Skip to main content
banner image
venafi logo

The True Meaning of Vault 7 CIA Leaks? An Alarm against Snowden-Like Insiders

The True Meaning of Vault 7 CIA Leaks? An Alarm against Snowden-Like Insiders

vault 7 cia leaks
May 9, 2017 | David Bisson

WikiLeaks' publication of the Vault 7 CIA documents should serve as a reminder to organizations everywhere about the threat of Snowden-like insiders.

On March 7, WikiLeaks published several thousands of pages of documents detailing software used by the United States Central Intelligence Agency (CIA) to break into all kinds of digital devices. One program called "Wrecking Crew" details how agents can crash a targeted computer, whereas another tool focuses on the theft of passwords using Internet Explorer's auto-complete feature. Other utilities describe exploits for Android and Apple mobile phones as well as for smart television sets.

To a certain extent, The New York Times is right to have called the leaks, which are collectively nicknamed "Vault 7," a "serious blow" to the CIA. But the impact of the leaks extends beyond the Agency. CIA Director Mike Pompeo articulated this viewpoint in an address to the Center for Strategic and International Studies when he labeled WikiLeaks a "non-state hostile intelligence service often abetted by state actors like Russia."

TechCrunch's Eric O'Neill drives home the true meaning of the CIA leaks:

"The truth of the matter is that the breach of the CIA’s attack tools not only placed the U.S. at a deficit in our offensive cyber capabilities, it has threatened the world’s most critical businesses, organizations and national security peace of mind. To echo Pompeo’s statements, we are now all more vulnerable."

Sound familiar? It should. After all, it's only been a few years since national security officials voiced those same concerns after Edward J. Snowden gave National Security Agency documents to journalists. This leak is different in that the exposed documents don't include examples of how the agents used the tools against foreign targets, which The New York Times notes could limit the leaks' effects on U.S. national security. But the FBI will spend much of its investigation into the CIA breach examining how WikiLeaks obtained the documents. For example, it will look to see if a foreign agent recruited an insider to perpetrate the leaks or if a CIA employee exposed the hacking tools on their own accord.

Between Snowden and now the CIA breach, the intelligence community has an ongoing problem with insiders exposing sensitive information. Government entities can shore up their IT security by reallocating spending to remediation and detection as well as investing in automated security systems. But as Venafi pointed out after the Snowden leaks, organizations in the public sector also need to increase (or establish) their awareness of their encryption keys and certificates.

Around the time of the Snowden leaks, the Ponemon Institute surveyed 2,300 large organizations and reported that these organizations have, on average, more than 17,000 keys and certificates in their core infrastructure alone. This number doesn’t include mobile apps or the SSH keys that administrators use to access systems. Ponemon also reported that 51% of organizations don’t know where and how these keys and certificates are used. Unfortunately, industry experts agree this number is grossly underreported.

Has anything really changed since Snowden? If anything, the number of keys and certificates managed by organizations has grown in the last three years. Therefore, if organizations haven't worked to improve control of their keys and certificates, they are still vulnerable to attackers abusing trusted status to evade detection.

Are you aware of all your organization's keys and certificates?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more