Theft of CIA's "Vault Seven" Hacking Tools Due to Its Own Lousy Security

The Washington Post is reporting on an internal CIA report about its “Vault 7” security breach:

The breach—allegedly committed by a CIA employee—was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA’s history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agency’s techniques.

The October 2017 report by the CIA’s WikiLeaks Task Force, several pages of which were missing or redacted, portrays an agency more concerned with bulking up its cyber arsenal than keeping those tools secure. Security procedures were “woefully lax” within the special unit that designed and built the tools, the report said.

Without the WikiLeaks disclosure, the CIA might never have known the tools had been stolen, according to the report. “Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss,” the task force concluded.

The task force report was provided to The Washington Post by the office of Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, who has pressed for stronger cybersecurity in the intelligence community. He obtained the redacted, incomplete copy from the Justice Department.

It’s all still up on WikiLeaks.

Posted on June 18, 2020 at 6:34 AM4 Comments


Robin June 18, 2020 6:48 AM

From the Wikileaks site:
” To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufactures and computer hackers can freely “pirate” these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets. ”

myliit June 18, 2020 8:27 AM

Meanwhile Joshua Schulte and his courtcase(s) are in the news.

“The WaPo got a copy of the WikiLeaks Task Force report introduced as evidence in the Joshua Schulte from Ron Wyden’s office and so, four months after it was first made public, is declaring the scathing report “news”. (Note, WaPo does not reveal that InnerCity Press made this report public months ago after fighting for its release.)

The report is scathing. But it describes what any news outlet that covered the trial closely would have reported in real time (as well as the evidence that one after another Schulte denial had been contradicted by evidence submitted at trial), and as such is a confession that besides some passing coverage, few national security journalists did cover this trial and all its alarming disclosures.

The trial showed that Schulte tried to make sure 1TB of data got transferred properly in early May 2017 and then wiped two TB disk drives; this report from early in the investigation assesses that Schulte stole “at least 180 gigabytes to as much as 34 terabytes of information,” something CIA later got more certainty about. The government provided evidence that Schulte inserted outside CDs and thumb drives into his CIA workstation, made a copy of a months-old backup file, and set an Admin password for the files he is accused of stealing, which is why the report focuses so closely on the findings that, “users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely.”


While this motion to get records of how this jury was chosen may not lead to a challenge, ultimately, he seems prepared to argue that the pandemic prevented him from being tried by a jury of his peers. And that’s happening all while he’s refusing (as is his right) to toll Speedy Trial rights during the pandemic. (Plus, I’m not sure prosecutors are being very attentive to excluding the time that the defense itself has asked for.)

The press is only now waking up to what the trial (and the prior court filings) has shown. Perhaps now that they’ve tuned in they’ll bother to explain why the guy who allegedly burned the CIA to the ground may well get off on all his Espionage and hacking related charges?

[… from jaango in comments: ]

Over the course of ‘time’ I have been following this subject matter.

Take for example and prior to my military discharge, my ‘mission’ was to protect and operate a facility that was operated as a warehouse for the usage of both storing and distributing “materials” that were categorized as TOP SECRET and above SIOP-ESI. Thus, I had, at the time, considerable familiarity with SIOP and above designations.

Therefore, the ‘info’ collected falls into two subject categories, and designated as to where the info originated and well as the ‘distribution’ of such info. Consequently, the administrative legality is subject to law and followed by conspiracy. Thus, was the ‘info’ legally approved, is the first question to be addressed. The second question be addressed is on who ‘received’ such info and which falls into the category of ‘conspiracy.’ and where Treason or not was exercised?

To date, the DOJ attorney’s ‘prosecuting’ this legal squabble, should have their employment terminated due to their gross incompetence. Consequently, did this malefactor break the law and further, establish a conspiracy in the distribution of said ‘info.’ …”

Tatütata June 18, 2020 9:39 AM

Consequently the CIA has secretly made most of its cyber spying/war code unclassified.

I worked on a small project decades ago for a minor TLA/eTLA customer. I had to adapt a piece of transmission equipment to the exact specs written in the RFP. The variations were technically rather inconsequential, but it was suspected that they had found their way in the paperwork to favour a certain competitor, so it was essential that the letter of the spec, no matter how inane, was strictly adhered to, in order to forestall protest by any other party. I managed the assignment by cutting traces, and adding a couple of jumpers and diodes around LSTTL logic, avoiding a major redesign. It was something the model shop handled with grace. I also provided detailed instructions for the software bloke (the revised logic was a tad convoluted), and made sure the unit still performed to its native spec.

The co-worker in charge of the baseband interface didn’t have it so easy, as the customer wouldn’t release the specific line interface levels, since they were “secret”. Doh! His mods had to provide for some sort of handshake identifying the transmission equipment as “red” or “black”, to avoid accidentally connecting a secret signal source to a clear transmission channel. I understand that thing had to connect to a crypto unit, and the customer couldn’t quote ANY information whatsoever from its classified specs. So the colleague had to guess, and submit general proposals about what he could do, and eventually got a discreet nod from the customer.

Bureaucratic absurdity…

DeQuincey June 22, 2020 7:23 PM

“Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss,” the task force concluded.

So Julian Assange deserves a medal for bringing it to their attention, right?

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.