The recent leak of CIA documents demonstrates just how vulnerable the United States is to the insider threat

On 7 March 2017, Wikileaks released what is purported to be most of the CIA’s hacking capability via stolen documents, in yet another indicator of the serious need for reform US cybersecurity.1  What was actually released is instrumental in understanding exactly how far behind the rest of the world the US is in terms of cyber-savvy and apparent disregard of potential leaks.  In today’s information age, intelligence is the most powerful tool of statecraft available to keep the US a step ahead of the game.  Specific steps must be taken to prevent dangerous leaks of this sort in the future.

Wikileaks released documents containing information detailing precisely how the CIA conducts its cyber operations and the extent of its capabilities.  The leak consisted of 9,000 secret files created from 2013 to 2016.2  The leak details what kinds of cyber targets the US pursues, and how it pursues them.  A couple of facets of the leak creating significant media buzz include the focus on smartphones and smart TVs inherent in a couple of the documents and the apparent capability to hack iPhones to a greater extent than previously thought possible.  The leak is, according to Wikileaks, from the CIA Center for Cyber Intelligence, an office devoted to hacking and SIGINT.Wikileaks leaked information specifically related to mission and specific capability, the most damaging possible leak.

Interestingly, the leaks do not reveal any superweapons, indicating that, unless the leak does not reveal as much as it claims to, the CIA cyber capability is significantly weaker than would have otherwise been expected. A number of the attack capabilities were simply significantly outdated – the CIA is able to hack iOS 8.1.1 for example, which was released in 2014, meaning that they can only hack those running a multiple generation old operating system.The leak also illustrated that the CIA apparently uses publicly available software and malware extensively.  The Agency has not developed any significant hacking tools beyond what any hacker with average ability could procure online according to Vault 7.The real question is what the extent of the leak actually is. It remains possible the CIA has cyber superweapons even more dangerous and secret.

Exactly how the leak was perpetrated is largely unknown, with Wikileaks claiming it was the work of an insider, which further illustrates the issues within the Intelligence Community related to disgruntled leakers.  Chelsea Manning and Robert Snowden, the two most recent leakers, who have received an incredible amount of media attention, simply were not dealt with very harshly by the US.  Punishment is a deterrent intended to stop crime, and insider leakers simply do not perceive the US as a legitimate threat to their activities.  Snowden tweeted about the leak from his hidden location in Russia, stating he believed it to be real early on in the story of the leak.Essentially, if the US continues to struggle with leaks of classified information and cyber-capabilities, hackers and leakers will only become bolder.

The US has also failed in crafting a strong response to the leak, as evidenced by comments and press releases which seemed largely reactive and cautious.  The CIA itself has heretofore only responded by stating, “We do not comment on the authenticity or content of purported intelligence documents.”1 Similarly, FBI Director Comey stated generally that, “there is no such thing as absolute privacy in America,” before speaking generally of the balance between security and privacy in remarks related to Vault 7.No other significant comments have been made, likely due to the general reticence of the Intelligence Community, leaving the response to what was likely an act of espionage or federal crime lackluster.

Compounded with US’ difficulties responding to leaks is increased Russian and Chinese willingness to promote US leaks, evidenced by the DNC hack of the 2016 election.  The Intelligence Community found that Russia had hacked the Democratic National Convention and leaked documents to Wikileaks to sway the election.Notably, cybersecurity expert James Lewis of the Center for Strategic and International Studies believes Russia likely behind the Vault 7 leak also.  Though Russian involvement is dubious, Russia and China are interested in US cybersecrets and looking to obtain them any way they can.

Ultimately, the US must respond to the increased threat of leaks by responding with strength.  Specifically, the US must reform its troubled background investigation process to more carefully vette potential leakers.  Additionally, the US must rigorously pursue stringent measures in every avenue available when pursuing justice against leakers.  Manning and Snowden were not handled well, and today the backlash of their actions is promoting further leaks.  The US must be stronger in how it responds to leaks. ■

    1. Scott Shane, Matthew Rosenberg, and Andrew Lehren. “Wikileaks Releases Trove Of Alleged CIA Hacking Documents.” New York Times. 7 Mar 2017. Web. 27 March 2017.
    2. Ewen MacAskill, Sam Thielman, and Philip Olterman. “Wikileaks Publishes ‘Biggest Ever Leak Of Secret CIA Documents.’” 7 Mar 2017. Web. 26 Mar 2017.
    3. Lee Matthews. “WikiLeaks Vault 7 CIA Dump Offers Nothing But Old News.” 8 Mar 2017. Web. 27 Mar 2017.
    4. Steven Bucci. “Blame Snowden And Manning For The Cia Leak.” 11 Mar 2017. Web. 26 Mar 2017.
    5. Rishaib Jain. “Wikipedia Vault 7 Leaks Effect: FBI Director Comey Says ‘There Is No Such Thing As Absolute Privacy In America.’” 9 Mar 2017.  Web.  26 Mar 2017.
    6. Eric Lipton, David Sanger, and Scott Shane. “The Perfect Weapon: How Russian Cyberpower Invaded The US.” 13 Dec 2016.  Web.  27 Mar 2017.
    7. Photo Credit:

Auburn University  |

Stock Images |