high tech, low practice
November 5, 2018 7:44 AM   Subscribe

The CIA's communications suffered a catastrophic compromise. It started in Iran. How did Iran find CIA spies? They Googled it:
According to one former official, the Iranian double agent showed Iranian intelligence the website that the CIA was using for their communications. By using Boolean search operators like “AND” and “OR”, stringing together characteristics of the communications and websites, Iranian intelligence was reportedly able to locate multiple other websites that the CIA was using for its communications. From there, Iran could track who was visiting the sites and from where — eventually exposing a large swath of the CIA’s network in Iran.
posted by the man of twists and turns (22 comments total) 38 users marked this as a favorite
 
In this instance, the worldwide operational failure appears to have been the result of middle management getting distracted by shiny technology that they didn’t understand (imagine your boss yelling “we need to use the blockchain!!” except his ignorance dictates whether or not people in other countries are pulled out of meetings to be executed in front of their colleagues) combined with the usual accompanying unwillingness to hear any contradictory viewpoint, and punishment of whistleblowers.

Thanks to Hollywood the CIA has ended up with an astonishingly great reputation, given how much of a failure they have been as an actual intelligence agency throughout their history. Just wall-to-wall bungling incompetence, although they have managed to forment the odd coup (which doesn’t take a huge amount of sophistication, just the ability to identify politicians and officers in the military who don’t share a government’s politics, and the willingness to throw arms and money at them until the desired result is achieved).

Obligatory link to Legacy of Ashes.
posted by chappell, ambrose at 7:58 AM on November 5, 2018 [21 favorites]


And the human race marches on, sigh.
posted by Melismata at 8:04 AM on November 5, 2018




I've been wondering about the new generation of spies. They sit around with god mode on and play silly games with your tweets.
posted by infini at 8:11 AM on November 5, 2018 [1 favorite]


Obligatory link to Legacy of Ashes.

may as well make this obligatory too
posted by thelonius at 8:23 AM on November 5, 2018 [6 favorites]


The fundamental problem for the CIA is that the prevalence of English as “the world’s second language” and a generous dash of cultural chauvinism means that any given Iranian is vastly more likely to speak English than any given American is likely to speak Farsi. American intelligence agencies are recruiting from a very small pool of second-language speakers, and the American education system is quite fragmented: from the federal level, how do you push a policy that X number of people need to become fluent in Russian / Chinese / Pashtu? To say nothing of the fact that, thanks to their hiring practices, on-the-ground CIA agents tend to be big white dudes, who often stand out regardless of their gifts at language. This has been, is, and will remain a problem, and as long as it’s a problem, the temptation will be to rely on signals intelligence rather than the complex and messy world of human intelligence, which requires work in situ. That overreliance on signals and technology explains both the importance of the NSA in the heirarchy of American intelligence, and this lastest scandal.
posted by chappell, ambrose at 8:28 AM on November 5, 2018 [18 favorites]


No one saying anything about the double handing them the seed site? Those headlines are a bit misleading, IMO.
posted by Samizdata at 8:38 AM on November 5, 2018


This article showed up on a friend's Facebook feed with the note "Well, they didn't talk about Hilary's private email server but I guess this is a problem, too" and I arglebargled for, like, an hour.
posted by hanov3r at 8:46 AM on November 5, 2018 [8 favorites]


Marcy Wheeler: CONFIRMED: LISTENING TO WHISTLEBLOWER JOHN REIDY COULD HAVE SAVED THE LIVES OF NUMEROUS CIA ASSETS

2017: A whistleblower plays by the rules at CIA, and finds ‘nothing gets done’ - "In one notable case, that of John Reidy, a contractor whose resume shows that he worked with spies deep inside Iran’s mullah-run regime, charges of wrongdoing have sat idle in the hands of CIA inspectors. Details of Reidy’s charges remain highly classified. The case is now seven years old, and seems only to gather dust."

2015: Pentagon, CIA instructed to re-investigate whistleblower cases
The CIA case involves former contractor John Reidy, who asserts he was punished after warning of a “catastrophic failure” in the spy agency’s operations.

“It was a recipe for disaster,” Reidy wrote in his appeal, which was redacted by intelligence officials. “We had a catastrophic failure on our hands that would ensnare a great many of our sources.”

His lawyer, Kel McClanahan, said Reidy was in charge of identifying foreign sources and systems in the telecommunications and computer fields that would be of interest to U.S. intelligence agencies.

Reidy also was responsible for developing intelligence operations against those targets, his lawyer said.

McClanahan said his client is not permitted to discuss the case in more detail even with him because the CIA says the information is classified.

Reidy asserts that he first detected vulnerabilities in a CIA program in 2006, according to the appeal filing obtained by McClatchy.
2018: Embattled Intelligence Whistleblower Ombudsman Defends Himself , Intel Community Whistleblower Ombudsman Formally Fired

2015: IS THE INTELLIGENCE COMMUNITY INSPECTOR GENERAL TRYING TO GIVE CONTRACTORS WHISTLEBLOWER PROTECTIONS? -
But McCullough’s move is particularly interesting when you consider the details of the appeal of the second complainant, John Reidy.

Reidy was not a CIA employee — his complaint spans the time from 2005 to he 2011, during which he was a subcontractor to SAIC and then, after he lost his contract with them, with Mantech, although another CIA contractor, Raytheon, got involved in alleged retaliatory actions leading to his firing from Mantech in 2011. In addition, Reidy’s whistleblowing appears to have led to an adjudication flag that has held up his security clearance renewal, which prevents him from getting any more contracts going forward.

That means Reidy is in a similar position as Edward Snowden was: attempting to address problems in intelligence programs, but being exposed to retaliation in a way agency employees weren’t. He suggests he could be in a worse position than Snowden, because “Individual contractors and small companies do not have a proper avenue of redress against government and large company misconduct,” in large part because prime contractors get to set the rules for the little guys. Plus, CIA’s Publication Review Board shut down the one area where — according to his own reading (which I’m sure CIA disputes) — he should have an advantage over agency employees, the ability to publish embarrassing things that aren’t classified.

Thus, Reidy seems to be a classic example of a glaring weakness in already-pathetic intelligence community whistleblower protection: as a subcontractor, he has no protection from retaliation, and a very limited ability to officially report his complaints.

That’s troubling because his heavily redacted appeal at least appears to suggest his complaint was very serious and should have been a timely way to limit the compromise of CIA assets and officers.
posted by the man of twists and turns at 8:49 AM on November 5, 2018 [10 favorites]


Clearly we must outlaw Boolean search operators.
posted by lothar at 8:50 AM on November 5, 2018 [6 favorites]


NOT
posted by pracowity at 8:58 AM on November 5, 2018 [47 favorites]


No one saying anything about the double handing them the seed site

If the security model for the site is "well, if anybody ever turns, then every single source who has used this system is burned" then it's a terrible security model.
posted by BungaDunga at 9:34 AM on November 5, 2018 [6 favorites]


> BungaDunga:
"No one saying anything about the double handing them the seed site

If the security model for the site is "well, if anybody ever turns, then every single source who has used this system is burned" then it's a terrible security model."


I concur. However, the headlines are VERY misleading and a lot of people never make it past the headlines.
posted by Samizdata at 11:41 AM on November 5, 2018 [1 favorite]


Color me surprised that Google's advanced search features like Booleans actually still work. They sure as shit won't let ME filter out results...
posted by caution live frogs at 12:12 PM on November 5, 2018 [2 favorites]


Conjunction-junction what's your function...
And, but, and or, wont get you very far.
posted by clavdivs at 12:20 PM on November 5, 2018


Just a whole bunch of NANDs.
posted by the man of twists and turns at 12:34 PM on November 5, 2018 [3 favorites]


Augustus De Morgan is rolling in his grave.
posted by sammyo at 12:56 PM on November 5, 2018 [1 favorite]


And every time he rolls, you see "the negation of a disjunction is the conjunction of the negations" on one side and
"the negation of a conjunction is the disjunction of the negations" on the other.

Think of the implications!
posted by pracowity at 2:14 PM on November 5, 2018 [4 favorites]


One of the best arguments against most of the big government conspiracy theories is the demonstrable inability of these government organisations, which are set up specifically to keep and deal in secrets, to actually keep anything secret. Not just the CIA, but MI6 and whatever the KGB call themselves nowadays.

Or is that just what they want us to think?
posted by Fuchsoid at 2:45 PM on November 5, 2018 [1 favorite]


Even more, when discussions about hard encryption turn to 'we must have a back door to protect the children' -- someone needs to look them in the eye very publicly, first remind all of the scandals and then point out that they can not be trusted with a backdoor because the [whoever's scary at the moment, hackers ruskies] will take all THEIR secrets.
posted by sammyo at 3:14 PM on November 5, 2018 [3 favorites]


Fuchsoid: "One of the best arguments against most of the big government conspiracy theories is the demonstrable inability of these government organisations, which are set up specifically to keep and deal in secrets, to actually keep anything secret. Not just the CIA, but MI6 and whatever the KGB call themselves nowadays.

Or is that just what they want us to think?
"

Well pretty much by definition we won't know the secrets they successfully keep. The CIA could be sitting on Alien derived, desktop cold fusion and we just don't know.
posted by Mitheral at 10:32 PM on November 5, 2018


The CIA could be sitting on Alien derived, desktop cold fusion and we just don't know.

Mmm, or evidence of a teapot orbiting the sun, somewhere between earth and mars
posted by chappell, ambrose at 12:36 PM on November 6, 2018


« Older AI's elves live in Kenya and twiddle your captcha   |   Academia Is a Cult Newer »


This thread has been archived and is closed to new comments