In a (very long) format that reads like a (bad) burlesque and improbable (but true) thriller, the New Yorker goes into detail, and with many twists and turns, on the story of a former elite hacker of the CIA accused of having leaked gigabytes of data to WikiLeaks, which serialized them for months in 2017 under the title ” Vault 7 “.

The first part of our review of the New Yorker investigation revealed in particular how the atmosphere that reigned in the OBS, the CIA’s elite hacker unit, initially described as ” juvenile ” by their supervisor, created a climate that gradually drifted towards much more toxic behaviors. It was, however, only the beginning. 

One of Joshua Schulte’s personal OBS projects had a codename typical of the unit’s testosterone geek humor: ” Brutal Kangaroo .” This suite of tools aimed to spy on computers disconnected from the Internet (“ air gap ”) via booby-trapped USB keys.

However, icing (rotten) on a cake (moldy), Schulte discovered, shortly before his effective resignation from the CIA, that he no longer had access to it. “ Imagine my shock ,” he explained afterwards, stressing that he had had “ a huge personal investment in the program ”.

Schulte then consulted the audit logs of the system, taking advantage of his administrator status which he still had, and discovered that the access rights had been taken away from him by one of his colleagues, Weber, vis-à-vis of which he had ” developed a particular resentment ” since he had appeared, ” as a sign of solidarity with Amol “, in court: 

“ Weber has since explained that his reasoning was simple: in the new branch of Schulte, he was “going to work on new projects” and therefore would not need access to old ones. But Schulte saw it as revenge. He viewed Weber as a bureaucratic bootlicker, Karen’s “trusty pawn.” Weber, he said, “schemed to kick me out of my own project”. »

Without asking permission, since he had acquired the status of system administrator, Schulte reactivated his access rights in the process, which only made his case worse, explains the New Yorker: ” When his managers l learned, they were so alarmed that they in turn stripped Schulte of his administrator privileges .”

“ The agency exists in a world of trust. We are granted access to classified information, and we are trusted to use that information only for the purposes for which we were given access ,” explains Weber.

Schulte was not the only agent of the American services to have problems of access rights, forced to “hack” the cybersecurity measures put in place by the authorities. The investigation which targeted him was indeed itself seriously complicated, both for the investigators of the FBI and those of the CIA, because the Vault 7 documents remained classified.

Internet users around the world could access them, but not US government employees, who were prohibited from viewing them on the Wikileaks site: 

” FBI officials were so nervous about visiting the website using Bureau computers or Internet connections (thus exposing their own networks to risk of cyber intrusion) that they sent an agent to buy a new computer laptop and visit the website safely in a Starbucks. »

Except that once the Vault 7 documents were uploaded to Wikileaks, the New Yorker recounts, ” the laptop itself became officially classified and had to be stored in a safe place .” However, the exhibit locker normally used by FBI agents could not do the job, “ because it was only classified up to the secret level ”. 

The investigators were forced to store the laptop ” in a supervisor’s office, in a special safe that had been certified to contain top secret documents “, while anyone could read them on WikiLeaks or the many media having relayed the Vault 7 revelations.

5/5 - (1 vote)