Theft of CIA’s ‘Vault 7’ Secrets Tied to ‘Woefully Lax” Security

2020-06-16 16:54

A just-released report on the 2016 Central Intelligence Agency data breach, which led to the Vault 7 document dump on WikiLeaks, blames "Woefully lax" security by the nation's top spy agency.

The report outlined various security issues discovered in the CCI. For instance, while CCI's DevLAN network had been certified and accredited, CCI had not worked to develop or deploy user activity monitoring or "Robust" server audit capabilities for the network, according to the report.

According to The Washington Post, which broke news of the report, the task force's report is being used as evidence in the trial of former CIA employee Joshua Schulte, who has been accused of stealing the CIA's hacking tools and giving them to WikiLeaks.

The report outlined several recommendations for the agency to take to bolster its security.

Fausto Oliveira, principal security architect at Acceptto, told Threatpost that Wyden is "Quite right" in asking why standard security practices in the industry are not being adopted by the CIA. "Based on the findings of the report, it appears that there was a lack of IT and cybersecurity governance that led to a lax adoption of security controls," he said.

News URL

https://threatpost.com/theft-of-cias-vault-7-secrets-tied-to-woefully-lax-security/156591/

#CIA #security #vault7