UGH: Multiple ‘CIA failures’ led to theft of agency’s top-secret hacking tools.

Agency officials soon convened the WikiLeaks Task Force to investigate the practices that led to the massive data loss. Seven months after first Vault 7 dispatch, the task force issued a report that assessed the extent and the cause of the damage. Chief among the findings was a culture within the CIA hacking arm known as the CCI—short for the Center for Cyber Intelligence—that prioritized the proliferation of its cyber capabilities over keeping them secure and containing the damage if they were to fall into the wrong hands.

“Day-to-day security practices had become woefully lax,” a portion of the report made public on Monday concluded. For instance, a specialized “mission” network reserved for sharing cyber capabilities with other agency hackers failed to follow basic practices, followed on the main network, that were designed to identify and mitigate data theft from malicious insiders.

“Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely,” the report continued. “Furthermore, CCI focused on building cyber weapons and neglected to also prepare mitigation packages if those tools were exposed. These shortcomings were emblematic of a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security.”

Apparently I run my little home network better than the CIA handles its most powerful cyber weapons.