Elite CIA Hacking Unit Failed to Protect Its Systems, Allowing Disclosure to WikiLeaks

Ellen Nakashima and Shane Harris, reporting for The Washington Post:

The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers “prioritized building cyber weapons at the expense of securing their own systems,” according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the current director.

The breach — allegedly by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA’s history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agency’s techniques. […]

Absent WikiLeaks’s disclosure, the CIA might never have known the tools had been stolen, according to the report. “Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss,” the task force concluded.

Keep this story in mind the next time the FBI and DOJ start barking about their being trustworthy with the secret keys to encryption backdoors they want built. I know the CIA is not the FBI, but, if anything, you’d think the CIA would be better at protecting truly sensitive secrets.

I’m not even arguing that the FBI and CIA are inherently incapable of keeping digital secrets. I’m sure both have many secrets that haven’t leaked. It’s just obviously possible that they could and have leaked secrets.

Tuesday, 16 June 2020