CIA leak 'absolutely' an 'inside job'

Former CIA Deputy Director Mike Morell has said that the WikiLeaks' dump of documents it claims are from the top-secret CIA hacking program is "absolutely" an "inside job."

Speaking with "CBS This Morning," Morell said the spy agency should be asking itself whether the leaker was a staff employee or a contractor, and whether there were any "red flags" that were missed.

When asked whether it’s clear to him that this could have been an inside job, Morell answered, "Absolutely."

"This data is not shared outside CIA. It's only inside CIA," Morell said. "It's on CIA's top secret network, which is not connected to any other network. So, this has to be an inside job."

WikiLeaks has said it will not reveal its source.

Morell warned against WikiLeaks' plan to share the technical details on the CIA's surveillance operation with tech companies, whose products were mentioned in the documents as being vulnerable to the spy program.

Morell said this information is "valuable" to US adversaries, because if obtained, they can search their own networks for any CIA bugs.

In the first wave of what it dubbed the "Vault 7" publications, WikiLeaks dumped more than 8,700 documents that it claims reveal the inner workings of the CIA's secret hacking program from 2013 to 2016. The CIA's malware, Trojans and weaponised viruses have the capability of bypassing encryption protection in a wide range of devices made in Europe and US, including Apple's iPhone, Google's Android and Microsoft's Windows, as well as smart TVs, turning them into covert microphones.

While the CIA wouldn't say whether the WikiLeaks documents are real, and would not confirm reports that it is investigating any leaks, it warned that any time WikiLeaks publishes something that could hurt the CIA's ability to do its job is a problem.

"The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries," a CIA spokesperson said in a statement. "Such disclosures not only jeopardise US personnel and operations, but also equip our adversaries with tools and information that do us harm."

Two other former heads of the CIA, former CIA Director Michael Hayden and former acting CIA Director John McLaughlin, expressed concerns this week about the timing of the "Vault 7" document dump, saying it brought to mind Russian interference allegedly aimed at helping President Trump.

Former CIA director David Petraeus said the leak could be as damaging to national security as former NSA contractor Edward Snowden's 2013 leak of secret information from the National Security Agency's surveillance programs.

Washingtons Examiner:

 

« New App Minimising Police Violence
Estonian Honey Trap »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Open Cloud Factory

Open Cloud Factory

Open Cloud Factory is a European based security company, that strives to ease the pressure on IT managers, by providing tools to implement your Security Strategy in an effective and easy manner.

Accredia

Accredia

Accredia is the national accreditation body for Italy. The directory of members provides details of organisations offering certification services for ISO 27001.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

Commvault

Commvault

Commvault's data protection and information management solutions help companies protect, access and use all of their data, anywhere and anytime.

OSC Edge

OSC Edge

OSC was founded with the vision of providing expert solutions in IT to government and businesses. OSC Edge empowers organizations with solutions that prepare them for today and tomorrow.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

Cyderes

Cyderes

Cyderes (Cyber Defense and Response) is a global, pure-play, full life-cycle cyber security services provider formed from the merger of Herjavec Group and Fishtech Group in 2022.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.