Security News

Switzerland benefitted from a spectacular espionage scheme orchestrated by the CIA and its German counterpart who used a Swiss encryption company to spy on governments worldwide, a parliamentary probe showed Tuesday. A large media investigation revealed back in February an elaborate, decades-long set-up, in which US and German intelligence services creamed off the top-secret communications of governments through their hidden control of the Crypto encryption company in Switzerland.

The retrial of a former CIA software engineer charged with leaking secrets to WikiLeaks in an espionage case will begin June 7, a judge said Wednesday. U.S. District Judge Paul A. Crotty set the date for Joshua Schulte over the objections of a defense lawyer who said it would be impossible to properly prepare for a trial that started before August.

The CIA is running a secret cyberwar including Russian-style hack-and-leak operations with little or no oversight, US officials have warned. The approval for the operations stems from a National Security Presidential Memorandum signed in 2018 by President Trump which has long been known about but the contents of which remain top secret.

Lindsey: Yeah, it kind of does put into question Google's kind of its policies and how it is able to use automated and manual analyses of different extensions, just because, you know, as you mentioned, we have, 106 Chrome browser extensions in question here. As Tom pointed out, maybe some of those devices have, you know, Google Chrome extensions that are malicious.

The anti-secrecy group dubbed the release "Vault 7," and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA's history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agency's techniques. The October 2017 report by the CIA's WikiLeaks Task Force, several pages of which were missing or redacted, portrays an agency more concerned with bulking up its cyber arsenal than keeping those tools secure.

The CIA was so focused on developing whizzbang exploit code, it left any thought of basic computer security principles on the kitchen counter before dashing off to work each morning. If you followed our coverage of the trial of Joshua Schulte, the CIA sysadmin accused of passing the files to WikiLeaks, this much will already be known to you.

A specialized CIA unit that developed hacking tools and cyber weapons didn't do enough to protect its own operations and wasn't prepared to respond when its secrets were exposed, according to an internal report prepared after the worst data loss in the intelligence agency's history. Sen. Ron Wyden, D-Ore., a senior member of the Senate Intelligence Committee, obtained the redacted report from the Justice Department after it was introduced as evidence in a court case this year involving stolen CIA hacking tools.

A just-released report on the 2016 Central Intelligence Agency data breach, which led to the Vault 7 document dump on WikiLeaks, blames "Woefully lax" security by the nation's top spy agency. The report outlined various security issues discovered in the CCI. For instance, while CCI's DevLAN network had been certified and accredited, CCI had not worked to develop or deploy user activity monitoring or "Robust" server audit capabilities for the network, according to the report.

The FBI claimed to have found an "Encrypted container" with child abuse imagery files tucked beneath three layers of password protection on Schulte's PC. The FBI accused Schulte of maintaining lousy security, saying that each layer was unlocked using passwords Schulte previously used on one of his cellphones. The mistrial is embarrassing: prosecutors spent years pulling the case together, and they devoted four weeks of testimony in an effort to portray Schulte as a vindictive and disgruntled employee who put US security at risk by leaking information on how the CIA spied on foreign adversaries.

Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. All this raises a question, though: just how bad is the CIA's security that it wasn't able to keep Schulte out, even accounting for the fact that he is a hacking and computer specialist? And the answer is: absolutely terrible.