The inability of the Central Intelligence Agency (CIA)'s elite hacking team to tackle intruders led to the theft of highly classified data from agency in 2016, The Washington Post reports.
According to an internal agency report obtained by the newspaper, the Centre for Cyber Intelligence (CCI) “prioritised building cyber weapons at the expense of securing their own systems”, something that helped a former CIA employee take advantage of the agency’s "woefully lax" security protocols and give secret hacking tools to WikiLeaks.
The theft was revealed in March 2017, after WikiLeaks published what they described as the biggest trove of CIA documents, dubbed "Vault 7”, and which singled out the agency’s advanced cyber weapons.
The authors of the report admitted that they had failed “to recognise or act in a coordinated fashion on warning signs that a person or persons with access to CIA classified information posed an unacceptable risk to national security”.
As far as the CIA’s "sensitive" cyber weapons are concerned, the report acknowledged that most of them “were not compartmented” and that “users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely”.
"Furthermore, CCI focused on building cyber weapons and neglected to also prepare mitigation packages if those tools were exposed”, according to the document.
The report also pointed out that had WikiLeaks not published the documents, the CIA “might still be unaware of the loss”.
The Washington Post cited CCI as saying that the CIA employee in question managed to steal around 2.2 billion pages or 34 terabytes of information, in what apparently became the biggest theft of data in CIA history.
