One of the most controversial secrets about the CIA could have been revealed. Joshua Schulte is an individual accused of stealing confidential material from the agency to leak it through the popular platform WikiLeaks. U.S. Department of Justice (DOJ) has filed a profound case against him, so the defendant is likely to spend the rest of his days in prison.
However, this trial may have represented more losses than benefits to the CIA, as multiple details have been revealed during the process about what is happening within what is probably the most powerful government agency in the world.
One of the shameful secrets exposed relates to the leaking of a set of hacking tools developed by the CIA; known as Vault 7, filtering these tools is one of the lowest points of computer security.
Schulte was a CIA employee who was involved in multiple conflicts with his colleagues; although the agency did not want to fire him, as he considered it a valuable element. However, his conduct led him to be reinstated in different areas and even to have his access privileges removed to some agency servers.
Prosecutors argue that, after being repressed for his questionable actions, Schulte decided to take revenge on the agency and its employees by filtering out the aforementioned hacking tools. The worst case is that this incident demonstrates the nullity of the computer security measures with which the agency operates
According to the court documents, Vault 7 was stored in an implementation of Confluence with ridiculous security measures, as the username to access was mysweetsummer, while the password was 123ABCdef, a clear negligence on the part of the CIA.
As if that weren’t enough, this same password was used by all agency employees with access to Vault 7, and was even posted on the group intranet. Although the CIA claims that its intranet is fully protected, the low interest in computer security with which an agency like this operates is still scandalous. Even if the defendant spends the rest of his life without touching a computer, these kinds of resources will remain exposed until stricter computer security policies are established.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.