top of page

'Woefully lax': report slams CIA cybersecurity after hacking tool leak

Updated: May 1, 2023

"Many of the Central Intelligence Agency’s most sensitive hacking tools were so poorly secured that it was only when WikiLeaks published them online in 2017 that the agency realized they had been compromised, according to a report released Tuesday.

The secret-spilling site drew international attention when it dumped a vast trove of malicious CIA code on the internet in March 2017.

The digital tools, sometimes described as “cyber weapons,” provided a granular look at how the CIA conducts its international hacking operations. It also deeply embarrassed the U.S. intelligence community, which has repeatedly been hit by large-scale leaks over the past decade.

An internal CIA report here dated October 2017 and released by Democratic U.S. Senator Ron Wyden on Tuesday described security at the agency's Center for Cyber Intelligence - the unit responsible for designing the tools - as "woefully lax."

“Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely,” the report said. It described the WikiLeaks disclosure as “the largest data loss in CIA history.”

Recent Posts

See All


bottom of page