CIA’s specialised unit for crafting cyber weapons failed to protect its own operations: Report

Hemani Sheth Mumbai | Updated on June 17, 2020

A specialised unit of the United States' Central Intelligence Agency (CIA) responsible for creating sophisticated hacking tools and cyber weapons failed to protect its operations and wasn't prepared to adequately respond to a massive breach, according to an internal report.

The report, prepared after the worst data loss in the intelligence agency's history, was released on Tuesday by Sen. Ron Wyden, D-Ore., a senior member of the Senate Intelligence Committee. He had obtained the redacted version of the report from the Justice Department and released it with a letter that he had written to the new national intelligence Director John Ratcliffe, asking him about the steps being taken to protect national secrets by the federal agencies.

“Given this damning CIA report that exposes serious lapses in the cybersecurity of our nation's top intelligence agencies, I'm pressing DNI John Ratcliffe on how he plans to better protect our country's most sensitive secrets. We've seen what happens when they're left vulnerable,” Wyden said in an official statement.

“I believe it's also time to revisit the law that exempts intelligence agencies from cybersecurity requirements. Congress passed this law assuming our nation's top spy chiefs would take threats to our intelligence community seriously. It's clear Congress was wrong,” he said.

The October 2017 report prepared by the CIA's WikiLeaks Task Force was first highlighted by the Washington Post. It details the CIA’s lack of adequate response on its hacking tools being stolen.

Anti-secrecy agency WikiLeaks had announced that it had acquired tools created by the CIA's specialised Center for Cyber Intelligence. It had detailed the same with comprehensive descriptions of about 35 such tools, including internal CIA documents associated with them, according to the report.

The theft consisted of a whopping 34 terabytes of information, made it the largest data loss in the agency’s history.

According to the report, the agency “prioritized building cyber weapons at the expense of securing their own systems.”

The report was prepared for then-director Mike Pompeo and Gina Haspel and was dated months after the WikiLeaks announcement.

The breach was allegedly committed by a CIA employee, reports said, and was identified almost a year after it happened.

It had caused the agency to shut down some intelligence operations and alert foreign adversaries to the spy agency’s techniques.

“Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss," the report says as quoted by the Associated Press.

"CIA has moved too slowly to put in place the safeguards that we knew were necessary given successive breaches to other US Government agencies," it said.

The problems identified by the task force included failure to compartmentalise sensitive cyber weapons, sharing passwords and users having indefinite access to historical data.

Published on June 17, 2020

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like