The pathetic story of the elite CIA team that left the door open for hackers

2
1654
The pathetic story of the elite CIA team that left the door open for hackers
The pathetic story of the elite CIA team that left the door open for hackers

An ‘elite team’, composed of hackers and security experts, worked at the CIA to develop new tools and programs to hack into targets; but their own security was so poor that they were easily hacked and stolen.

It has been three years now since the publication of the so-called ‘Vault 7‘, the largest leak of classified information in history; somehow Wikileaks had gained access to the latest ‘cyber-weapons‘ developed by the CIA to hack their enemies.

Thanks to the 8,761 documents initially leaked, the world knew how far CIA hackers had advanced in the search for exploits and vulnerabilities in programs and systems used daily by millions of people, all in secret.

When the secrets of the CIA became public

Wikileaks released this information in dribs and drabs, so that every few years we discovered something new, such as the tool used by the CIA to remotely control the malware it had developed.

It was also evident that the US agency had catalogued hundreds of vulnerabilities in iOS, Android, Windows and other operating systems, which were not yet known and therefore had not been fixed; what is known as a ‘zero day attack‘, or ‘0-day’.

Athena, malware developed by the CIA that was filtered
Athena, malware developed by the CIA that was filtered

How was it possible that such a large amount of information from the world’s most famous intelligence agency was publicly available? Now The Washington Post has revealed the existence of an internal CIA report that explains it; and the truth is that it doesn’t make it right.

How the CIA was hacked

As the CIA’s own researchers have acknowledged, the so-called ‘elite team’ focused so much on developing new tools for hacking that they put aside the task of securing their own systems.

The report details ‘woefully lax‘ security protocols that could have allowed virtually anyone with minimal knowledge to enter the team’s private network and find what they were looking for.

The tools and exploits developed by the team were easily accessible, and the most dangerous ones even shared space with others; and since history was kept for all users, it was easy to see what had been created, when, and where it was.

CherryBlossom is a CIA tool that allows you to hack into routers
CherryBlossom is a CIA tool that allows you to hack into routers

Even more shocking is that CIA employees made the big mistake of sharing passwords with a higher level of access, something basic for any company or even among private users.

Nor did the offices have protections that prevented, for example, simply plugging in a USB memory stick and copying the files you wanted, and no one would have noticed.

They didn’t even catch the culprit

In fact, the CIA did not know that its files had been stolen until they were published by WikiLeaks; that is when this report was ordered.

Apparently, the CIA was aware that more security measures were needed, given the number of attacks suffered in recent years by other US agencies; but researchers believe it was ‘too slow’ to implement them.

The report was part of the evidence against Joshhua Schulte, a former CIA employee who was accused of stealing information; he is the prime suspect after a leaked file was discovered on one of his computers.

Zoom rectifies and will provide end-to-end encryption for free accounts
Zoom rectifies and will provide end-to-end encryption for free accounts

However, the defense used the report to argue that anyone could have gained access to the stolen data. As a result, the trial was declared void, although the prosecution has promised to reopen the case.

2 COMMENTS

  1. Hi there would you mind sharing which blog platform you’re working with?
    I’m going to start my own blog in the near future but I’m having a difficult time selecting between BlogEngine/Wordpress/B2evolution and Drupal.
    The reason I ask is because your design and style seems different then most blogs
    and I’m looking for something unique. P.S
    Apologies for getting off-topic but I had to ask! I will immediately seize your rss feed as I can’t to find your email
    subscription link or newsletter service.
    Do you’ve any? Please allow me recognise so that I could subscribe.
    Thanks. I have been browsing on-line greater than three
    hours nowadays, but I by no means found any interesting article like yours.
    It’s beautiful value enough for me. Personally, if all web owners and bloggers made good content as you did, the net might be much more useful than ever before.

  2. It is appropriate time to make some plans for the future and it’s time to be happy.
    I have read this post and if I could I desire to suggest
    you few interesting things or suggestions. Maybe you can write next articles referring to this article.
    I desire to read more things about it! I have been surfing
    on-line more than three hours today, yet I never discovered any interesting article like
    yours. It’s pretty price sufficient for me. In my view,
    if all web owners and bloggers made just right content as you
    probably did, the internet might be a lot more useful than ever before.
    Ahaa, its good conversation concerning this piece of writing at this place at this webpage,
    I have read all that, so now me also commenting here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here