
Botched CIA Communications System Helped Blow Cover of Chinese Agents - mkeeter
https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/
======
solatic
>But the CIA’s interim system contained a technical error: It connected back
architecturally to the CIA’s main covert communications platform. When the
compromise was suspected, the FBI and NSA both ran “penetration tests” to
determine the security of the interim system. They found that cyber experts
with access to the interim system could also access the broader covert
communications system the agency was using to interact with its vetted
sources, according to the former officials.

>In the words of one of the former officials, the CIA had “fucked up the
firewall” between the two systems.

If you read between the lines, this raises the suspicion that there's a common
underlying infrastructure which handles the communications, with management
front-ends for different users which are firewalled off from each other, and
the security of the system relied upon the firewall between the different
front-ends to prevent users from finding out about each other. However, an
attacker who compromised the "less secure" front end, could use that as a
launching pad to attack the underlying communication infrastructure, and if
the attacker pwned the infrastructure, then he'd have a back entrance to the
"more secure" front end.

If that's the case, then somebody was grossly incompetent, depending on the
age of the system: if the system is old enough, then somebody running ops in
the CIA is incompetent, for continuing to operate a system whose security
model ("all you need is a strong enough firewall!") was obsolete; if the
system is young enough, then either the original architects, or the security
engineers who certified the architecture (if there were any), for proposing an
architecture with an obsolete security model.

Arguably, that incompetence amounts to criminal negligence, since it resulted
in the deaths of US agents, and somebody should be tried for it.

~~~
baybal2
How stupid it is to spend so much effort on compartmentalising their intel net
in the country, but have all spies report by dialing in into the same website
in a country employing few brigades worth of people reading tcpdumps 24/7?

Compare that to one way coded messages over hf radio: a place for pick up of a
dead drop in n days is broadcasted, then it is picked up by a man who reads
it, destroys it, and gtfos from the country. In that scheme nobody in any way
contacts anybody in real time other that the HQ.

~~~
dsl
> Compare that to one way coded messages over hf radio

Having a shortwave radio in your possession is justification enough to haul
you in for questing in some countries.

There is also relatively little "radio traffic" to inspect relative to
internet traffic.

~~~
sevensor
Perhaps, but given the volume and variety of modern electronics, it's easier
than ever for a receiver to look like something else, at least if you don't
crack open the case. An antenna can be harder to conceal, but you can often
pick up transmissions by tying into unconventional antennas, like the rebar in
a slab of concrete, or a long metal railing. You could probably fit a purpose-
built receiver / demodulator for FT8 in a usb stick.

------
yborg
It took 8 years for the CIA to figure out what happened?? This certainly
explains why China and Russia continue to conduct cyber operations basically
at the same level of intensity they have been for years - US intelligence,
despite its enormous, unaccountable budget is unable to stop them or even know
where they are compromised. If there is an actual hot conflict between the US
and either of these nations, I shudder to think what will happen.

I don't believe the US lacks in technical skill at the operational level.
These failures are management and organizational failures.

~~~
qaq
For starters they can't really pay market salaries for the skills they need so
to some degree this has more to do with laws on the books than with management
and organizational failures.

~~~
edm0nd
That's why agencies like the FBl just raid people and then flip them into
Confidential Human Sources (CHS). They dont have to pay them anything and use
the threat of jail time in exchange for skills/information.

~~~
EthanHeilman
... and they gain deniability if the sources do anything unethical which in
turns gives them more leverage over the source.

------
nyolfen
"This didn't make it into the piece, but here's how the Chinese treated people
working with the CIA: According to one source, one asset working at a state
tech institutes, and his pregnant wife, were executed live on closed circuit
TV in front of the staff."

[https://twitter.com/zachsdorfman/status/1029861843521523712](https://twitter.com/zachsdorfman/status/1029861843521523712)

~~~
King-Aaron
Obviously a revelation on Twitter about a secretive organisation's workings
should always be taken with a grain of salt. However these sorts of reports
aren't too uncommon, and it surprises me how there's a lot of pro-china
commentators in communities such as HN who seem to glaze over these sorts of
things and still aggressively promote the "Chinese way of doing things" is
superior to whatever western value or opinion is the discussion point of the
day.

~~~
TangoTrotFox
Out of curiosity, how do you think traitors providing potentially critical
intelligence to one of the most dangerous agencies of a powerful and
aggressive unfriendly foreign power should be treated, when there is literally
zero doubt as to their guilt?

And to be clear, I'm not condoning this action but I'm also not so quick
condemn it. I'm genuinely uncertain if I somehow were the Chinese government
what my decision would be, but I think you are quite certain -- and it's
sparked my curiosity.

~~~
the_duke
So you are not condemning:

\- death penalty \- death penalty for relatives of criminals \- death penalty
for pregnant relatives

I'd love to know what country you live in and if you would condone laws that
allow this.

~~~
pjc50
"We kill people based on metadata":
[https://www.nybooks.com/daily/2014/05/10/we-kill-people-
base...](https://www.nybooks.com/daily/2014/05/10/we-kill-people-based-
metadata/)

Admittedly that only applies to non-US nationals outside the US, but the CIA
and American overseas military operations have relied for years on executing
people (and their wives, children, neighbours, wedding guests, and first
responders) with missiles.

~~~
hguant
This is a false equivalency, and your language seems to be intentionally
politicized to provoke an emotional response rather than a rational one. It
reeks of "whataboutism."

You argument is comparing the actions of the US military against a foreign
enemy - and their associates - to the actions of the Chinese internal security
against their own people. Are you saying the Chinese are at war with their own
people?

------
_iyig
The CIA has a long and storied history of arrogance, incompetence, and letting
down sources. The book, “Legacy of Ashes” provides an excellent readable,
detailed history of the Agency since its creation, with tons of primary-source
interviews and research.

(The title refers to a quote by Eisenhower, who left the Presidency
disappointed at the “legacy of ashes” which was all he felt the CIA
accomplished during his tenure.)

------
olivermarks
Other Dorfman articles [https://foreignpolicy.com/author/zach-
dorfman/](https://foreignpolicy.com/author/zach-dorfman/)

I treat any media 'story' about spooks with great suspicion, because it almost
almost invariably winds up over time that there are far more layers to the
onion than are revealed in these types of exposes.

I wonder what 'The disaster in China has led some officials to conclude that
internet-based systems, even ones that employ sophisticated encryption, can
never be counted on to shield assets' is going to lead to? Some sort of new
infrastructure may even already be in use...

~~~
patrickg_zill
When the Russians were concerned about security, they switched back to using
typewriters. Don't assume that a high tech solution would always be the
answer...

------
jmnicolas
It seems that the CIA is more embarrassed that their IT has been breached by
the Chinese than the death of people that trusted them.

~~~
ovi256
Treating the recruited agents as disposable has been the rule rather than the
exception throughout the ages.

The average half-life of an clandestine agent is surprisingly low, and planned
for accordingly.

------
mywacaday
110% pure fantasy but could google be encouraged by the CIA to enter the
Chinese market with whatever restrictions the Chinese government imposes but
provide secure communication for whoever the CIA needs it for?

------
anonu
This is a fascinating story. But I always think about what the motives are to
reveal such information. What you read is always different than the actual...

In a separate note, I'm not sure technically what the right solution is, but I
imagine an encrypted stenographic message on a popular peer to peer internet
service would be the best way to avoid detection. ... When the entire web is
being monitored.

~~~
wowzerz
It’d be best to imagine something else. Stenographers are much too busy in
court, recording transcripts of proceedings as they transpire. They wouldn’t
have time to help avoid detection.

I think it’s probably better to use a stegosaurus, given their spiked tail,
and boney plates, which will scare off any attackers.

Or maybe just safely conclude that casually pondering what might or might not
work isn’t good enough, and cannot compare to what’s faced in a real
situation, where simply knowing what the word steganography means wouldn’t
help either.

~~~
anonu
You created a throwaway to troll me about my misspelling. Bravo Bravo...
Tool...

Instead of fostering a constructive discussion... you do this. And you get
upvoted. HN isn't what it used to be...

~~~
wowzerz
HN has only ever been civilized by way of preferential moderation. Don’t
delude yourself with rose colored glasses. Just continue to take my comments
personally, as if you were being attacked by a close friend.

------
evntllyCnsistnt
Knowing how absurdly insecure any civilian consumer system is (laptop, smart
phone, home assistant, self driving car), with zero day fire-and-not-a-drill-
at-all advisories, pretty much every month, I don’t get how this sort of thing
happens.

I also fail to see how a decision like this could be made:

    
    
      The CIA had imported the system 
      from its Middle East operations...
    

To China? The degree of technical differences between those two regions is so
intuitively disparate, that without having been to either, I’d still never
estimate that a game plan for one would work in the other.

Cell phones make sense in desert territories with good satellite coverage, and
attacking, as much as operating those same cell phones makes sense too, in a
volatile atmosphere.

Meanwhile, in China, with world class supercomputing facilities operated at
scientific research institutions, one can only safely assume that no amount of
cryptography or electronic transmission is safe. Not even one-time pads.

Each seems like it’s own game, with it’s own rules. What a mistake to not
approach them differently. It’s like trying to steal cars from a suburban
driveway at dinner time, versus a city parking garage during rush hour. A car
is not simply a thing with wheels, that rolls away as soon as you can hop
inside.

~~~
secfirstmd
What direct cryptographic attack do you know that works on a one time pad?
(Aslong as the randomness used to build it is real, it is implemented properly
and not re-used etc)

~~~
wowzerz
User error, for one. People get sloppy and reuse a not-so-one-time-pad. That
alone compromises secrets with frequency analysis.

~~~
secfirstmd
Yeah that's obvious and telling me what I already know and pointed out. I
thought there was some other cryptographic issue.

~~~
wowzerz
Well, what's the point in asking, if you already know everything?

I wonder.

------
matt_s
This is why when you read memoirs of CIA officers they most always state human
trade-craft will trump technical gadgetry all the time.

------
JabavuAdams
How do intelligence agencies deal with the fact that once you've got a key
logger on your system, you're hosed?

------
WindowsFon4life
Yeah because it could not be due to this.
[https://sanfrancisco.cbslocal.com/2018/08/01/details-
chinese...](https://sanfrancisco.cbslocal.com/2018/08/01/details-chinese-spy-
dianne-feinstein-san-francisco/)

------
jarym
Maybe they should have used BBM/iMessage/WhatsApp - all the civilian gear
governments are screaming they need backdoors into because they’re too tough
to crack...

Yes I say this partly in jest and also partly as a ‘why didn’t they’. BBM
Enterprise over a VPN service popular with movie streamers would have actually
helped them blend in... digitally speaking.

~~~
bsimpson
Just because the Albuquerque Police Department can't crack <insert secure
messenger here> doesn't mean the NSA can't.

Interesting point about blending in, but I suspect they thought they could
build a system more secure than the commercial options and/or didn't trust
their security in the hands of a third party.

~~~
jarym
Security is hard. I’d take a commercial system that has years of history and
that many major governments have rallied against (BES) over a home-grown
system that obviously got tested in the field... and cost lives!

------
AIX2ESXI
Fucking A man. As an American tax payer and patriot I am pissed that China
gets away with shit like this. Time for us to play dirty games and get
retribution.

------
394549
It's probably also a mistake to use the set of communication systems for all
your agents, even if you trust them. For something as high-risk as this, they
should use bespoke systems for each agent or each sub-network. Doing otherwise
is putting all their eggs in one basket.

------
mikec3010
I'm surprised they didn't do something truly clandestine like embed encrypted
texts into photos of merchandise and list them on amazon/alibaba

~~~
secfirstmd
There was someone at a high profile defence company using Amazon.com to
communicate information to handlers a few years ago.

------
sanatgersappa
they shouldn't have kicked Auggie upstairs.

------
gregshap
Sounds like “fucked up the firewall” == "fucked up a WHERE clause"

------
AKifer
Typically chinese way of doing things, making the opponent thinking that he's
invincible then striking hard and fast at the right time. That in every
domain.

~~~
jessaustin
What are some other examples of this typical phenomenon?

