The Daily Parker

Politics, Weather, Photography, and the Dog

Great security, guys

Via Schneier, it seems that our security services have not done a great job at, you know, security:

[J]ust how bad is the CIA’s security that it wasn’t able to keep [accused leaker and former CIA sysadmin Joshua] Schulte out, even accounting for the fact that he is a hacking and computer specialist? And the answer is: absolutely terrible.

The password for the Confluence virtual machine that held all the hacking tools that were stolen and leaked? That’ll be 123ABCdef. And the root login for the main DevLAN server? mysweetsummer.

It actually gets worse than that. Those passwords were shared by the entire team and posted on the group’s intranet. IRC chats published during the trial even revealed team members talking about how terrible their infosec practices were, and joked that CIA internal security would go nuts if they knew. Their justification? The intranet was restricted to members of the Operational Support Branch (OSB): the elite programming unit that makes the CIA’s hacking tools.

Oh dear. We used to have the best tools and people in the world. Now it just looks like we have a bunch of tools.

Comments are closed