22:47 GMT26 September 2020
Listen Live
    Tech
    Get short URL
    by
    784
    Subscribe

    The US senator wrote the letter to one of the country's top cybersecurity agencies following a government report complaining of major holes in the nation's cybersecurity policies.

    Senator Ron Wyden [D-OR] has urged US officials to outline steps to protect the data of US federal intelligence agencies in a letter to government officials on Wednesday.

    Mr Wyden wrote in his letter to US director of national intelligence, John Ratcliffe, that the US intelligence community was "still lagging behind" and a failed to implement "even the most basic cybersecurity technologies in widespread use elsewhere in the federal government".

    Congress should "reconsider" a law to exempt "intelligence agencies from federal cybersecurity requirements," he added.

    “Congress did so reasonably expecting that intelligence agencies that have been entrusted with our nation’s most valuable secrets would of course go above and beyond the steps taken by the rest of the government to secure their systems. Unfortunately, it is now clear that exempting the intelligence community from baseline federal cybersecurity requirements was a mistake,” Wyden wrote.

    The "damning" CIA report had also exposed the "serious lapses in the cybersecurity of the nation's top intelligence agencies", he tweeted on Wednesday.

    "I'm pressing DNI John Ratcliffe on how he plans to better protect our country's most sensitive secrets. We've seen what happens when they're left vulnerable," he tweeted.

    The letter cited a report from the CIA WikiLeaks Task Force (WTF) in 2017 stating that cybersecurity failures in the US government had led to "the largest data loss in CIA history", referring to the Vault 7 files published by WikiLeaks.

    The redacted report, written by the US Department of Justice, found "woefully lax" cybersecurity measures at the CIA which exposed "acute vulnerabilities" in key IT systems.

    “Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss,” the report found.

    The news comes three years after WikiLeaks published the Vault 7 files in March 2017, totalling around 8,000 pages, which revealed revealed massive levels of details on the CIA's surveillance and cyberwarfare capabilities.

    The files, exposed by former software engineer Joshua Schulte, revealed 91 of around 500 malware and spyware tools used by the CIA's Center for Cyber Intelligence to hack into operating systems, browsers, messaging apps and devices such as mobiles, among numerous others. Schulte plead not guilty and faces 11 counts, including lying to the Federal Bureau of Investigation, a serious offence that could potentially carry a ten-year sentence.

    "Year Zero", the first part of the Vault 7, disclosed 8,761 documents from the cybersecurity centre in Langley, Virginia, which found the CIA had targeted French political parties and candidates in the 2012 US elections. The CIA's arsenal of weaponised "zero day" malware and viruses held over "several hundred million lines of code" and was spread amongst former US government hackers and contractors "in an [unauthorized] manner", according to a WikiLeaks press statement.

    Such programmes targeted products from numerous US and European companies, including Apple, Google, Samsung and Microsoft, converting devices into "covert microphones", the whistleblowing organisation added.

    Related:

    New Docs Reveal Links Between Firm That Spied on Assange and the CIA, Says Investigative Journalist
    2016 Theft of Top Secret CIA Info 'Occurred Due to Agency’s Woefully Lax Security Protocols'
    WikiLeaks Assange Campaign Launch Petition for His Release to Protect Him From COVID-19
    WikiLeaks Says Not Getting Adequate Information on COVID-19 Situation in Assange’s Prison
    Tags:
    letter, war crimes, United States, cybersecurity, Vault 7, leaks, Central Intelligence Agency (CIA), Wikileaks
    Community standardsDiscussion