CIA Cybersecurity Unit Didn’t Protect Itself Against Hacking, Moved Too Slowly To Safeguard Secrets: Report


Daily Caller News Foundation logo
Font Size:

A unit within the CIA tasked with developing hacking tools was itself compromised in what has been deemed the largest breach in the CIA’s history, according to an internal CIA report.

The breach occurred in 2016, and WikiLeaks published a cache of CIA hacking tools in 2017. The agency’s WikiLeaks Task Force said that a CIA employee was responsible for the breach and the leak to WikiLeaks, according to a 2017 task force report on the incident.

“The CIA’s Center for Cyber Intelligence had prioritized building cyber weapons at the expense of securing their own systems,” according to the report. “Day-to-day security practices had become woefully lax.”

Despite being put together in 2017, the report was only made public Tuesday after Democratic Sen. Ron Wyden of Oregon included the report in a letter sent to Director of National Intelligence John Ratcliffe. Wyden received the report from the Department of Justice after it made excerpts of the report public in court proceedings earlier in 2020, according to the letter.

The CIA has been slow to adopt security measures “due to resource choices and cultural resistance,” the report stated. (RELATED: Judge Permits The Feds To Confiscate Snowden Book Profits)

The hacker stole at least 180 gigabytes of information, according to Wyden. However, it is possible the hacker stole up to 34 terabytes of information, the equivalent of 2.2 billion pages in Microsoft Word, The Associated Press reported.

Sen. Ron Wyden speaks during the Senate Intelligence Committee nomination hearing for Rep. John Ratcliffe on May 5, 2020. (Photo: Andrew Harnik/Pool/AFP via Getty Images)

Sen. Ron Wyden speaks during the Senate Intelligence Committee nomination hearing for Rep. John Ratcliffe on May 5, 2020. (Photo: Andrew Harnik/Pool/AFP via Getty Images)

“The security was so poor, according to the report, if these hacking tools had ‘been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss — as would be true for the vast majority of data on Agency mission systems,’” Wyden said, citing the report. 

Wyden also referenced how Congress exempted the intelligence community from having to adhere to cybersecurity measures put forth by the Department of Homeland Security in 2014. Congress enabled the Department of Homeland Security to require federal agencies to adhere to those measures after a series of cybersecurity “lapses,” Wyden said. 

“Unfortunately, it is now clear that exempting the intelligence community from baseline federal cybersecurity requirements was a mistake,” he said. (RELATED: Iran Sentences Alleged CIA Spy To Death)

The Office of the Director of National Intelligence received Wyden’s letter and will respond accordingly, Susan Meisner, a media relations officer, told the Daily Caller News Foundation.

The release of 2017 CIA documents was, at the time, the largest publication of confidential CIA documents in WikiLeaks’ history, according to a press release from the organization. 

“This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA,” according to the WikiLeaks press release.

The CIA didn’t immediately respond to a request for comment.

Harry Whitehead contributed to this report.

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact