CIA's specialised hacking unit failed to protect its own systems from hackers, investigation finds

CIA discovered the breach only after classified information was published by WikiLeaks

The theft of a trove of highly classified data from the US Central Intelligence Agency (CIA) in 2016 happened because agency's specialised hacking unit failed to protect its own systems from hackers, an internal CIA report has found.

The Washington Post first reported on the document this week, which says that agency's elite unit was so focused on developing cyber tools that an employee was able to successfully steal CIA's secret hacking tools and offer them to pro-transparency group WikiLeaks.

The agency only came to know about the breach only in March 2017 after WikiLeaks published the information in a release dubbed "Vault 7". WikiLeaks described the release as the largest trove of CIA documents, revealing details of some of the agency's advanced cyber weapons.

The CIA's own investigators estimated that up to 34 terabytes of data may have been stolen in the leak.

The revelation also caused CIA to immediately stop some intelligence operations.

"We failed to recognise or act in a coordinated fashion on warning signs that a person or persons with access to CIA classified information posed an unacceptable risk to national security," the October 2017 report by the CIA's WikiLeaks Task Force states.

The report, which is heavily redacted, further states that the breach occurred due to security shortcomings that often prioritised collaboration and creativity at the cost of security. It stresses that the CIA had no idea about the full extent of the breach because the Centre for Cyber Intelligence (CCI), from where the secret documents were stolen, failed to implement user activity monitoring or other safety measures.

Security procedures within the elite unit that built the tools were "woefully lax," and CCI employees neglected to prepare "mitigation packages if those tools were exposed," the task force said.

The report excerpts were recent submitted as evidence in the criminal trial of Joshua Schulte, a former CIA employee accused of stealing CIA's hacking tools and giving them to WikiLeaks.

Schulte has pleaded not guilty in this case. His attorneys told the court at a trial this year that security on CIA's computer network was so poor that any one of the employees or contractors may have had the same access to the same documents as Schulte.

A jury failed to reach a judgement in March on whether Schulte provided CIA's tools to WikiLeaks. However, he was found guilty of making false statements to the Federal Bureau of Investigation and contempt of court.

Prosecutors have said that they plan to try Schulte again this year.