The piracy tools that were stolen in the violation, which occurred in 2016, came from the illegal cyberspace Information Center (CCI). The amount of data stolen is unknown, the note said, but could reach 34 terabyte data – the equivalent of 2.2 billion pages of text.
In a condemnation, the authors wrote: “We have failed to recognize or act in a coordinated manner on warning signs that a person or persons with access to classified CIA information are at risk of unacceptable national security.”
While the CIA declined to comment on any specific report, agency spokesman Timothy Barrett told CNN, “The CIA is working to incorporate the best technologies in the category to continue and defend against the ever-evolving threats.”
The report, released on Tuesday, said the breach was “clearly a result of security breaches” for “years that have often been a priority for creativity and security.”
“In a press release to meet the growing and critical needs of the mission, the CCI had given priority to building weapons in cyberspace at the expense of securing their own systems. Daily security practices had become very loose,” the report said.
The special team’s memo was released on Tuesday by Sen. Ron Wyden, a Democrat from Oregon on the Senate Intelligence Committee, who received an incomplete, reprinted version from the Department of Justice. In a letter to the new director of National Intelligence, John Ratcliffe, Widen asked for more information on “extensive cybersecurity problems throughout the information community.”
The CIA report released by Wyden said the agency did not know the full extent of the damage because the CCI system – unlike other parts of the organization’s IT systems – “did not require monitoring of user activity or other security …”
“Most of our sensitive government weapons were not segregated, users shared passwords at the system administrator level, there were no effective removable multimedia controls, and historical data was available to users indefinitely,” the report said.
“In addition, the CCI has focused on the production of weapons in cyberspace and has also taken care to prepare mitigation packages if these tools are exposed,” he added.
The material published by WikiLeaks in 2017 showed that the CIA had become the world’s leading hacking company, secretly on high-tech phones and televisions to spy on people around the world.
Leaked information leaked by WikiLeaks as part of the “Vault 7” series contained notes on how the company allegedly targeted individuals through malware and physical intrusion into devices such as phones, computers and televisions.
To cover up its activities, the CIA regularly adopted techniques that allowed hackers to appear as Russians, according to documents released by WikiLeaks.
U.S. officials who previously spoke to CNN about the incident stressed that any collection of information that uses the types of businesses described in the documents is legal.
At the time, WikiLeaks claimed that almost the entire CIA arsenal for privacy breaches in cyberspace had been stolen and that the tools were potentially in the hands of criminals and foreign spies.
While the CIA’s special team responsible for the 2017 report made several recommendations to address these security failures, some lawmakers remain concerned that the intelligence community remains vulnerable to such security breaches.
“The loose cybersecurity practices documented in the CIA’s WikiLeaks Special Group report do not seem to be limited to a single piece of the information community,” Wyden wrote, adding that he described the breach as a “wake-up call” that provided an “opportunity for the right.” long-term imbalances and gaps. ”
“Three years after this report was submitted, the information community is still lagging behind and has failed to adopt even the most basic cybersecurity technologies in widespread use elsewhere in the federal government,” he said.
Wyden asked Ratcliffe to give him unregistered answers to a series of questions related to the implementation of cybersecurity practices within the information community by July 17, 2020.
Relaxed security practices in the CIA cyberspace were also pointed out to the federal court earlier this year during the trial of Joshua Schulte, a former CIA employee who is accused of handing over dozens of classified data to WikiLeaks in 2016.
The CIA report in October 2017 was presented as evidence during the trial, and Schulte’s lawyers argued that the security of the system was so poor that information could be accessed by a large number of employees.
In March, a major federal jury in New York failed to reach a decision on whether Schulte actually provided the data to WikiLeaks.
Prosecutors say they plan to try Schulte again this year, according to the Washington Post.