CIA leak 'absolutely' an 'inside job'

Former CIA Deputy Director Mike Morell has said that the WikiLeaks' dump of documents it claims are from the top-secret CIA hacking program is "absolutely" an "inside job."

Speaking with "CBS This Morning," Morell said the spy agency should be asking itself whether the leaker was a staff employee or a contractor, and whether there were any "red flags" that were missed.

When asked whether it’s clear to him that this could have been an inside job, Morell answered, "Absolutely."

"This data is not shared outside CIA. It's only inside CIA," Morell said. "It's on CIA's top secret network, which is not connected to any other network. So, this has to be an inside job."

WikiLeaks has said it will not reveal its source.

Morell warned against WikiLeaks' plan to share the technical details on the CIA's surveillance operation with tech companies, whose products were mentioned in the documents as being vulnerable to the spy program.

Morell said this information is "valuable" to US adversaries, because if obtained, they can search their own networks for any CIA bugs.

In the first wave of what it dubbed the "Vault 7" publications, WikiLeaks dumped more than 8,700 documents that it claims reveal the inner workings of the CIA's secret hacking program from 2013 to 2016. The CIA's malware, Trojans and weaponised viruses have the capability of bypassing encryption protection in a wide range of devices made in Europe and US, including Apple's iPhone, Google's Android and Microsoft's Windows, as well as smart TVs, turning them into covert microphones.

While the CIA wouldn't say whether the WikiLeaks documents are real, and would not confirm reports that it is investigating any leaks, it warned that any time WikiLeaks publishes something that could hurt the CIA's ability to do its job is a problem.

"The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries," a CIA spokesperson said in a statement. "Such disclosures not only jeopardise US personnel and operations, but also equip our adversaries with tools and information that do us harm."

Two other former heads of the CIA, former CIA Director Michael Hayden and former acting CIA Director John McLaughlin, expressed concerns this week about the timing of the "Vault 7" document dump, saying it brought to mind Russian interference allegedly aimed at helping President Trump.

Former CIA director David Petraeus said the leak could be as damaging to national security as former NSA contractor Edward Snowden's 2013 leak of secret information from the National Security Agency's surveillance programs.

Washingtons Examiner:

 

« New App Minimising Police Violence
Estonian Honey Trap »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

Commissum

Commissum

Commissum specialise in information assurance and security testing services.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Cybersixgill

Cybersixgill

Cybersixgill was founded with a single mission: to protect organizations against malicious cyber attacks that come from the deep and dark web, before they materialize.

ThreatModeler

ThreatModeler

ThreatModeler is an automated threat modeling solution that fortifies an enterprise’s Software Development Lifecycle by identifying, predicting and defining threats.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

Corsearch

Corsearch

Combining AI-powered technology and decades of industry expertise, Corsearch is revolutionizing how companies establish and protect their brands.

CyberSanctus

CyberSanctus

CyberSanctus provide clients with a variety of pentest plans from the entry level starter plan, which is tailored for personal websites, to enterprise level pentests, tailored for large scale business

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

ScamAdvisor

ScamAdvisor

ScamAdviser helps over 3 million consumers every month to discover if a website is legitimate or a possible scam.

Harness

Harness

Harness delivers an end-to-end software delivery platform that helps engineering teams achieve the highest levels of engineering excellence.