The
CIA’s vast database of software vulnerabilities has not only been
putting the cyber security of millions of Americans at risk for
years, it has also cost American taxpayers millions of dollars, as
the agency has had to pay for a monopoly on the vulnerabilities.
Considering that the CIA lost control of this database over a year
ago, those dollars have essentially been wasted.
Part
4 - Losing control and compromising security on an unprecedented
scale
Despite
pouring millions into the purchase and hoarding of technological
vulnerabilities, the contents of this vast database did not stay
secret for very long. Wikileaks, during its press conference on the
“Vault 7” release, noted that the CIA “lost control of the
the majority of its hacking arsenal.” According to the source
that provided the documents to Wikileaks, the CIA’s hacking tools
and exploits had been “circulated among former U.S. government
hackers and contractors in an unauthorized manner,” leading to
their proliferation.
As Wikileaks
also noted, proliferation is a major risk in this case, considering
that “once a single cyber ‘weapon’ is ‘loose’ it can
spread around the world in seconds, to be used by rival states, cyber
mafia and teenage hackers alike.” More concerning is that the
“unauthorized manner” in which the tools were shared means that
these rival states and faceless hackers likely gained access to the
CIA’s hacking tools and exploit long before Wikileaks made them
public. However, the CIA still kept these vulnerabilities hidden from
tech companies and the public, despite having lost control over them.
But even
before the CIA lost control, it was already compromising the security
of millions of Americans by intentionally leaving the vulnerabilities
open. The fact that U.S. intelligence agencies intentionally
threatened the cyber security of millions of citizens to
surreptitiously favor its own surveillance tactics makes the
“national security” excuse decidedly ineffective.
This is
particularly true as the U.S. government isn’t the only group that
is likely making use of such tools, especially considering that they
were shared so loosely and have now been made public.
As Kevin
Bankston, the director of the New America Foundation’s Open
Technology Institute, told Wired:
“If the
CIA can use it, so can the Russians, or the Chinese or organized
crime. The lesson here, first off, is that stockpiling a bunch of
vulnerabilities is bad for cybersecurity. And two, it means they’re
likely going to get leaked by someone.”
With leakers
currently plaguing the CIA and other parts of the U.S. government, it
seems the CIA’s quest to become all-powerful in cyberspace has
ultimately had the consequence of weakening cybersecurity and privacy
for everyone – including themselves.
***
Source
and links:
Comments
Post a Comment