A “woefully lax” security culture within the Central Intelligence Agency’s elite hacking unit that favored building cyber weapons over protecting its own computer systems from intrusion allowed for the 2016 theft of top-secret hacking tools, according to an internal report written by the spy agency disclosed on Tuesday.
The hacking tools were published by the anti-secrecy group WikiLeaks in early 2017, a disclosure totaling more than 8,000 pages. The leak of the so-called Vault 7 documents was widely viewed as one of the most devastating security breaches in the CIA’s history. It included details about the agency’s playbook for hacking smartphones, computer operating systems, messaging applications and internet-connected televisions.
The internal audit, published in October 2017 by CIA’s WikiLeaks Task Force, described the theft as the “largest data loss in CIA history.” It said an employee stole anywhere from 180 gigabytes to 34 terabytes of information, a haul roughly equivalent to 11.6 million to 2.2 billion pages in Microsoft Word.
The report said it was possible the CIA may have never learned of the theft had the trove not been published by WikiLeaks.
A “woefully lax” security culture at the Central Intelligence Agency permitted the 2016 theft of top-secret hacking tools, according to an internal report https://t.co/yWiuEjOnY3
— The Wall Street Journal (@WSJ) June 16, 2020