Previously unreported – published 02 NOV 2018
A bloody example of why Cyber Security is so important
– and if the CIA and US Intelligence Community cannot secure their own,
why do we (in the EU) rely mostly on the same technology they use?
In 2013, hundreds of CIA officers — many working nonstop for weeks — scrambled to contain a disaster of global proportions: a compromise of the agency’s internet-based covert communications system used to interact with its informants in dark corners around the world. Teams of CIA experts worked feverishly to take down and reconfigure the websites secretly used for these communications; others managed operations to quickly spirit assets to safety and oversaw other forms of triage.
“When this was going on, it was all that mattered,” said one former intelligence community official. The situation was “catastrophic,” said another former senior intelligence official.
From around 2009 to 2013, the U.S. intelligence community experienced crippling intelligence failures related to the secret internet-based communications system, a key means for remote messaging between CIA officers and their sources on the ground worldwide. The previously unreported global problem originated in Iran and spiderwebbed to other countries, and was left unrepaired — despite warnings about what was happening — until more than two dozen sources died in China in 2011 and 2012 as a result, according to 11 former intelligence and national security officials.
The disaster ensnared every corner of the national security bureaucracy — from multiple intelligence agencies, congressional intelligence committees and independent contractors to internal government watchdogs — forcing a slow-moving, complex government machine to grapple with the deadly dangers of emerging technologies.
In a world where dependence on advanced technology may be a necessary evil for modern espionage, particularly in hostile regions where American officials can’t operate freely, such technical failures are an ever present danger and will only become more acute with time.
“When these types of compromises happen, it’s so dark and bad,” said one former official. “They can burrow in. It never really ends.”
A former senior intelligence official with direct knowledge of the compromise said it had global implications for the CIA. “You start thinking twice about people, from China to Russia to Iran to North Korea,” said the former official. The CIA was worried about its network “totally unwinding worldwide.”
Yahoo News’ reporting on this global communications failure is based on conversations with eleven former U.S. intelligence and government officials directly familiar with the matter who requested anonymity to discuss sensitive operations. Multiple former intelligence officials said that the damage from the potential global compromise was serious — even catastrophic — and will persist for years.
More than just a question of a single failure, the fiasco illustrates a breakdown that was never properly addressed. The government’s inability to address the communication system’s insecurities until after sources were rolled up in China was disastrous. “We’re still dealing with the fallout,” said one former national security official. “Dozens of people around the world were killed because of this.”
One of the largest intelligence failures of the past decade started in Iran in 2009, when the Obama administration announced the discovery of a secret Iranian underground enrichment facility — part of Iran’s headlong drive for nuclear weapons. Angered about the breach, the Iranians went on a mole hunt, looking for foreign spies, said one former senior intelligence official.
The mole hunt wasn’t hard, in large part, because the communications system the CIA was using to communicate with agents was flawed. Former U.S. officials said the internet-based platform, which was first used in war zones in the Middle East, was not built to withstand the sophisticated counterintelligence efforts of a state actor like China or Iran. “It was never meant to be used long term for people to talk to sources,” said one former official. “The issue was that it was working well for too long, with too many people. But it was an elementary system.”
“Everyone was using it far beyond its intention,” said another former official.
The risks posed by the system appeared to have been overlooked in part because it was easy to use, said the former intelligence officials. There is no foolproof way to communicate — especially with expediency and urgency — with sources in hostile environments like Iran and China, noted the former officials. But a sense of confidence in the system kept it in operation far longer than was safe or advisable, said former officials. The CIA’s directorate of science and technology, which is responsible for the secure communications system, “says, ‘our s***’s impregnable,’ but it’s obviously not,” said one former official.
By 2010, however, it appears that Iran had begun to identify CIA agents. And by 2011, Iranian authorities dismantled a CIA spy network in that country, said seven former U.S. intelligence officials. (Indeed, in May 2011, Iranian intelligence officials announced publicly that they had broken up a ring of 30 CIA spies; U.S. officials later confirmed the breach to ABC News, which also reported on a potential compromise to the communications system.)
Iran executed some of the CIA informants and imprisoned others in an intelligence setback that one of the former officials described as “incredibly damaging.” The CIA successfully exfiltrated some of its Iranian sources, said former officials.
The Iranian compromise led to significantly fewer CIA agents being killed than in China, according to former officials. Still, the events there hampered the CIA’s capacity to collect intelligence in Iran at a critical time, just as Tehran was forging ahead with its nuclear program.
U.S. authorities believe Iran probably unwound the CIA’s asset network analytically — meaning they deduced what Washington knew about Tehran’s own operations, then identified Iranians who held that information, and eventually zeroed in on possible sources. This hunt for CIA sources eventually bore fruit — including the identification of the covert communications system.
A 2011 Iranian television broadcast that touted the government’s destruction of the CIA network said U.S. intelligence operatives had created websites for fake companies to recruit agents in Iran by promising them jobs, visas and education abroad. Iranians who initially thought they were responding to legitimate opportunities would end up meeting with CIA officers in places like Dubai or Istanbul for recruitment, according to the broadcast.
Though the Iranians didn’t say precisely how they infiltrated the network, two former U.S. intelligence officials said that the Iranians cultivated a double agent who led them to the secret CIA communications system. This online system allowed CIA officers and their sources to communicate remotely in difficult operational environments like China and Iran, where in-person meetings are often dangerous.
A lack of proper vetting of sources may have led to the CIA inadvertently running a double agent, said one former senior official — a consequence of the CIA’s pressing need at the time to develop highly placed agents inside the Islamic Republic. After this betrayal, Israeli intelligence tipped off the CIA that Iran had likely identified some of its assets, said the same former official.
The losses could have stopped there. But U.S. officials believe Iranian intelligence was then able to compromise the covert communications system. At the CIA, there was “shock and awe” about the simplicity of the technique the Iranians used to successfully compromise the system, said one former official.
In fact, the Iranians used Google to identify the website the CIA was using to communicate with agents. Because Google is continuously scraping the internet for information about all the world’s websites, it can function as a tremendous investigative tool — even for counter-espionage purposes. And Google’s search functions allow users to employ advanced operators — like “AND,” “OR,” and other, much more sophisticated ones — that weed out and isolate websites and online data with extreme specificity.
According to the former intelligence official, once the Iranian double agent showed Iranian intelligence the website used to communicate with his or her CIA handlers, they began to scour the internet for websites with similar digital signifiers or components — eventually hitting on the right string of advanced search terms to locate other secret CIA websites. From there, Iranian intelligence tracked who was visiting these sites, and from where, and began to unravel the wider CIA network.
U.S. intelligence officials were well aware of Iran’s formidable cyber-espionage capabilities. But they were flabbergasted that Iran managed to extirpate an entire CIA spy network using a technique that one official described as rudimentary — something found in basic how-to books.
But the events in Iran were not self-contained; they coincided roughly with a similar debacle in China in 2011 and 2012, where authorities rounded up and executed around 30 agents working for the U.S. (the New York Times first reported the extirpation of the CIA’s China sources in May 2017). Some U.S. intelligence officials also believe that former Beijing-based CIA officer Jerry Lee, who was charged with spying on behalf of the Chinese government in May 2018, was partially responsible for the destruction of the CIA’s China-based source network. But Lee’s betrayal does not explain the extent of the damage, or the rapidity with which Chinese intelligence was able to identify and destroy the network, said former officials.
U.S. officials believe that Chinese intelligence obtained physical access to the transitional, or temporary, secret communications system used by the CIA to correspond with new, unvetted sources — and broke through the firewall separating it from the main covert communications system, compromising the CIA’s entire asset network in that country, Foreign Policy reported earlier this year.
It’s not clear whether China and Iran cooperated, but the former officials said the communications systems used in both countries were similar. The two governments may have broken the system independently. But Iranian, Chinese and Russian officials were engaged in senior-level communications on cyber issues around this time, recalled one former senior intelligence official —interactions that were “very suspicious in hindsight.”
The CIA declined to comment. The Iranian Mission to the UN did not respond to requests for comment.
Some U.S. intel officials took the interactions as an indicator of enhanced open coordination among these countries, and even a nascent alliance against the U.S. and its Five Eyes intelligence partners, this person said. (U.S. officials also believe Chinese officials subsequently shared information about their penetration of the secret CIA system with their Russian counterparts.)
“Our adversaries dramatically upped their game” in their offensive hacking operations, including those geared toward cracking the U.S. covert communications platforms, during this period, said another former senior intelligence official. This almost certainly included information sharing between these countries on U.S. covert communications techniques, said multiple former officials — the makings of a real-life “axis of evil.”
There were discrete signs of potential cooperation. Around the time of the purges of CIA informants in Iran and China, senior counter-espionage officials from China’s Ministry of State Security visited their counterparts in Tehran, said four former U.S. officials.
Some officials believe the two countries engaged in a trade — perhaps with Iran providing China with the technical information needed to pinpoint signs of online activity on the communications system, in exchange for military hardware, speculated one former official. “That’s the spy service way,” said another former official.
With dawning horror, U.S. officials realized that once Iranian or Chinese intelligence officials were able to pinpoint CIA assets within their own borders, they were almost certainly capable of zeroing in on similar digital signatures in other countries, former officials said.
Former officials said the fallout from the compromises was likely global in scope — potentially endangering all CIA sources that used some version of this internet-based system worldwide.
“You establish these networks that are obviously critical to our ability to really understand what our adversaries are up to — there’s a pride in that — and when something that valuable starts to fall apart, the concern is, ‘Are we developing a house of cards?’” said one former senior official. “A lot of bells went off” during this time, said this person, because “whatever methods and procedures we were using were in jeopardy because of what the Chinese and Iranians had determined. You find that you’re blind.”
These multiple, overlapping failures of the communication system created systemic problems for the agency. “There was a cascade of effects that flowed outward” from the initial breaches, said another former intelligence official. “Part of the problem was trying to figure out the second and third order of effects.”
Repairing this breach had to be approached with extraordinary delicacy because attempted fixes can expose sources. Iran or China could then target and flip those CIA sources, or use information about them as bargaining chips with other intelligence services, former officials said. Around this time, Iranian intelligence officials also began aggressively pitching CIA officers to become double agents —meaning that they had somehow identified agency personnel, potentially through this wider compromise, said one former intel official.
One country where the impact appears to have been contained is Russia. CIA officials who focus on Russia knew about the China ordeal and quickly adjusted their communications with sources accordingly, some of the former officials said. Aspects of the CIA’s Russia operations have historically been walled off from the rest of the agency, which likely helped minimize the damage. But the issue was so acute in the Middle East that the CIA was forced to suspend its use of internet-based covert communications systems there several times.
The problems were exacerbated by increasingly aggressive Iranian cyber-espionage. The Iranians “were very good tactically,” one former official said, and were adept at “breaking into low-level communications in the field, such as between Iraqi forces and their American counterparts.”
Starting around 2013, Iranian cyber experts seemed to be tracking CIA agents outside their own borders, including in Yemen, where Iran eventually compromised the internet-based covert communications system there, said one of the former officials. During this time, emergency meetings had to be scheduled at the agency because the Iranians had “hacked into systems outright that had nothing to do with them,” said this person — that is, those beyond Iran itself.
“Iran was aggressively going out to hunt systems down,” the former official said. “They weren’t just protecting themselves anymore.”
As Iran was making fast inroads into the CIA’s covert communications system, back in Washington an internal complaint by a government contractor warning officials about precisely what was happening was winding its way through a Kafkaesque appeals system.
In 2008 — well before the Iranians had arrested any agents — a defense contractor named John Reidy, whose job it was to identify, contact and manage human sources for the CIA in Iran, had already sounded an alarm about a “massive intelligence failure” having to do with “communications” with sources. According to Reidy’s publicly available but heavily redacted whistleblower disclosure, by 2010 he said he was told that the “nightmare scenario” he had warned about regarding the secret communications platform had, in fact, occurred.
Reidy refused to discuss his case with Yahoo News. But two former government officials directly familiar with his disclosure and the investigation into the compromises in China and Iran tell Yahoo News that Reidy had identified the weaknesses — and early compromise — that eventually befell the entire covert communications platform.
Reidy’s case was complicated. After he blew the whistle, he was moved off of his subcontract with SAIC, a Virginia company that works on government information technology products and support. According to the public disclosure, he contacted the CIA inspector general and congressional investigators about his employment status but was met with resistance, partially because whistleblower protections are complicated for federal contractors, and he remained employed.
Meanwhile, throughout 2010 and 2011, the compromise continued to spread, and Reidy provided details to investigators. But by November 2011, Reidy was fired because of what his superiors said were conflicts of interest, as Reidy maintained his own side business. Reidy believed the real reason was retaliation.
In his 2014 appeal to the intelligence community inspector general, first published by McClatchy News, Reidy describes the first signs of compromise in stunning detail — though it was unclear at the time, because of what was redacted, what issue he was addressing. “As our efforts increased, we started to notice anomalies in our operations … sources abruptly and without reason ceasing all communications with us,” he wrote.
Something, he realized, was deeply wrong with the agency’s human sources network. The “U.S. communications infrastructure was under siege,” he wrote. Reidy warned that the problem wasn’t limited to a single country — it extended to everywhere the CIA operates. Close to 70 percent of operations at the time were potentially compromised, he noted. In other words, an entire class of CIA agents — those using some iteration of the online system — was in danger. “CIA is aware of this,” he wrote. “The design and maintenance of the system is flawed.”
Reidy’s complaint wasn’t fully addressed for many years. But when the wide-scale arrest of sources in Iran happened, the CIA eventually launched an investigation. The deaths in China sent investigators into overdrive. Teams from the CIA, the FBI and the House Permanent Select Committee on Intelligence scrambled to try to figure out what had happened — and how to stem the damage.
“Can you imagine how different this whole story would’ve turned out if the CIA [inspector general] had acted on Reidy’s warnings instead of going after him?” said Kel McClanahan, Reidy’s attorney. “Can you imagine how different this whole story would’ve turned out if the congressional oversight committees had done oversight instead of taking CIA’s word that he was just a troublemaker?”
Irvin McCullough, a national security analyst with the Government Accountability Project, a nonprofit that works with whistleblowers, put the issue in even starker terms. “This is one of the most catastrophic intelligence failures since Sept. 11,” he said. “And the CIA punished the person who brought the problem to light.”
The roll-up of the CIA’s networks reignited debates within the U.S. intelligence community about the merits of high-tech versus low-tech methods of communicating with sources. Within some corners of the intelligence world, “there was a widely held belief that technology was the solution to all communications problems,” according to one of the former officials. Proponents of older methods — such as chalk marks, burst communications, brush passes and one-time pads — were seen as “troglodytes,” said this official.
The failure of the communication system was discussed extensively in closed-door hearings at the House and Senate intelligence committees, according to several former officials. “Some of the senators and congressman went nuts about this, and they should have,” one of them said.
A spokesperson for the Senate Intelligence Committee declined to comment. The House Intelligence Committee did not respond to requests for comments.
One of the central concerns among those familiar with the scope of the breakdown is the institutions responsible for it were never held accountable. Doing a comprehensive investigation isn’t easy, “but you have an absolute obligation to do that, because if you don’t, all you’re doing is rolling the dice with future lives,” said one former senior official.
Even several years after the breach, the concern within the intelligence community is accountability.
“When we continuously allow things like this to happen, and Congress doesn’t do anything, and the institutions don’t do anything, you’re going to have worse issues,” said another former official.
“People will say, ‘I went to the inspector general and it didn’t work; I went elsewhere and it didn’t work.’ People will see it as a game. It will lead to corruption, and it will lead to espionage. When people see that the system is corrupt, it affects everything.”
In the end, said the former official, “our biggest insider threat is our own institution.”