
30 spies dead after Iran cracked CIA comms network - new_guy
https://www.theregister.co.uk/2018/11/02/iran_cracked_cia_google/
======
Arnt
This might get a little longwinded. Sorry.

The following is from
[http://www.salon.com/2015/09/26/how_to_explain_the_kgbs_amaz...](http://www.salon.com/2015/09/26/how_to_explain_the_kgbs_amazing_success_identifying_cia_agents_in_the_field/)
and describes the way the Russians implemented SELECT * WHERE CIA FROM
EMBASSY_EMPLOYEES: "differences in the way agency officers undercover as
diplomats were treated from genuine foreign service officers (FSOs). The pay
scale at entry was much higher for a CIA officer; after three to four years
abroad a genuine FSO could return home, whereas an agency employee could not;
real FSOs had to be recruited between the ages of 21 and 31, whereas this did
not apply to an agency officer; only real FSOs had to attend the Institute of
Foreign Service for three months before entering the service; naturalized
Americans could not become FSOs for at least nine years but they could become
agency employees; when agency officers returned home, they did not normally
appear in State Department listings; should they appear they were classified
as research and planning, research and intelligence, consular or chancery for
security affairs; unlike FSOs, agency officers could change their place of
work for no apparent reason; their published biographies contained obvious
gaps; agency officers could be relocated within the country to which they were
posted, FSOs were not; agency officers usually had more than one working
foreign language; their cover was usually as a “political” or “consular”
official (often vice-consul); internal embassy reorganizations usually left
agency personnel untouched, whether their rank, their office space or their
telephones; their offices were located in restricted zones within the embassy;
they would appear on the streets during the working day using public telephone
boxes; they would arrange meetings for the evening, out of town, usually
around 7.30 p.m. or 8.00 p.m.; and whereas FSOs had to observe strict rules
about attending dinner, agency officers could come and go as they pleased." I
read the book. When a CIA agent's cover was blown, the CIA had a spare care
and apartment and the agent's replacement needed just that, so they tended to
reuse the car and apartment. And wondered why the replacement was then
identified so quickly.

So. After that long digression, here comes a hypothesis: Organisations that
can keep their mistakes secret, can make themselves _seem_ much more capable
than other, similarly large organisations.

~~~
DonHopkins
At the University of Maryland, our network access was through the NSA's
"secret" MILNET IMP 57 at Fort Mead. It was pretty obvious that UMD got their
network access via NSA, because mimsy.umd.edu had a similar "*.57" IP address
as dockmaster, tycho and coins.

[https://emaillab.jp/dns/hosts/](https://emaillab.jp/dns/hosts/)

    
    
        HOST : 26.0.0.57 : TYCHO : PDP-11/70 : UNIX : TCP/TELNET,TCP/SMTP,TCP/FTP :
        HOST : 26.0.0.57 : DOCKMASTER.NCSC.MIL,DOCKMASTER.DCA.MIL, DOCKMASTER.ARPA : HONEYWELL-DPS-8/70 : MULTICS : TCP/TELNET,TCP/FTP,TCP/SMTP,TCP/ECHO,TCP/DISCARD,ICMP :
        HOST : 26.1.0.57 : COINS-GATEWAY,COINS : PLURIBUS : PLI ::
        HOST : 26.2.0.57, 128.8.0.8 : MARYLAND,MIMSY,UMD-CSD,UMD8,UMCP-CS : VAX-11/780 : UNIX : TCP/TELNET,TCP/FTP,TCP/SMTP,UDP,TCP/ECHO,TCP/FINGER,ICMP :
    

[https://multicians.org/site-dockmaster.html](https://multicians.org/site-
dockmaster.html)

Whenever the network went down (which was often), we had to call up a machine
room at Fort Mead and ask them to please press the reset button on the box
labeled "IMP 57". Sometimes the helpful person who answered the phone had no
idea which box I meant, so I had describe to him which box to reset over the
phone. ("Nope, that didn't work. Try the other one!" ;) They were even
generous enough to issue us (CS department systems staff and undergrad
students) our own MILNET TACACS card.

On mimsy, you could get a list of NSA employees by typing "grep contact
/etc/passwd", because each of their courtesy accounts had "network contact" in
the gecos field.

Before they rolled out TACACS cards, anyone could dial up an IMP and log in
without a password, and connect to any host they wanted to, without even
having to murder anyone like on TV:

[https://www.youtube.com/watch?v=hVth6T3gMa0](https://www.youtube.com/watch?v=hVth6T3gMa0)

~~~
damnmachine
Holy shit. I can't believe some of what I just read. Although it appears this
was in the late 80's, so I suppose it makes more sense factoring that in.

~~~
travmatt
In the book “The Cuckoos Egg”, the author describes how the hacker penetrating
his networks was using it to access military networks. That was in the 80’s as
well I believe.

------
lkrubner
The question is, why did they need an informal communication channel? What
made this easy, and why was using a correct channel considered too difficult?
Maybe Edward Tufte will write about this someday, as this might be another
example where user interface design ended up having a big impact on world
history (Tufte has written about John Snow using a clever map to end the
cholera epidemic in London in 1853 and the Challenger shuttle disaster of
1986, the launch being allowed partly because the engineers from Thiokol were
not able to present their information in a comprehensible way).

The article says:

" _But the rest of the agency had become too reliant on the system, which was
originally intended to only be a temporary communications channel, and had
left the relatively insecure site up far longer than intended and used it to
send information that should have been reserved for more secure channels. "It
was never meant to be used long term for people to talk to sources," the
report quotes one official as saying._"

So why did it last so long? What did it offer that the more official channels
did not? What kept the agency from developing technology that might have
allowed better protected communication channels that might have also been easy
to use?

Protected communication is not a sideline for the CIA, it is the core
competency. This is something the CIA is supposed to be good at.

~~~
dorfsmay
> So why did it last so long?

"It's temporary unless it works" \- Red Green.

I always fight temporary solutions because there is a perception that one does
not need to be as rigorous with temporary solutions. Then there is no sense of
urgency for a replacement because this one works, it becomes a "technical
debt", a "nice to have", and never gets fixed. In some cases, lack of rigour
is the one functionality everybody loves that cannot be removed (security vs
convenience).

[https://en.wikipedia.org/wiki/The_Red_Green_Show#Red_Green](https://en.wikipedia.org/wiki/The_Red_Green_Show#Red_Green)

[https://www.youtube.com/watch?v=pY7nx5Z6Kzo&t=3m41s](https://www.youtube.com/watch?v=pY7nx5Z6Kzo&t=3m41s)

~~~
chrisfinne
Wow, that Red Green show is hilarious. Plan to waste the rest of the morning
on it.

------
strictnein
This is just a rehash of Yahoo's article:

[https://www.yahoo.com/news/cias-communications-suffered-
cata...](https://www.yahoo.com/news/cias-communications-suffered-catastrophic-
compromise-started-iran-090018710.html)

~~~
Guereric
Mods, please change link to this source.

------
robterrin
And this is eight years after the largest HIPAA violation ever (at the time)
at NY Presbyterian suffered because a physician programmer was allowed to take
down a firewall and Google started indexing patient records.
[https://www.businessinsider.com/new-york-presbyterian-
columb...](https://www.businessinsider.com/new-york-presbyterian-columbia-
hipaa-settlement-2014-5)

------
TACIXAT
I always like to think of the counter case, but note, this is pure
speculation. Could the CIA have planted a fake insecure communications system
in order to execute key players in Iran's nuclear program? It would be a
force-amplifying move. Instead of having 15 spies, you could have 1 (the
double agent in this case) who reveals the fake communications network, that
in turn takes numerous other players off the board.

~~~
joe_the_user
The article actually cites 30 killed ... in China.

So in this case, no.

I assume Iran would be careful if they saw a variety of loyal and crucial
players implicated.

------
seancoleman
It’s easy to target poor security as the culprit, but it seems another root
cause is such bad UX of official, secure communication channels that drove
these agents to chat in this alternative, vulnerable system.

Just as a river follows the path of least resistance, so too will users follow
the best UX software. Bad UX kills.

~~~
njharman
UX can't provide security. It can only provide better UX.

Security is a spectrum from convienent/useful to secure. They are mutually
exclusive characteristics.

Perfect UX won't remove inconvience of having to preaarange deliver of one
time pads, biometric twofactor auth, waiting out of band confirmation of your
identity, etc.

All of those can have horrible UX on top of the inconvienence. But even with
perfect UX they will never be frtionless as being able to use any device, on
any network, using any app/OS, to post on a useless/passwordless site.

~~~
njharman
As an example. Having the internet searchable is useful, us convienent. But it
reduces security because of its convienence.

This breach would not have happened without that convienence.

UX could have made it easier to remember to robots file. So could process, or
review or other security practices. But no UX is gonna solve fact that
internet is insecure due to its convienence.

The internet can never be secure. At best you can get lower levels of
insecurity.

------
rossdavidh
So, security is intrinsically difficult for an organization to get right,
because the learning landscape is not continuous. You don't have gradually
increasing costs from going in a particular direction; you have apparently
zero costs, maybe even rewards, from going in that direction until suddenly
OMFG WE HAVE A PROBLEM! This is hard for any machine learning algorithm to
deal with, and it is hard for individuals to deal with, and so no surprise
that it is hard for organizations to deal with. Lax security, in most cases,
yields zero apparent costs until suddenly it is very expensive.

All of which is outweighed by the fact that dealing with this kind of thing is
the CIA's reason for existence as a separate intelligence agency, outside of
the military (since Pearl Harbor). I am not at all convinced that we would be
doing worse to fold intelligence back into the military as it was pre-WWII,
because having a culture that understands this kind of problem is the CIA's
whole purpose for being separate, and it doesn't seem to have worked.

------
salimmadjd
This incident is now used to as part of a collective PR case for military
action in Iran. Earlier articles [0] on this CIA failure points to China
breaking the network. Which is odd now that it’s used to make the case against
Iran.

[0] [https://foreignpolicy.com/2018/08/15/botched-cia-
communicati...](https://foreignpolicy.com/2018/08/15/botched-cia-
communications-system-helped-blow-cover-chinese-agents-intelligence/)

------
jamisteven
Bit of a mis-leading headline considering the article states: "After a double
agent showed Iran's government one of the sites, they were then able to use
Google to identify other sites the intel agency was using and began to
intercept communications."

~~~
anilakar
One of my favorite pastime activities: googling for certain unsecured
automation systems and messing around with them. They can be found with zero
false positive rate thanks to an obvious misspelling on the login page.
There's no need to resort to inurl, intitle and similar modifiers that trigger
the captcha almost every time.

------
jorblumesea
The NYT has a much better write up:
[https://www.nytimes.com/2017/05/20/world/asia/china-cia-
spie...](https://www.nytimes.com/2017/05/20/world/asia/china-cia-spies-
espionage.html)

Basically, an internal mole leaked the network, which the Chinese then
exploited to roll up the agents. It's not like China just stumbled upon it,
they were tipped off. While the nature of the platform didn't help, the roll
up was caused by a double agent.

~~~
partiallypro
Is this the same breach? People are talking like this is separate from the one
you linked to.

------
jxcole
I've always thought that the CIA was completely incompetent, but I've never
seen more conclusive evidence than this. I've never worked with anyone so
flippant about security, but no one should ever expose secrets without proper
auth. I won't even expose user address without cert or password auth. It just
goes to show you that the old adage is true: if you are a completent
programmer you don't end up in government.

------
awaisraad
Intelligence chiefs of four countries (Iran, Russian, China and Pakistan) met
in July, 2018

[https://tribune.com.pk/story/1756290/1-pakistan-regional-
spy...](https://tribune.com.pk/story/1756290/1-pakistan-regional-spymasters-
resolve-counter-islamic-state-afghanistan/)

I guess this meeting had something to do with all of this.

~~~
boomboomsubban
These deaths took place 5+ years ago, sharing information about a mutual
border/former border seems more likely.

------
charlysl
Google Hacking (or Dorking):
[https://en.m.wikipedia.org/wiki/Google_hacking](https://en.m.wikipedia.org/wiki/Google_hacking)

------
blattimwind
> Web scraping is a two-edged sword

No, doing this is:

> But the rest of the agency had become too reliant on the system, which was
> originally intended to only be a temporary communications channel, and had
> left the relatively insecure site up far longer than intended and used it to
> send information that should have been reserved for more secure channels.

------
lordgrenville
Isn't this article just a restatement of the original Yahoo news story here?
[https://www.yahoo.com/news/cias-communications-suffered-
cata...](https://www.yahoo.com/news/cias-communications-suffered-catastrophic-
compromise-started-iran-090018710.html)

~~~
meowface
Yes.

------
trhway
there are couple things come to mind in that context - that story of Iran
MITM-ing HTTPS using a small CA they either hacked and/or acquired and Siemens
spying software/hardware at Iran's telcos.

------
platz
> originally intended to only be a temporary communications channel

Some code never dies

------
cyphunk
> A defense contractor for the CIA named John Reidy claims he warned the
> agency that it was using insecure communications systems in 2008, and again
> in 2010 when he started to suspect the channels had been cracked. A year
> later he was fired by the agency, a move he claims was retaliation for not
> shutting up.

strongbox.gov is needed to protect people with brains from being strong-armed
by management without brains:

[https://medium.com/@cyphunk/the-nature-of-conflict-is-
changi...](https://medium.com/@cyphunk/the-nature-of-conflict-is-
changing-f9ef39709cab)

------
aeriklawson
Weren't these just CIA informants i.e. not actual CIA officers? I think the
word "spies" is a bit misleading.

------
drakenot
What were these communication channels the CIA was using that was being
indexed by Google? Some public forum or something?

~~~
boomboomsubban
They made websites for fake companies offering job and visa opportunities.
People would reply and end up recruited. I'm not sure how exactly they used it
for further communication though.

------
Illniyar
"But the rest of the agency had become too reliant on the system, which was
originally intended to only be a temporary communications channel, and had
left the relatively insecure site up far longer than intended and used it to
send information that should have been reserved for more secure channels."

Sounds familiar...

~~~
onetimemanytime
Amazing...and they have essentially unlimited budgets. Protecting their spies
is #1 in any agencies' book, otherwise who would tell you secrets?

The saddest part: The "decider" probably got promoted as usual.

~~~
meowface
It seems like these issues are rarely solely due to unilateral technical
incompetence; there's often at least one person who sees the true risk, tries
to communicate the risk, and gets completely ignored. The Challenger disaster
had several Thiokol engineers express major concerns in vain; this disaster
had John Reidy (supposedly):

>A defense contractor for the CIA named John Reidy claims he warned the agency
that it was using insecure communications systems in 2008, and again in 2010
when he started to suspect the channels had been cracked. A year later he was
fired by the agency, a move he claims was retaliation for not shutting up.

>“It was a recipe for disaster,” Reidy said. “We had a catastrophic failure on
our hands that would ensnare a great many of our sources.”

The person who could actually save the day and prevent the catastrophe gets
ignored, marginalized, and/or fired. The people who were involved in the
original disastrous decision keep moving up in the organization and usually
keep their jobs after the catastrophe. So it's not like these organizations
are lacking smart people: their institutional and bureaucratic incompetence
just prevents those people from doing their job properly.

------
noobermin
With stories like this it really makes you wonder how we as a nation have
survived this long.

~~~
maxerickson
Maybe (much) spy work isn't quite the serious business the national security
apparatus would have us believe?

I mean, it's obviously serious business to the people taking risks and doing
the work on the ground, I'm talking about it actually being useful to the
nation.

~~~
patrickaljord
Totally agree. While they do get a few wins, I wonder what's the ROI when you
take all the failures and waste of resources into account. My guesstimate is
not much but like other useless government programs, it hires a lot of people
so nobody dares questioning it.

~~~
ardy42
> Totally agree. While they do get a few wins, I wonder what's the ROI when
> you take all the failures and waste of resources into account.

Very far into positive territory, I'd imagine. Most day-to-day intelligence
work probably doesn't have much effect, but every once in awhile they probably
get a big win that's so massive that it justifies all the effort.

------
sytelus
Why kill spies? I would think turning local spy in to double agent would be
far more beneficial. Or at least feed them wrong information you want. Killing
spies simply replaces them.

~~~
slivym
The second you go after anyone using the communication channel it's fairly
likely the entire channel will shut down or change so you're much better off
moving quickly on everyone you identify than leaving them out where they might
disappear. This is especially true since the information China used was
provided by Iran - so was very likely to leak sooner or later. Once you've
rounded up all the spies it's up to the government what to do, but either they
can trade them, imprison them or kill them and I guess this time they decided
it was best to just send a message.

------
smaili
[https://news.ycombinator.com/item?id=18370900](https://news.ycombinator.com/item?id=18370900)

------
nwrk
phpbb ?

------
sokoloff
> And Google’s search functions allow users to employ advanced operators —
> like 'AND', 'OR'

ELI5 not needed...

~~~
MrQuincle
Maybe it's a very sophisticated way to tell that {AND,OR} are not functionally
complete.

~~~
lordnacho
Right, it should just have either NAND or NOR. Much simpler.

------
liftbigweights
Or it was intentionally left vulnerable with names of people the CIA wanted
dead in Iran?

If I were the CIA and I wanted a few of Iran's top nuclear scientists killed,
I'd just make it seem like they were working for the CIA and let Iran's
counterintelligence do the work for me.

~~~
Nasrudith
That would still be a pretty dumb move in itself - nobody would want to work
with anyone who claims to have CIA connections not even for vast amounts of
bribery.

I know that countries with less than stellar records of civil rights don't
care too much about due process but the not a violent complete moron thing to
do would be to ask questions before shooting - namely being sure that they
actually are spies or traitors and investigate the claims. For one it could
point out peripheral connections down the chain and you know make sure that
you aren't getting 'spies lists' of anyone who is close to finding the actual
spy.

Granted in that sector it seems that there isn't a scarcity of violent immoral
morons even in the west given a love for torture among the CIA. Given the
known effects pushing torture is really saying a few things: They want to be
able to fool themselves by hearing exactly what they want to hear. They want
their foes to fight to the death like a cornered rattlesnake - putting their
last breaths in killing as many as possible in the face of insurmountable
odds. Finally they want no mercy shown to them if captured.

There are no words for that except evil and stupid - their deaths will not be
mourned no matter how horrific because they deserve it and the world will be
better off with their passing. I guess that means that the CIA really may be
that stupid which isn't a surprise given their real goal with Castro appears
to have been to make him as assassination resistant as possible.

