CIA leak 'absolutely' an 'inside job'

Uploaded on 2017-03-15 in INTELLIGENCE--USA, FREE TO VIEW

Former CIA Deputy Director Mike Morell has said that the WikiLeaks' dump of documents it claims are from the top-secret CIA hacking program is "absolutely" an "inside job."

Speaking with "CBS This Morning," Morell said the spy agency should be asking itself whether the leaker was a staff employee or a contractor, and whether there were any "red flags" that were missed.

When asked whether it’s clear to him that this could have been an inside job, Morell answered, "Absolutely."

"This data is not shared outside CIA. It's only inside CIA," Morell said. "It's on CIA's top secret network, which is not connected to any other network. So, this has to be an inside job."

WikiLeaks has said it will not reveal its source.

Morell warned against WikiLeaks' plan to share the technical details on the CIA's surveillance operation with tech companies, whose products were mentioned in the documents as being vulnerable to the spy program.

Morell said this information is "valuable" to US adversaries, because if obtained, they can search their own networks for any CIA bugs.

In the first wave of what it dubbed the "Vault 7" publications, WikiLeaks dumped more than 8,700 documents that it claims reveal the inner workings of the CIA's secret hacking program from 2013 to 2016. The CIA's malware, Trojans and weaponised viruses have the capability of bypassing encryption protection in a wide range of devices made in Europe and US, including Apple's iPhone, Google's Android and Microsoft's Windows, as well as smart TVs, turning them into covert microphones.

While the CIA wouldn't say whether the WikiLeaks documents are real, and would not confirm reports that it is investigating any leaks, it warned that any time WikiLeaks publishes something that could hurt the CIA's ability to do its job is a problem.

"The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries," a CIA spokesperson said in a statement. "Such disclosures not only jeopardise US personnel and operations, but also equip our adversaries with tools and information that do us harm."

Two other former heads of the CIA, former CIA Director Michael Hayden and former acting CIA Director John McLaughlin, expressed concerns this week about the timing of the "Vault 7" document dump, saying it brought to mind Russian interference allegedly aimed at helping President Trump.

Former CIA director David Petraeus said the leak could be as damaging to national security as former NSA contractor Edward Snowden's 2013 leak of secret information from the National Security Agency's surveillance programs.

Washingtons Examiner:

 

« New App Minimising Police Violence
Estonian Honey Trap »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

National Cyber Security Centre Finland (NCSC-FI)

National Cyber Security Centre Finland (NCSC-FI)

The NCSC-FI develops and monitors the operational reliability and security of communications networks and services in Finland.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

RISE

RISE

RISE is an independent, State-owned research institute, which offers unique expertise and over 100 testbeds and demonstration environments for future-proof technologies, products and services.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Senteon

Senteon

Senteon is a turnkey cybersecurity platform designed to make securing confidential data affordable, understandable, and streamlined for small-to-mid sized businesses and MSPs.

Cypheria

Cypheria

Cypheria harness the expertise of elite military units and combine it with extensive digital combat experience to deliver unparalleled security solutions for organizations.

Prismo Systems

Prismo Systems

Prismo provides a unified platform to secure software development across the entire SDLC and deployment on any cloud or on-premises infrastructure.