How the CIA got hacked ...

I feel like I should start this week’s blog post with “once upon a time …” yet that phrase typically fosters good memories of childhood fairy tales that usually led to happy endings, where the prince and princess live happily ever after. The tale I have for you today, unfortunately, is that of cybersecurity nightmares.

Getting right to the point, our very own Central Intelligence Agency (CIA), the group that should be outfitted with the top echelon of professionals who seek to serve the federal government of the United States by gathering, processing and analyzing global data, was hacked, releasing 34 terabytes of data, approximately 2.2 billion pages of information, where all eyes were privy to “secret” information. 

What’s worse? If that data had not been published, the CIA’s elite hacking unit — Center for Cyber Intelligence — would probably never have learned of the breach. 

Let that sink in for a moment.

Instead of securing systems already in place, the CIA’s team of elite hackers — sophisticated people who secretly access cameras and microphones on foreign targets’ smart devices and hack into adversary’s systems to steal design plans on advanced weapons that could later be used on the United States or our allies — were more enthralled with building cyber weapons. This decision snowballed into what U.S. officials have said was the biggest unauthorized disclosure of classified information in CIA’s history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the United States’ spy techniques.

According to a leaked report, the breach was an insider job, allegedly committed by a CIA employee, due to security procedures being “woefully lax” within the Center for Cyber Intelligence. The report also discovered that:

• The United States’ most sensitive cyber weapons were not separated into parts;�
• System users shared administrator-level passwords;�
• No effective thumb drive controls were in place; and�
• Historical data was available indefinitely to users.

I’m by no means a lawyer nor a politician, but seems like at the core of this debacle is a simple case of not implementing checks and balances that came back to haunt. And, while most princes are “charming,” I must say, Joshua Schulte, former CIA employee who worked at the Center of Cyber Intelligence and is on trial accused of stealing this data, is not charming in the least.