Sunday, November 4, 2018

"The CIA's communications suffered a catastrophic compromise. It started in Iran."

Sometimes I think the U.S. intelligence community isn't as good as they say they are.

I have this picture in my head of that Peter Strozk fellow in the Home for Retired Spooks with spy guys and gals from all around the world, Russians and Chinese and the Iranians and North Koreans and the British and the Germans and the Israelis and the Macedonians, all of 'em.

Now Strozk was a pretty big deal,  He was Chief of the Counterespionage Section of the FBI.
He was also the #2 of the entire FBI Counterintelligence Division.


And he left 50,000 text messages with his paramour, DOJ and FBI attorney Lisa Page, laying around.
50,000 mash notes to sweetie-pie.
Right there, in the phone, on a server, where any junior-grade investigator could find them.


And in my vision all the old spies spies and counter-spies are waiting for dinner and laughing at Strozk and reverting to childhood as the elderly are sometimes wont to do and chanting, almost in unision:
"Peter and Lisa sitting in a tree, T-E-X-T-I-N-G..."
So, although the story below is about the CIA, it was 'ol FBI Pete who I thought of when I saw the article.

From Yahoo News, November 2:
In 2013, hundreds of CIA officers — many working nonstop for weeks — scrambled to contain a disaster of global proportions: a compromise of the agency’s internet-based covert communications system used to interact with its informants in dark corners around the world. Teams of CIA experts worked feverishly to take down and reconfigure the websites secretly used for these communications; others managed operations to quickly spirit assets to safety and oversaw other forms of triage.
“When this was going on, it was all that mattered,” said one former intelligence community official. 

The situation was “catastrophic,” said another former senior intelligence official.

From around 2009 to 2013, the U.S. intelligence community experienced crippling intelligence failures related to the secret internet-based communications system, a key means for remote messaging between CIA officers and their sources on the ground worldwide. The previously unreported global problem originated in Iran and spiderwebbed to other countries, and was left unrepaired — despite warnings about what was happening — until more than two dozen sources died in China in 2011 and 2012 as a result, according to 11 former intelligence and national security officials. 

The disaster ensnared every corner of the national security bureaucracy — from multiple intelligence agencies, congressional intelligence committees and independent contractors to internal government watchdogs — forcing a slow-moving, complex government machine to grapple with the deadly dangers of emerging technologies. 

In a world where dependence on advanced technology may be a necessary evil for modern espionage, particularly in hostile regions where American officials can’t operate freely, such technical failures are an ever present danger and will only become more acute with time.
“When these types of compromises happen, it’s so dark and bad,” said one former official. “They can burrow in. It never really ends.” 

A former senior intelligence official with direct knowledge of the compromise said it had global implications for the CIA.  “You start thinking twice about people, from China to Russia to Iran to North Korea,” said the former official.  The CIA was worried about its network “totally unwinding worldwide.”

Yahoo News’ reporting on this global communications failure is based on conversations with eleven former U.S. intelligence and government officials directly familiar with the matter who requested anonymity to discuss sensitive operations. Multiple former intelligence officials said that the damage from the potential global compromise was serious — even catastrophic — and will persist for years. 
More than just a question of a single failure, the fiasco illustrates a breakdown that was never properly addressed. The government’s inability to address the communication system’s insecurities until after sources were rolled up in China was disastrous. “We’re still dealing with the fallout,” said one former national security official. “Dozens of people around the world were killed because of this.”
*****
One of the largest intelligence failures of the past decade started in Iran in 2009, when the Obama administration announced the discovery of a secret Iranian underground enrichment facility — part of Iran’s headlong drive for nuclear weapons. Angered about the breach, the Iranians went on a mole hunt, looking for foreign spies, said one former senior intelligence official.

The mole hunt wasn’t hard, in large part, because the communications system the CIA was using to communicate with agents was flawed. Former U.S. officials said the internet-based platform, which was first used in war zones in the Middle East, was not built to withstand the sophisticated counterintelligence efforts of a state actor like China or Iran. “It was never meant to be used long term for people to talk to sources,” said one former official. “The issue was that it was working well for too long, with too many people. But it was an elementary system.”

“Everyone was using it far beyond its intention,” said another former official.

The risks posed by the system appeared to have been overlooked in part because it was easy to use, said the former intelligence officials. There is no foolproof way to communicate — especially with expediency and urgency — with sources in hostile environments like Iran and China, noted the former officials. But a sense of confidence in the system kept it in operation far longer than was safe or advisable, said former officials. The CIA’s directorate of science and technology, which is responsible for the secure communications system, “says, ‘our s***’s impregnable,’ but it’s obviously not,” said one former official.

By 2010, however, it appears that Iran had begun to identify CIA agents. And by 2011,  Iranian authorities dismantled a CIA spy network in that country, said seven former U.S. intelligence officials. (Indeed, in May 2011, Iranian intelligence officials announced publicly that they had broken up a ring of 30 CIA spies; U.S. officials later confirmed the breach to ABC News, which also reported on a potential compromise to the communications system.)

Iran executed some of the CIA informants and imprisoned others in an intelligence setback that one of the former officials described as “incredibly damaging.” The CIA successfully exfiltrated some of its Iranian sources, said former officials.
The Iranian compromise led to significantly fewer CIA agents being killed than in China, according to former officials. Still, the events there hampered the CIA’s capacity to collect intelligence in Iran at a critical time, just as Tehran was forging ahead with its nuclear program.

U.S. authorities believe Iran probably unwound the CIA’s asset network analytically — meaning they deduced what Washington knew about Tehran’s own operations, then identified Iranians who held that information, and eventually zeroed in on possible sources. This hunt for CIA sources eventually bore fruit — including the identification of the covert communications system.

A 2011 Iranian television broadcast that touted the government’s destruction of the CIA network said U.S. intelligence operatives had created websites for fake companies to recruit agents in Iran by promising them jobs, visas and education abroad. Iranians who initially thought they were responding to legitimate opportunities would end up meeting with CIA officers in places like Dubai or Istanbul for recruitment, according to the broadcast. 

Though the Iranians didn’t say precisely how they infiltrated the network, two former U.S. intelligence officials said that the Iranians cultivated a double agent who led them to the secret CIA communications system. This online system allowed CIA officers and their sources to communicate remotely in difficult operational environments like China and Iran, where in-person meetings are often dangerous.

A lack of proper vetting of sources may have led to the CIA inadvertently running a double agent, said one former senior official — a consequence of the CIA’s pressing need at the time to develop highly placed agents inside the Islamic Republic. After this betrayal, Israeli intelligence tipped off the CIA that Iran had likely identified some of its assets, said the same former official.
The losses could have stopped there. But U.S. officials believe Iranian intelligence was then able to compromise the covert communications system. At the CIA, there was “shock and awe” about the simplicity of the technique the Iranians used to successfully compromise the system, said one former official.

In fact, the Iranians used Google to identify the website the CIA was using to communicate with agents. Because Google is continuously scraping the internet for information about all the world’s websites, it can function as a tremendous investigative tool — even for counter-espionage purposes. And Google’s search functions allow users to employ advanced operators — like “AND,” “OR,” and other, much more sophisticated ones — that weed out and isolate websites and online data with extreme specificity.

According to the former intelligence official, once the Iranian double agent showed Iranian intelligence the website used to communicate with his or her CIA handlers, they began to scour the internet for websites with similar digital signifiers or components — eventually hitting on the right string of advanced search terms to locate other secret CIA websites. From there, Iranian intelligence tracked who was visiting these sites, and from where, and began to unravel the wider CIA network. 
U.S. intelligence officials were well aware of Iran’s formidable cyber-espionage capabilities. But they were flabbergasted that Iran managed to extirpate an entire CIA spy network using a technique that one official described as rudimentary — something found in basic how-to books.

But the events in Iran were not self-contained; they coincided roughly with a similar debacle in China in 2011 and 2012, where authorities rounded up and executed around 30 agents working for the U.S. (the New York Times first reported the extirpation of the CIA’s China sources in May 2017). Some U.S. intelligence officials also believe that former Beijing-based CIA officer Jerry Lee, who was charged with spying on behalf of the Chinese government in May 2018, was partially responsible for the destruction of the CIA’s China-based source network. But Lee’s betrayal does not explain the extent of the damage, or the rapidity with which Chinese intelligence was able to identify and destroy the network, said former officials.   

U.S. officials believe that Chinese intelligence obtained physical access to the transitional, or temporary, secret communications system used by the CIA to correspond with new, unvetted sources — and broke through the firewall separating it from the main covert communications system, compromising the CIA’s entire asset network in that country, Foreign Policy reported earlier this year.
It’s not clear whether China and Iran cooperated, but the former officials said the communications systems used in both countries were similar. The two governments may have broken the system independently. But Iranian, Chinese and Russian officials were engaged in senior-level communications on cyber issues around this time, recalled one former senior intelligence official —interactions that were “very suspicious in hindsight.”

The CIA declined to comment. The Iranian Mission to the UN did not respond to requests for comment....
 ...MUCH MORE