 |
| The CIA is responsible for stealing its tools for secret piracy |
According to a new report, the CIA's leak of up to 34 terabytes of information, the largest data loss in CIA history, is the result of a very tolerant practice.
In early 2017, WikiLeaks released detailed information about highly classified CIA hacking tools. The researchers confirmed that it was part of a large number of confidential documents stolen from a highly secure isolated proxy network.
WikiLeaks named it the leak chain (Vault 7), which revealed many of the CIA's secret secrets.
Confidentiality includes simple SMS programs that agency agents use to hack Cisco network adapters, and a tool called (Sonic Screwdriver) that attacks the Mac system because the tool uses Apple's expandable firmware interface to initiate a security breach.
The data enabled researchers at Symantec Security Corporation to classify the following hacking organizations from the CIA and LongHorn since 2011.
Agency officials quickly met with the WikiLeaks staff to investigate practices that led to the loss of large amounts of data. Seven months after Vault 7 leaked, the task force first published a report assessing the extent and cause of the damage.
The results include the spread of a culture within the agency's Intrusion Section (CCI) - a shortcut to the Cyber Intelligence Center - where the spread of their cyber skills to maintain security and control takes precedence over damage in the wrong hands.
Part of the report concluded that daily security practices, for example, have become very loose: a network that shares network functionality with hackers from other organizations has not followed basic practices in the main network. That are designed to identify and mitigate internal problems. Data theft by insiders.
"Most of our sensitive electronic weapons are fragmented, users exchange passwords at the system administrator level, there is no effective control of removable media, and historical data can be made available to users indefinitely."
The report notes that the CCI's Secret Service focuses on manufacturing cyber weapons and ignores setting mitigation options when detecting these tools. At the expense of security.
The team said: The network design failure is just one of many successive CIA mistakes that caused the leak.
- It does not allow a single official to be able to ensure the safe construction and maintenance of all corporate information systems throughout its life cycle.
- There is no guarantee that our ability to protect information systems from emerging threats will follow the growth of these systems across the company.
- Failure to use a warning sign to act means that someone with access to classified CIA information poses an unacceptable risk to national security.
However, the team is full of confidence in WikiLeaks and believes that WikiLeaks has never had the final version of so-called hacking tools and code in the gold case. The report shows that the volume of gold is better protected.