Four years ago the CIA found that a collection of cyber warfare tools, known as “Vault 7” had been stolen and distributed across the net. These tools included the “EternalBlue” style malware that was used to wreak havoc on unprotected our out-of-date systems (such as those found in healthcare facilities). Worse, the information contained in Vault 7 included descriptions and tips on how to use the tools within. Every secret cam with a user’s guide and best practices, further increasing the danger of the leaked items. An investigation into the theft was launched by the CIA, which found that the CIA group in charge of the Vault 7 tools, the CIA Center for Cyber Intelligence (“CCI”), was stunningly lax when it came to the most basic of cyber security considerations going so far as to share administrative level passwords between members and failing to compartmentalize or restrict access as necessary. The investigation found that due to the state of the security measures around the Vault 7 information, the true scope of the theft was unknown and can only be estimated to be somewhere between 180 gigabytes and 34 terabytes (34,000 gigabytes), which is a large range.
Any major corporation monitors the usage of its employees for unusual activity or suspicious behavior. Such monitoring provides valuable insight towards identifying potential insider theft, a real and present threat facing corporations. Most attacks occur with or with the aid of an insider who has become disgruntled or convinced to provide access. CCI had no such safeguards in place, not even basic behavior monitoring. Further, CCI lacked a dedicated security officer, preferring to distribute the tasks amongst its members, which lead to a lack of oversight into the security status in the group. This lack of basic protocols, controls, and safeguards has drawn attention from lawmakers, in particular Senator Ron Wyden, who has questioned John Ratcliffe, the Director of National Intelligence with purview over all of the US’s intelligence agencies, why such a breach was allowed to occur and why seemingly nothing was done to correct it. Senator Wyden is also further calling for current laws, which allow Federal intelligence agencies to operate outside Federally mandated requirements, to be amended or repealed as he feels that this breach clearly demonstrates the inability to follow any proper security protocols.