Who Actually Did Leak CIA Cyber Weapons Data?

Uploaded on 2020-07-07 in GOVERNMENT-Defence, FREE TO VIEW, GOVERNMENT-National, INTELLIGENCE--USA

The largest known data theft in CIA history happened because a cyber espionage unit had an employee who took advantage of weak security and gave secret hacking tools to WikiLeaks, according to a secet internal report just released. 

The breach was revealed in March 2017 when WikiLeaks published what it characterised as the largest-ever trove of acquired CIA documents, known as ‘Vault 7’. The hacking tools stolen in the breach, which occurred in 2016, came from its clandestine Center for Cyber Intelligence (CCI). The amount of data stolen is unknown, the memo said, but could be as much as 34 terabytes of data which is the equivalent of 2.2 billion pages of text. 

A former CIA employee, Joshua Schulte, has been accused of being behind the leak, altough a federal grand jury this year failed to reach a verdict on allegations of illegal gathering and transmission of national security information. The leaked material attracted controversy, showing that the CIA had the capability to perform widespread electronic surveillance, including compromising individuals’ smartphones, cars, computers and smart TVs.

Whistle-blower Edward Snowden criticised the CIA for intentionally maintaining vulnerabilities in US products. The theft was revealed around a year later, in March 2017, when WikiLeaks published what it claimed was the largest trove of CIA documents, dubbed "Vault 7," detailing some of the agency's sophisticated cyber weapons, this was reported by the Washington Post.

That incident prompted a review by the CIA WikiLeaks Task Force, which submitted its findings to then-Director Mike Pompeo and his deputy, who is now the director, Gina Haspel.  

While the CIA declined to comment on any specific report, agency spokesperson Timothy Barrett told CNN, "CIA works to incorporate best-in-class technologies to keep ahead of and defend against ever-evolving threats... The report is heavily redacted but clearly states that the breach came as a result of a series of security shortcomings ."

The task force memo was released by Democrat Senataor Ron Wyden,  who sits on the Senate Intelligence Committee, who obtained an incomplete, redacted version from the Justice Department. In a letter to the new Director of National Intelligence, Wyden asked for more information about "widespread cybersecurity problems across the intelligence community." 

The material published by WikiLeaks in 2017 suggested that the CIA had become the globe's pre-eminent hacking operation, breaking into high-tech phones and televisions to spy on people worldwide. 

Leaked information published by WikiLeaks as part of the "Vault 7" series contained notes about how the agency allegedly targeted individuals through malware and physical hacking on devices including phones, computers and TVs. 

To hide its operations, the CIA routinely adopted techniques that enabled its hackers to appear as if they were Russian, according to the documents published by WikiLeaks. 

The CIA's lax cybersecurity practices were also highlighted during the trial of Joshua Schulte, the ex-CIA employee who is accused of handing over reams of classified data to WikiLeaks in 2016. The October 2017 CIA report was introduced as evidence during the trial and Schulte's attorneys argued that the system's security was so poor that the information could have been accessed by a large number of employees. 

Following the failed prosection, it is still not officially known whether or nor Schulte actually did give the data to WikiLeaks. 

Wikileaks:     CNN:       New York Times:      US Senate:      Engineering Technology:     Politico:    Brian Krebs

Image: CIA 

You Might Also Read: 

Julian Assange Faces New Criminal Charges:

Snowden Accuses CIA Of 'A PR Fix':

 

« Coronvirus Phishing Campaign Targets Six Nations
Online Shoppers Have Lost Over £16m To Lockdown Fraud »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Paraben

Paraben

Paraben provides digital forensics solutions for mobile devices, smartphones, email, hard drives, and gaming system.

ID-SIRTII/CC

ID-SIRTII/CC

Security Incident Response Team for Internet Infrastructure in Indonesia.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

Bericon Forensics

Bericon Forensics

Bericon is one of the longest established forensic science consultancies in the UK. Activities include computer and mobile phone forensics.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

Verastel

Verastel

Specializing in the niche space of proactive cyber-defense, and adaptive resilience, team Verastel is bolstering enterprise digital security like never before.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.