Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

FBI and CIA Hunt for Vault7 Insider: Report

The CIA and FBI have launched a joint investigation to find the suspected insider responsible for handing explosive top secret documents to WikiLeaks.

People familiar with the investigation told CBS News that agents have begun looking for a full-time CIA employee or contractor; one of hundreds that would have had access to the highly sensitive “Vault7” material that found its way into the hands of the whistleblower site.

It's believed the individual would have had physical access to the data, which WikiLeaks began publishing last month.

The news comes as the CIA appeared to take an increasingly hard line on the site and its founder Julian Assange last week.

New director, Mike Pompeo, hit out at WikiLeaks, claiming it has collaborated with the Kremlin.

“It’s time to call out WikiLeaks for what it really is – a non-state hostile intelligence service often abetted by state actors like Russia”, he’s reported as saying.

This is a 180-degree about turn from the position Pompeo held during the election campaign, when he was happy to tweet WikiLeaks data dumps of private Democratic National Committee (DNC) emails.

In fact, his boss Donald Trump exclaimed “I love WikiLeaks” when on the campaign trail, as the Guccifer 2.0 leaks – now thought to have been the work of state-sponsored Russian operatives – were publicized by the organization.

Huntsman Security head of product management, Piers Wilson, claimed a failure of access controls is to blame for the Vault7 leaks.

“The fact that an organization built around a culture of confidentiality, with a high degree of security knowledge and employee screening, and which has suffered breaches in the past, can still fall victim to insider attacks is a reminder to organizations of any size, in any sector,” he warned.

“Not only should a user have no access to data beyond what they need; if they somehow do access that data, or perform any unusual activity with that information they can access, alarm bells should ring loud and clear.” 

What’s Hot on Infosecurity Magazine?