Why CIA can’t stop theft of its hacking tools & intelligence documents?

Intelligence agencies in multiple countries have developed advanced hacking tools that must be protected from threat actors at any costs, although this does not always happen. According to specialists from a hacking course, the weak security practices of a specialized Central Intelligence Agency (CIA) unit allowed the theft of some of the agency’s most sophisticated software developments. A report from the U.S. Senate Intelligence Committee supports this information.

Democratic Sen. Ron Wyden, a member of the Intelligence Committee, obtained the report overseen by the Department of Justice (DOJ) after it was presented as evidence in a case involving the various hacking tools stolen from the agency.

The report, written in October 2017, details how these tools were extracted, designed to deal with the multiple adversaries of U.S. intelligence services, mentioned the experts of the hacking course. This report was drafted a few months after the information leaking platform WikiLeaks revealed the purchase of some of the tools, developed by the CIA Cyber Intelligence Center. WikiLeaks published detailed reports on at least 35 hacking tools; in total, this platform would have published between 180 GB and 343 TB, making it the most important data breach in the agency’s history.

As if that weren’t enough, the agency did not detect anomalous activity until WikiLeaks revealed the incident, which occurred in 2016. From then on, a former CIA software engineer became the prime suspect, leaving his job amid multiple conflicts with his colleagues and superiors.

Joshua Schulte, a software engineer, was charged by the DOJ for stealing the confidential material and providing it to WikiLeaks, although the jury only found him guilty of some minor charges.

In addition to Schulte’s malicious actions, the agency’s minimal cybersecurity measures also contributed to the theft: “The compromised information was in a system without monitoring user activity, so it was not possible to detect Schulte’s movements,” the report said. These ineffective security practices were decisive in Schulte’s trial, for while prosecutors claimed that the defendant exploited security flaws that only he knew, the defense argued that these flaws could have been exploited by any other employee of the agency.

Experts from the hacking course believe that the agency should have been better prepared to deal with these threats, especially considering that three years before this incident Edward Snowden, a former National Security Agency (NSA) contractor, exposed classified information about surveillance activities carried out by the NSA and other U.S. intelligence agencies.  

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.