Wikileaks 'Vault 7' expose: CIA ignored warning signs, says report

After Wikileaks published the CIA documents dubbed "Vault 7" three years ago, a review of the incident by the CIA Wikileaks task force pointed towards lax cybersecurity practices at the premier US spy agency.

The report highlighted CIA hackers failed to follow basic practices with sensitive cyber weapons not compartmented. "Users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely," the report said.

In 2017, Wikileaks had exposed CIA's top-secret hacking tools which reportedly comprised 34 terabytes of information which was believed to be CIA's biggest data loss in history.

CCI, known as  Center for Cyber Intelligence "focused on building cyber weapons and neglected to also prepare mitigation packages if those tools were exposed. These shortcomings were emblematic of a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security," the report stated.

The task force said the agency did not empower any single officer to ensure all agency information systems were secure, neither did it keep pace with "emerging threats".

The report said the agency failed to act in a coordinated fashion on "warning signs". The report was released on Tuesday by Democrat Senator Ron Wyden from Oregon who is a member of the US Senate Intelligence Committee. 

Wyden received a redacted version from the Justice Department. The report said that the CIA did not know the full extent of the leak beacuse CCI "did not require user activity monitoring or other safeguards," while adding that,"CCI focused on building cyber weapons and neglected to also prepare mitigation packages if those tools were exposed."