If you're despairing at staff sharing admin passwords, look on the bright side. That's CIA-grade security

2020-06-16 21:35

The CIA was so focused on developing whizzbang exploit code, it left any thought of basic computer security principles on the kitchen counter before dashing off to work each morning.

If you followed our coverage of the trial of Joshua Schulte, the CIA sysadmin accused of passing the files to WikiLeaks, this much will already be known to you.

An internal CIA report into the embarrassing affair came to much the same conclusion: Uncle Sam's snoops lost control of at least 180GB of hacking tools and documentation, which ended up in the lap of WikiLeaks, due to lax security.

"The WikiLeaks disclosures revealed gaps and weaknesses in CIA's Insider Threat program, which has traditionally relied on close coordination between the Office of Security and CIMC," the report stated.

Wyden is seeking answers from Ratcliffe as to why the CIA's internal security is so lacking, even years after the Vault 7 scandal, especially when the intelligence agency was trusted to shore up its computers and networks to a level higher than what's expected of the federal government as a whole.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/16/cia_report_vault_7_leak/

#CIA #security