Risk & Repeat: Vault 7 report slams CIA security practices
This week's Risk & Repeat podcast discusses the CIA's internal task force report on the Vault 7 leak, which blasted the agency for a variety of serious security lapses.
This week's Risk & Repeat podcast discusses the CIA's internal report on the Vault 7 leak and what it said about the infosec practices of the agency and the overall federal government.
The Wikileaks Task Force Final Report, which was presented in 2017 but not made public until this week, presented scathing criticisms of the CIA over the theft and release of the agency's hacking tools and exploits, dubbed "Vault 7" by WikiLeaks. The task force report said the CIA didn't know the Vault 7 data had been stolen in 2016 from the Center for Cyber Intelligence's servers until the cyberweapons were published by WikiLeaks nearly a year later. In addition, the report also cited "woefully lax" security practices, including sharing system administrator-level passwords.
In this episode, SearchSecurity editors Rob Wright and Alex Culafi discuss the Vault 7 report, its most serious findings and the implications for the CIA and the federal government.