Why CIA couldn’t stop theft of its most powerful hacking tools

A specialised CIA unit that developed sophisticated hacking tools and cyber weapons didn’t do enough to protect its own operations and wasn’t prepared to adequately respond when the secrets were stolen, according to an internal report prepared after the worst data loss in the intelligence agency’s history.

“These shortcomings were emblematic of a culture that evolved over years that too often prioritised creativity and collaboration at the expense of security,” according to the report, which raises questions about cybersecurity practices inside US intelligence agencies.

Democrat Senator Ron Wyden, a senior member of the Senate Intelligence Committee, obtained the redacted report from the Justice Department after it was introduced as evidence in a court case this year involving the stolen CIA hacking tools.

He released it on Tuesday along with a letter he wrote to new national intelligence director John Ratcliffe, asking him to explain what steps he’s taking to protect the nation’s secrets held by federal intelligence agencies.

The October 2017 report, whose findings were first reported by The Washington Post, examined the theft one year earlier of sensitive cyber tools the CIA had developed to hack into the networks of adversaries.

02:04

Two Chinese hackers charged as US accuses China of ‘massive hacking campaign’

Two Chinese hackers charged as US accuses China of ‘massive hacking campaign’

The document is dated months after WikiLeaks announced that it had acquired tools created by the CIA’s specialised Centre for Cyber Intelligence. The anti-secrecy website published comprehensive descriptions of 35 tools, including internal CIA documents associated with them, according to the report.

The report describes the spring 2016 theft as the largest data loss in agency history – compromising at least 180 gigabytes to as much as 34 terabytes of information, or the equivalent of 11.6 million to 2.2 billion pages in Microsoft Word.