the US national security agency NSA, "The CIA has acted too slowly to put in place the safeguards we knew were necessary given the successive violations" stresses the report
But the report shows the gist of this case is that the working group has so far failed to determine the extent of the security breach. This is because the CIA's special cyber intelligence unit was not obliged to monitor the network. Estimates of our report that the culprit would have had the opportunity to steal nearly 34 terabytes of computer data, the equivalent of 2.2 billion web page. What he is 100% sure of, what he managed to steal 100 GB Of information.
Asked about the report, CIA spokesman Timothy Barrett declined to comment. However, he said, "The CIA is working to integrate the best technologies in its class to stay ahead of the curve and defend itself against ever-changing threats."
In addition, the report made it possible to distinguish from the computer system within the CIA. First, it is the "enterprise computer system," which makes up the majority of the government agency's network. And on the other hand there are the computer systems of the missions, known to have hosted and surely host the hacking tools. A former CIA official, speaking on condition of anonymity, commented on a few lines of the report: "The idea that we are not working to bring all our systems to the highest level of cybersecurity is a false assertion."
Moreover, the U.S. Congress is being singled out as a partly at fault. It requires federal agencies to meet minimum cybersecurity standards by requiring them to report regularly on the issue, but allows itself to exempt spy agencies. Democratic Senator Ron Wyden said in his letter to the CIA director, "It is now clear that exempting the intelligence community from basic federal cybersecurity requirements was a mistake."
Now access an unlimited number of passwords: