CIA assessment report on unprecedented hack of information and hack tools that hit it in 2016 shows major protection and cybersecurity flaws in the US intelligence agency .
At least 180 GB and up to 34 TB of information. This is the wide range of internal data stolen from the CIA by one of its former employees Joshua Schulte, as officially stated in a CIA report – largely redacted by the United States Department of Justice – made public by the Senator Ron Wyden. This report is presented as evidence in the trial against the former CIA employee. Joshua Schulte is currently in the crosshairs of American justice. After being found guilty last March by a federal jury in New York for contempt of court and lying to the FBI after a trial of more than a month, jurors failed to rule on counts more serious charges such as the illegal transfer of National Defense information, unauthorized access to classified information and theft of public property. A second trial is therefore on track and a hearing is scheduled for June 24, 2020.
Joshua Schulte worked in the EDG (Engineering Development Group) software development team in the agency’s Center for Cyber Intelligence (CCI) entity. He was directly involved in the design of hacking tools allowing the CIA to spy on businesses and organizations. Among the mass of exfiltrated data, the full description of 35 hack tools. In 2017, Wikileaks made a big splash by sharing some of the documents stolen by Joshua Schulte, as well as hack tools directly used by the CIA for its spy operations or its methods to hide its hacking and attack operations by malware.
A blatant observation on a lack of protection and cybersecurity
These CIA operations could have remained secret if sufficient protection and cybersecurity measures had been put in place. However, the agency’s report published by Ron Wyden shows that no real safeguard to prevent leaks had been deployed. “We must be as concerned about the security of our systems as they are about their functioning if we are to make the necessary revolutionary change,” the report said. “We have not equipped the mission system in question to monitor user activity or to have robust server audit capabilities that could have deterred, detected and possibly prevented theft. We have not given a single agent the ability to guarantee that all information systems are built securely and remain so throughout their life cycle. Because no one had this ability, no one was responsible and the mission system in question, like others, lacked adequate security. We have failed to ensure that our ability to secure our information systems against emerging threats follows the growth of these systems across the Agency. We have not recognized or acted in a coordinated fashion on the warning signs that a person or persons with access to classified CIA information posed an unacceptable risk to national security. ”
To avoid data leakage and theft, several recommendations were made, such as improving the security directives for information technology and classified information, zero-day exploits and cybersecurity tools. Other recommendations also include segmenting knowledge, tools and people through physical and logical means, infrastructure, governance and procedural controls, and enforcing strict access to tools and exploits as needed. . Note that these are only the “clear” recommendations, the most important.
Since the revelations of Joshua Schulte and Wikileaks, the CIA has certainly worked hard to secure its operations and prevent leaks as much as data theft. But as always in cybersecurity, no company and organization can consider itself safe, not even the most famous intelligence agency in the world.