CIA Dirty Laundry Aired
Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out:
All this raises a question, though: just how bad is the CIA’s security that it wasn’t able to keep Schulte out, even accounting for the fact that he is a hacking and computer specialist? And the answer is: absolutely terrible.
The password for the Confluence virtual machine that held all the hacking tools that were stolen and leaked? That’ll be 123ABCdef. And the root login for the main DevLAN server? mysweetsummer.
It actually gets worse than that. Those passwords were shared by the entire team and posted on the group’s intranet. IRC chats published during the trial even revealed team members talking about how terrible their infosec practices were, and joked that CIA internal security would go nuts if they knew. Their justification? The intranet was restricted to members of the Operational Support Branch (OSB): the elite programming unit that makes the CIA’s hacking tools.
The jury returned no verdict on the serious charges. He was convicted of contempt and lying to the FBI; a mistrial on everything else.
Don β’ March 10, 2020 7:29 AM
Watched “The Report” last night (Prime Video, sorry, don’t recall) which is about the US Senate investigation into the CIA’s use of Enhanced Interrogation Techniques” which their own internal studies showed were not effective at all. Seems that torture isn’t effective to get any truth.
It isn’t a huge action film, but as the Senate investigation team works through CIA documents, emails, and memos, the descriptions of acts are shown.
An embarrassing time for many to be in the CIA, over the last few decades. If you work for the govt and are specifically told that your elected boss cannot know what you are doing, then perhaps that’s a really bad idea to be doing it. Duh.