A new internal report surfaced last Tuesday, June 16, 2020, detailing the events behind what is considered the largest data security breach in CIA history. According to the report, the “woefully lax” security detail allowed an employee to proceed with the leak and provide hacking tools to WikiLeaks.
The Central Intelligence Agency (CIA) breach occurred in 2016 but was reportedly only discovered in 2017, a year after the incident originally happened. The hacking group responsible for the breach called the case “Vault 7.”
Among the casualties of the breach were hacking tools from the Center for Cyber Intelligence (CCI), states CNN. The documents from the CIA included cyber weapons, exposing the approaches taken by the United States government against their adversaries.
Based on the internal report, included in the list of hacking tools developed by the CCI to gain access to challenging networks were activating cameras and microphones on a target’s tablet or device, as well as stealing design plans of advanced weapons systems from foreign adversaries.
To date, The Washington Post said that the Vault 7 incident was considered the biggest unauthorized disclosure of classified information in the whole CIA history. The incident resulted in the agency shutting down several of its operations.
Though the task force behind the incident could not provide an exact number to the breach, the memo reveals that as much as 34 terabytes of data might have been obtained, equivalent to 2.2 billion pages worth of pages or documents.
A statement within the report said the “CIA has moved too slowly to put in place the safeguards that we knew were necessary given successive breaches to other U.S. Government agencies.”
“Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media [thumb drive] controls, and historical data was available to users indefinitely,” said the report.
As of writing, the Central Intelligence Agency has declined a request for comment, company spokesperson Timothy Barrett revealed to CNN that the “CIA works to incorporate best-in-class technologies to keep ahead of and defend against ever-evolving threats.”
The memo, however, was said to acknowledged the lapses of the CCI in “building cyber weapons at the expense of securing their own systems.” As a result, the task force assigned has become “woefully lax” in handling security.
Details of the internal report were provided by the office of Senator Ron Wyden, a member of the Senate Intelligence Committee, to The Washington Post. Wyden’s office obtained the redacted version from the Justice Department. Wyden has previously lobbied for enhanced cybersecurity measures.
The internal report comes as part of the evidence in the trial of Joshua Schulte, the former CIA employee accused of stealing and leaking the hacking tools in question, notes The Washington Post.