Hacker News new | comments | show | ask | jobs | submit login
30 spies dead after Iran cracked CIA comms network (theregister.co.uk)
353 points by new_guy 10 days ago | hide | past | web | favorite | 105 comments





This might get a little longwinded. Sorry.

The following is from http://www.salon.com/2015/09/26/how_to_explain_the_kgbs_amaz... and describes the way the Russians implemented SELECT * WHERE CIA FROM EMBASSY_EMPLOYEES: "differences in the way agency officers undercover as diplomats were treated from genuine foreign service officers (FSOs). The pay scale at entry was much higher for a CIA officer; after three to four years abroad a genuine FSO could return home, whereas an agency employee could not; real FSOs had to be recruited between the ages of 21 and 31, whereas this did not apply to an agency officer; only real FSOs had to attend the Institute of Foreign Service for three months before entering the service; naturalized Americans could not become FSOs for at least nine years but they could become agency employees; when agency officers returned home, they did not normally appear in State Department listings; should they appear they were classified as research and planning, research and intelligence, consular or chancery for security affairs; unlike FSOs, agency officers could change their place of work for no apparent reason; their published biographies contained obvious gaps; agency officers could be relocated within the country to which they were posted, FSOs were not; agency officers usually had more than one working foreign language; their cover was usually as a “political” or “consular” official (often vice-consul); internal embassy reorganizations usually left agency personnel untouched, whether their rank, their office space or their telephones; their offices were located in restricted zones within the embassy; they would appear on the streets during the working day using public telephone boxes; they would arrange meetings for the evening, out of town, usually around 7.30 p.m. or 8.00 p.m.; and whereas FSOs had to observe strict rules about attending dinner, agency officers could come and go as they pleased." I read the book. When a CIA agent's cover was blown, the CIA had a spare care and apartment and the agent's replacement needed just that, so they tended to reuse the car and apartment. And wondered why the replacement was then identified so quickly.

So. After that long digression, here comes a hypothesis: Organisations that can keep their mistakes secret, can make themselves seem much more capable than other, similarly large organisations.


At the University of Maryland, our network access was through the NSA's "secret" MILNET IMP 57 at Fort Mead. It was pretty obvious that UMD got their network access via NSA, because mimsy.umd.edu had a similar "*.57" IP address as dockmaster, tycho and coins.

https://emaillab.jp/dns/hosts/

    HOST : 26.0.0.57 : TYCHO : PDP-11/70 : UNIX : TCP/TELNET,TCP/SMTP,TCP/FTP :
    HOST : 26.0.0.57 : DOCKMASTER.NCSC.MIL,DOCKMASTER.DCA.MIL, DOCKMASTER.ARPA : HONEYWELL-DPS-8/70 : MULTICS : TCP/TELNET,TCP/FTP,TCP/SMTP,TCP/ECHO,TCP/DISCARD,ICMP :
    HOST : 26.1.0.57 : COINS-GATEWAY,COINS : PLURIBUS : PLI ::
    HOST : 26.2.0.57, 128.8.0.8 : MARYLAND,MIMSY,UMD-CSD,UMD8,UMCP-CS : VAX-11/780 : UNIX : TCP/TELNET,TCP/FTP,TCP/SMTP,UDP,TCP/ECHO,TCP/FINGER,ICMP :
https://multicians.org/site-dockmaster.html

Whenever the network went down (which was often), we had to call up a machine room at Fort Mead and ask them to please press the reset button on the box labeled "IMP 57". Sometimes the helpful person who answered the phone had no idea which box I meant, so I had describe to him which box to reset over the phone. ("Nope, that didn't work. Try the other one!" ;) They were even generous enough to issue us (CS department systems staff and undergrad students) our own MILNET TACACS card.

On mimsy, you could get a list of NSA employees by typing "grep contact /etc/passwd", because each of their courtesy accounts had "network contact" in the gecos field.

Before they rolled out TACACS cards, anyone could dial up an IMP and log in without a password, and connect to any host they wanted to, without even having to murder anyone like on TV:

https://www.youtube.com/watch?v=hVth6T3gMa0


Holy shit. I can't believe some of what I just read. Although it appears this was in the late 80's, so I suppose it makes more sense factoring that in.

In the book “The Cuckoos Egg”, the author describes how the hacker penetrating his networks was using it to access military networks. That was in the 80’s as well I believe.

I found this handy how-to tutorial guide for "Talking to the Milnet NOC" and resetting the LH/DH, which was useful for guiding the NSA employee on the other end of the phone through fixing their end of the problem. What it doesn't mention is that the key box with the chase key was extremely easy to pick with a paperclip.

Who would answer the Milnet NOC's 24-hour phone was hit or miss: Some were more helpful and knowledgeable than others, others were quite uptight.

Once I told the guy who answered, "Hi, this is the University of Maryland. Our connection to the NSA IMP seems to be down." He barked back: "You can't say that on the telephone! Are you calling on a blue phone?" (I can't remember the exact color, except that it wasn't red: that I would have remembered). I said, "You can't say NSA??! This is a green phone, but there's a black phone in the other room that I could call you back on, but then I couldn't see the hardware." And he said "No, I mean a voice secure line!" I replied, "You do know that this is a university, don't you? We only have black and green phones."

    Date: Thu, 11 Sep 86 13:53:45 EDT
    From: Steve D. Miller <steve@brillig.umd.edu>
    To: staff@mimsy.umd.edu
    Subject: Talking to the Milnet NOC

       This message is intended to be a brief tutorial/compendium of
    information you probably want to know if you need to see about
    getting the LH/DH thingy (and us) talking to the world.

       First, you need the following numbers:
        (1)  Our IMP number (57),
        (2)  Mimsy's milnet host address (26.2.0.57),
        (3)  The circuit number for our link to the NSA
            (DSEP07500-057)
        (4)  The NOC number itself (692-5726).

       Second, you need to know something about the hardware.  There
    are three pieces of hardware that make up our side of the link:
    the LH/DH itself, the ECU, and the modem.  The LH/DH and the
    ECU are the things in the vax lab by brillig; the ECU is the
    thing on top (with the switches), and the LH/DH is the thing
    on the bottom.  The normal state is to have the four red LEDs
    on the ECU on and the Host Master Ready, HRY, Imp Master Ready,
    and IRY lights on at the LH/DH.  If these lights are not on,
    something is wrong.  If mimsy is down, then we'll only have some
    of the lights on, but that should fix itself when mimsy comes up.
    Some interesting buttons or switches on the ECU are:
        reset - resets something or another
        stop - stops something or another
        start - restarts something or another
        local loopback -- two switches and two leds; you may need
            to throw one or the other of these if the NOC asks
            you to.  These loopback switches should be distinguished
            from those on the modem itself.
        remote loopback -- like local loopback, but does something else.

       The modem is in the phone room beside the terminal room (rm.
    4322, if memory serves).  It can be opened with the chase key from
    the key box...but if someone official and outside of staff asks
    you that, you probably shouldn't admit to it.  It has a switch on
    it, too; it seems that switch normally rests in the middle, and
    there's a "LL" setting to the left which I assume puts the modem in
    local loopback mode.

       Now that you have some idea of where things are, call the NOC.
    Identify yourself as from the University of Maryland, and say that
    we're not talking to the outside world.  They will probably ask for
    our Milnet address or the number of the IMP we're connected to,
    and will then poke about and see what's happening.  They will ask
    you to do various things; ask if you're not sure what they mean,
    but the background info above should help in puzzling it out.

       Hopefully, this will make it easier to find people to fix
    our net problems in the future; it's still hard to do 'cause
    we have so little info (no hardware manual, for example),
    but this should give us a fighting chance.

        -Steve

I dug up an "explosive bolts" reference -- fortunately that brilliant plan didn't get far.

(Milo Medin knows this stuff first hand: https://innovation.defense.gov/Media/Biographies/Bio-Display... )

    To: fair@ucbarpa.berkeley.edu (Erik E. Fair)
    Cc: ucdavis!ccohesh@ucbvax.berkeley.edu, Hackers_Guild@ucbvax.berkeley.edu
    Subject: Re: a question of definition
    Date: Thu, 29 Jan 87 12:29:36 PST
    From: Milo S. Medin (NASA ARC Code ED) <medin@orion.arpa>

    Actually its:

    SCINET -- Secret Compartmented Information Net  (if you don't know what
    compartmented means, you don't need to ask)
    DODIIS -- DoD Intelligence Information Net

    The other stuff I think is right, at least without me looking things
    up.  I probably shouldn't have brought this subject of the secure part
    of the DDN up.  People like being low key about such things...

    Erik, all the BBN gateways on MILNET and ARPANET currently comprise
    the core, not just mailbridges.  Some are used as site gateways, others
    as EGP neighbors, etc...  And just because you are dual homed doesn't mean
    you get a mailbridge.  And the IETF doesn't deal with low level stuff
    like that; DCA does all that.  In fact, the reason we are getting an
    ARPANET PSN is because when DCA came out to do a site survey, they
    liked our site so much they asked if they could put one here!  It's
    amazing how many sites have tried to get ARPANET PSN's the right
    way and have had to wait much longer than us...  BTW, since we are
    dual homed (probably a gateway with 2 1822 interfaces in it), we
    are taking steps to be sure that people on ARPANET or MILNET can't
    use our gateway to bypass the mailbridges.  The code will be hacked
    to drop all packets that aren't going to a locally reachable network.
    BARRNet, even though its locally reachable, will be excluded
    from this however, since the current procedural limitations call for
    not allowing any BARRNet traffic to flow out of BARRNet to MILNET
    and the reverse.  NASA traffic of course can traffic through BARRNet,
    and even use ARPANET that way (though that's not a big deal when
    we get our own ARPANET PSN).  That's because only NASA is authorized
    to directly connect to MILNET, not UCB or Stanford, etc...

    DCA must have the ability to partition the ARPANET and MILNET in
    case of an "emergency", and having non-DCA controlled paths between
    the nets prevents that.  There was talk some time ago about putting
    explosive bolts in the mailbridges that would be triggered by
    destruct packets...  That idea didn't get far though...

    The DDN only includes MILNET,ARPANET,SCINET,etc...  Not the attached
    networks.  If it did, you'd need to file a TSR to add a PC to your
    local cable.  A TSR is a monstrous piece of paperwork that needs to
    be done anytime anything is changed on the DDN...  Rick knows all
    about them don't you Rick?

    The whole network game is filled with acronyms!  I gave up trying
    to write documents with full explainations in terms long ago...
    I have yet to see a short and concise (and correct) way of describing
    DDN X.25 Standard Service for example...  That's probably one of the
    harder things about getting into networking these days.  We won't
    even talk about Etherbunnies and Martians and other Millspeak...

                        Milo '1822' Medin

There were rumored to be "explosive bolts" on the ARPA/MILNET gateways (whether they were metaphorical or not, I don't know).

Here's something interesting that Milo Medin wrote about dual homed sites like NSA and NASA, that were on both the ARPANET and MILNET:

    To: fair@ucbarpa.berkeley.edu (Erik E. Fair)
    Cc: Hackers_Guild@ucbvax.berkeley.edu, ucdavis!ccohesh@ucbvax.berkeley.edu
    Subject: Re: a question of definition
    Date: Thu, 29 Jan 87 15:33:35 PST
    From: Milo S. Medin (NASA ARC Code ED) <medin@orion.arpa>

    Right, the core has many gateways on it now, maybe 20-30.  All the LSI's will
    be stubbed off the core however, and only buttergates will be left after
    the mailbridges and EGP peers are all converted.  Actually, I think DARPA is
    paying for it all...

    Ames is *not* getting a mailbridge.  You are right of course, that we could
    use 2 gateways, not just 1 (actually, there will be a prime and backup anyways),
    and then push routing info appropriately.  But that's anything but simple.
    Firstly, the hosts have to know which gateway to send a packet to a given
    network, and thus have to pick between the 2.  That's a bad idea.
    It also means that I have to pass all EGP learned info around on the
    local cable, and if I do that, then I can't have routing info from
    the local cable pass out via EGP.  At least not without violating
    the current EGP spec.   Think about it.  It'd be really simple to
    create a loop that way.  Thus, in order to maximize the use of both
    PSN's, you really need one gateway wired to both PSN's, and just
    have it advertise a default route inside.  Or use a reasonble IGP,
    of which RIP (aka /etc/routed stuff) is not.  I'm hoping to get
    an RFC out of BBN at this IETF meeting which may go a long way in
    reducing the use of RIP as an IGP.

    BTW, NSA is an example of a site on both MILNET and ARPANET but without
    a mailbridge...

    There is no restriction that a network can only be on ARPANET or MILNET.
    That goes against the Internet model of doing things.  Our local
    NASA gatewayed nets will be advertised on both sides.  The restriction
    on BARRNet is that the constituent elements of BARRNet do not all
    have access to MILNET.  NSF has an understanding with DARPA and
    DCA that NSFnet'd sites can use ARPANET.  That does not extend to
    the MILNET.  Thus, Davis can use UCB's or Stanford's, our even NASA's
    ARPANET gateways, with the approval of the site of course, but
    not MILNET, even though NASA has MILNET coverage.  Thus we are required
    to restrict BARRNet routing through our MILNET PSN.  If we were willing
    to sponsor UCB's MILNET access, for some requirement which NASA
    had to implement, then we would turn that on.  But BARRNet itself will
    but cutoff to MILNET (and probably ARPANET too) at Ames, but not
    cut off to other NASA centers or sites that NASA connects.  There is
    no technical reason that prevents this, in fact, we have to take
    special measures to prevent it.  But those are the rules.  Anyways,
    mailbridge performance should improve after the conversion, so
    UCB should be in better shape.  And you'll certainly be able to
    talk to us via BARRNnet...  I have noticed recently that MILNET<->
    ARPANET performance has been particularly poor...  Sigh.

    The DCA folks feel that in case of an emergency they may be
    forced to use an unsecure network to pass certain info around.  The
    DDN brochure mentions SIOP related data for example.  Who knows,
    if the balloon goes up, the launch order might pass through Evans
    Hall on its way out to SAC...  :-)


                        Milo

My understanding is that official cover is more a matter of politeness than secrecy. An embassy employee is obviously a foreign agent in some capacity. The real game is preventing the host country from discovering links between official-cover and non-official-cover agents, since the latter group’s affiliation is actually secret.

> Organisations that can keep their mistakes secret, can make themselves seem much more capable

And also much slower to learn from their mistakes. The history of the CIA is pretty depressing, in this regard.

https://en.wikipedia.org/wiki/Legacy_of_Ashes_(book)


Legacy of Ashes does a pretty good job to that end...

https://www.amazon.com/Legacy-Ashes-History-Tim-Weiner/dp/03...


> The CIA does appear to have lucked out when it comes to Russia. The Intelligence Agency ring fences its Russian activities and the report states that intel chiefs were quick to harden up its Russian communications channel at the first sign of trouble.

Your post makes a lot of sense for that above line in the article. Maybe Russia would rather keep tabs on them as known-people rather than murder them. China seemed to have taken it personally, which is ironic given their vast purported corporate espionage spy networks.


These are different kinds of agents.

Those described in the above comment were US nationals in Russia operating under diplomatic cover, and are not subject to Russian law. They would be deported. Russian nationals working for the CIA would not be found by that search.

The agents in the story were Chinese/Iranian/etc. nationals working for the CIA. They had no diplomatic protection, which is why they were killed.


Different, certainly. What about it?

Do you mean that the people who were careless with one group would be careful with the other? That the people who issued one car model to the real cultural attachés and another model to the CIA agents would be very careful about the agents who risk their lives?


China is much less pluralistic than Russia. It's more important to send a message to locals than it is to poison the information.

So, they were basically relying on metadata to inspect an organization. If anything, this shows the power of metadata.

Adam Curtis has a piece, in the style of Adam Curtis, wondering if spies (well, in this particular case, mostly spy catchers) simply aren't very good at their job; http://www.bbc.co.uk/blogs/adamcurtis/entries/3662a707-0af9-...

Also possible corrupt, Aldrich Ames was living way beyond his means for a decade before he got caught. And the CIA knew it. My assumption has been the CIA turns a blind eye when it's high level agents pass information to 'friendly' governments and corporations, and so were gobsmacked when they found Ames was selling critical information to the Soviets. Which is itself deranged and stupid.

Wow. Thanks for posting this. It's a better read than anything currently on the front page of HN.

Totally true. That Fogle guy was standing out like a white crow among the rest of the "geriatric ward" that US embassy in Russia was.

Moreover, to a Russia person, it would be totally unbelievable that such pipsqueak could get to the position of a "third secretary" of anything in his short, only 5 years long career.


> Organisations that can keep their mistakes secret, can make themselves seem much more capable than other, similarly large organisations.

Organizations gain only corruption through secrecy. Fix the reason for having to keep a secret, and you build a strong organization.


Software projects that can keep the implementation details (and bugs) of their security secret, can make themselves seem much more secure than other, similarly large projects.

you should put these together as a blog post

There's a book already, https://isbn.nu/0374536279. It's dreadful. Well, the book is good, even great. What's dreadful is the mistakes one can commit when the consequences are secret.

The CIA would send a 35-year-old spy out with a cover job that only accepted applicants up to the age of 28, and then send a polite letter to the Russians informing them of his arrival. Meanwhile there was a giant search for the mole at CIA HQ, because there had to be one, how else would the Russians unmask so many agents so quickly?


> SELECT * FROM EMBASSY_EMPLOYEES WHERE CIA

ftfy


> SELECT * WHERE CIA FROM EMBASSY_EMPLOYEES

Although I personally don't find this type of humour funny I can understand why beginners use it. However, if you are going to use it, please make an effort and get it right. In your attempt to showing off, you're just showing you don't know basic SQL.


This is actually (almost) legal in teradata sql, which doesn't enforce clause order, but it doesn't accept an identifier as a predicate.

Care to guess what you've said about yourself with this critical comment? :^)

The question is, why did they need an informal communication channel? What made this easy, and why was using a correct channel considered too difficult? Maybe Edward Tufte will write about this someday, as this might be another example where user interface design ended up having a big impact on world history (Tufte has written about John Snow using a clever map to end the cholera epidemic in London in 1853 and the Challenger shuttle disaster of 1986, the launch being allowed partly because the engineers from Thiokol were not able to present their information in a comprehensible way).

The article says:

"But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels. "It was never meant to be used long term for people to talk to sources," the report quotes one official as saying."

So why did it last so long? What did it offer that the more official channels did not? What kept the agency from developing technology that might have allowed better protected communication channels that might have also been easy to use?

Protected communication is not a sideline for the CIA, it is the core competency. This is something the CIA is supposed to be good at.


> So why did it last so long?

"It's temporary unless it works" - Red Green.

I always fight temporary solutions because there is a perception that one does not need to be as rigorous with temporary solutions. Then there is no sense of urgency for a replacement because this one works, it becomes a "technical debt", a "nice to have", and never gets fixed. In some cases, lack of rigour is the one functionality everybody loves that cannot be removed (security vs convenience).

https://en.wikipedia.org/wiki/The_Red_Green_Show#Red_Green

https://www.youtube.com/watch?v=pY7nx5Z6Kzo&t=3m41s


Wow, that Red Green show is hilarious. Plan to waste the rest of the morning on it.

Broken code gets fixed, bad code lasts forever

> The question is, why did they need an informal communication channel? What made this easy, and why was using a correct channel considered too difficult?

My understanding is that this channel was used for "un-vetted" sources, which I take to mean sources the CIA didn't yet fully trust with their main communications systems. I'm sure they're constantly approached by double-agents looking for information about how they communicate with their sources, so they need more "throwaway" systems for people who potentially could be double agents to use.

The original reporting is better than this Register summary: https://www.yahoo.com/news/cias-communications-suffered-cata.... I think Ars Technica had a better summary: https://arstechnica.com/tech-policy/2018/11/how-did-iran-fin....


This makes sense.

Poor contingent hires couldn't even get basic auth, eh


A Greek saying goes: Ουδέν μονιμότερον του προσωρινού. (There is nothing more permanent than the temporary)

I keep thinking about it when building out information system architectures, especially ones that interface with end users. Bad design is metastatic and unbelievably hard to get out of. Whatever the cost of reversing a bad design decision you have in mind, 10x it and you still might not be truly there.


>So why did it last so long? What did it offer that the more official channels did not? What kept the agency from developing technology that might have allowed better protected communication channels that might have also been easy to use?

It hadn't been broken, so why bother? Sure one of our employees is telling us that it's dangerously insecure, but if its so bad why hasn't it been compromised?


For the same reason POCs or unfinished software runs in production.


Mods, please change link to this source.

Yeah, that's the original article and has a lot more detail.

And this is eight years after the largest HIPAA violation ever (at the time) at NY Presbyterian suffered because a physician programmer was allowed to take down a firewall and Google started indexing patient records. https://www.businessinsider.com/new-york-presbyterian-columb...

I always like to think of the counter case, but note, this is pure speculation. Could the CIA have planted a fake insecure communications system in order to execute key players in Iran's nuclear program? It would be a force-amplifying move. Instead of having 15 spies, you could have 1 (the double agent in this case) who reveals the fake communications network, that in turn takes numerous other players off the board.

The article actually cites 30 killed ... in China.

So in this case, no.

I assume Iran would be careful if they saw a variety of loyal and crucial players implicated.


[flagged]


This is a pretty absurd connection that has zero evidence to back it up. It's an extraordinary claim so where's the actual evidence of it? Your NY Times story simply talks about the Chinese spies and doesn't actually prove what you said.

So from the FWIW... what is it worth? It doesn't really seem like it's worth anything so why mention it?


You want proof that’s what happened or that’s what Q said? I can provide proof that Q said something but not that it’s true LOL. I thought was just an interesting corollary. It’s not hard to find what Q has said. It’s all in one place https://qmap.pub

I'd like proof of the connection to which you are implying happened in your original statement. And I don't think corollary means what you think it means. A corollary is something that is a natural progression from one thing to another. Two things that go hand in hand and what you said does not in any way match that. It couldn't be farther from a corollary. What you said is an absurd conspiracy theory that invents a connection out of whole-cloth and discussing it without calling it out as such (as you did in your first comment, and as you appear to be ignoring in this comment with a laugh) is extremely dangerous.

It's the same as saying 'Lot's of people are saying X' where X is a crazy thing and then just going on about your way. You are basically stating the X and giving it credence but pretending not to with a 'FWIW.'


How is it dangerous?

It's really not worth engaging in a discussion and answering disingenuous questions from someone who believes and traffics in conspiracy theories, especially those as ridiculous as the ones you believe and parrot.

You replied to an earnest request for proof of your extraordinary, outrageous, and false claims with a derailing question instead of any proof.

So don't expect an answer to your question, because you don't deserve one. You've thoroughly disqualified yourself from participating in a legitimate discussion with adults.

And "I don't actually believe conspiracy theories myself, I just spread them" is an even worse excuse for your dangerous, intellectually dishonest misbehavior.


It’s easy to target poor security as the culprit, but it seems another root cause is such bad UX of official, secure communication channels that drove these agents to chat in this alternative, vulnerable system.

Just as a river follows the path of least resistance, so too will users follow the best UX software. Bad UX kills.


UX can't provide security. It can only provide better UX.

Security is a spectrum from convienent/useful to secure. They are mutually exclusive characteristics.

Perfect UX won't remove inconvience of having to preaarange deliver of one time pads, biometric twofactor auth, waiting out of band confirmation of your identity, etc.

All of those can have horrible UX on top of the inconvienence. But even with perfect UX they will never be frtionless as being able to use any device, on any network, using any app/OS, to post on a useless/passwordless site.


As an example. Having the internet searchable is useful, us convienent. But it reduces security because of its convienence.

This breach would not have happened without that convienence.

UX could have made it easier to remember to robots file. So could process, or review or other security practices. But no UX is gonna solve fact that internet is insecure due to its convienence.

The internet can never be secure. At best you can get lower levels of insecurity.


So, security is intrinsically difficult for an organization to get right, because the learning landscape is not continuous. You don't have gradually increasing costs from going in a particular direction; you have apparently zero costs, maybe even rewards, from going in that direction until suddenly OMFG WE HAVE A PROBLEM! This is hard for any machine learning algorithm to deal with, and it is hard for individuals to deal with, and so no surprise that it is hard for organizations to deal with. Lax security, in most cases, yields zero apparent costs until suddenly it is very expensive.

All of which is outweighed by the fact that dealing with this kind of thing is the CIA's reason for existence as a separate intelligence agency, outside of the military (since Pearl Harbor). I am not at all convinced that we would be doing worse to fold intelligence back into the military as it was pre-WWII, because having a culture that understands this kind of problem is the CIA's whole purpose for being separate, and it doesn't seem to have worked.


This incident is now used to as part of a collective PR case for military action in Iran. Earlier articles [0] on this CIA failure points to China breaking the network. Which is odd now that it’s used to make the case against Iran.

[0] https://foreignpolicy.com/2018/08/15/botched-cia-communicati...


Bit of a mis-leading headline considering the article states: "After a double agent showed Iran's government one of the sites, they were then able to use Google to identify other sites the intel agency was using and began to intercept communications."

One of my favorite pastime activities: googling for certain unsecured automation systems and messing around with them. They can be found with zero false positive rate thanks to an obvious misspelling on the login page. There's no need to resort to inurl, intitle and similar modifiers that trigger the captcha almost every time.

The NYT has a much better write up: https://www.nytimes.com/2017/05/20/world/asia/china-cia-spie...

Basically, an internal mole leaked the network, which the Chinese then exploited to roll up the agents. It's not like China just stumbled upon it, they were tipped off. While the nature of the platform didn't help, the roll up was caused by a double agent.


Is this the same breach? People are talking like this is separate from the one you linked to.

I've always thought that the CIA was completely incompetent, but I've never seen more conclusive evidence than this. I've never worked with anyone so flippant about security, but no one should ever expose secrets without proper auth. I won't even expose user address without cert or password auth. It just goes to show you that the old adage is true: if you are a completent programmer you don't end up in government.

Intelligence chiefs of four countries (Iran, Russian, China and Pakistan) met in July, 2018

https://tribune.com.pk/story/1756290/1-pakistan-regional-spy...

I guess this meeting had something to do with all of this.


These deaths took place 5+ years ago, sharing information about a mutual border/former border seems more likely.


> Web scraping is a two-edged sword

No, doing this is:

> But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels.


Isn't this article just a restatement of the original Yahoo news story here? https://www.yahoo.com/news/cias-communications-suffered-cata...

Yes.

Or it was intentionally left vulnerable with names of people the CIA wanted dead in Iran?

If I were the CIA and I wanted a few of Iran's top nuclear scientists killed, I'd just make it seem like they were working for the CIA and let Iran's counterintelligence do the work for me.


That would still be a pretty dumb move in itself - nobody would want to work with anyone who claims to have CIA connections not even for vast amounts of bribery.

I know that countries with less than stellar records of civil rights don't care too much about due process but the not a violent complete moron thing to do would be to ask questions before shooting - namely being sure that they actually are spies or traitors and investigate the claims. For one it could point out peripheral connections down the chain and you know make sure that you aren't getting 'spies lists' of anyone who is close to finding the actual spy.

Granted in that sector it seems that there isn't a scarcity of violent immoral morons even in the west given a love for torture among the CIA. Given the known effects pushing torture is really saying a few things: They want to be able to fool themselves by hearing exactly what they want to hear. They want their foes to fight to the death like a cornered rattlesnake - putting their last breaths in killing as many as possible in the face of insurmountable odds. Finally they want no mercy shown to them if captured.

There are no words for that except evil and stupid - their deaths will not be mourned no matter how horrific because they deserve it and the world will be better off with their passing. I guess that means that the CIA really may be that stupid which isn't a surprise given their real goal with Castro appears to have been to make him as assassination resistant as possible.


That would be a really brilliant move. I doubt, however, that's the move that was made here.

"Ali, this is James. See you at [Iranian landmark,] but 50 meters to the left of the place we met last time."

there are couple things come to mind in that context - that story of Iran MITM-ing HTTPS using a small CA they either hacked and/or acquired and Siemens spying software/hardware at Iran's telcos.

> originally intended to only be a temporary communications channel

Some code never dies


> A defense contractor for the CIA named John Reidy claims he warned the agency that it was using insecure communications systems in 2008, and again in 2010 when he started to suspect the channels had been cracked. A year later he was fired by the agency, a move he claims was retaliation for not shutting up.

strongbox.gov is needed to protect people with brains from being strong-armed by management without brains:

https://medium.com/@cyphunk/the-nature-of-conflict-is-changi...


What were these communication channels the CIA was using that was being indexed by Google? Some public forum or something?

They made websites for fake companies offering job and visa opportunities. People would reply and end up recruited. I'm not sure how exactly they used it for further communication though.

"But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels."

Sounds familiar...


Amazing...and they have essentially unlimited budgets. Protecting their spies is #1 in any agencies' book, otherwise who would tell you secrets?

The saddest part: The "decider" probably got promoted as usual.


It seems like these issues are rarely solely due to unilateral technical incompetence; there's often at least one person who sees the true risk, tries to communicate the risk, and gets completely ignored. The Challenger disaster had several Thiokol engineers express major concerns in vain; this disaster had John Reidy (supposedly):

>A defense contractor for the CIA named John Reidy claims he warned the agency that it was using insecure communications systems in 2008, and again in 2010 when he started to suspect the channels had been cracked. A year later he was fired by the agency, a move he claims was retaliation for not shutting up.

>“It was a recipe for disaster,” Reidy said. “We had a catastrophic failure on our hands that would ensnare a great many of our sources.”

The person who could actually save the day and prevent the catastrophe gets ignored, marginalized, and/or fired. The people who were involved in the original disastrous decision keep moving up in the organization and usually keep their jobs after the catastrophe. So it's not like these organizations are lacking smart people: their institutional and bureaucratic incompetence just prevents those people from doing their job properly.


With stories like this it really makes you wonder how we as a nation have survived this long.

Maybe (much) spy work isn't quite the serious business the national security apparatus would have us believe?

I mean, it's obviously serious business to the people taking risks and doing the work on the ground, I'm talking about it actually being useful to the nation.


Totally agree. While they do get a few wins, I wonder what's the ROI when you take all the failures and waste of resources into account. My guesstimate is not much but like other useless government programs, it hires a lot of people so nobody dares questioning it.

> Totally agree. While they do get a few wins, I wonder what's the ROI when you take all the failures and waste of resources into account.

Very far into positive territory, I'd imagine. Most day-to-day intelligence work probably doesn't have much effect, but every once in awhile they probably get a big win that's so massive that it justifies all the effort.


I have an working theory that as an organization the CIA thinks it can 'win' via various cunning skulduggery. But the world doesn't really work that way.

Like this, France in 1700 wasn't powerful because it's king and ministers were geniuses, it's military competent. It was powerful because it's agriculture could support 20 million peasants.


>Maybe (much) spy work isn't quite the serious business the national security apparatus would have us believe?

Well,... the saying is "Allen Dulles was much of a clown first, politician second, and serviceman the third."

Regarding US foreign intel service: when something the size and budget of CIA does recon, something useful will come out of it regardless of how lame is their tradecraft.


Very similar stories happen with Russians too, like 300 spies outed recently because of cars registered to gru headquarters.

My experience in the military was: Momentum, or as we called it in the Army “violence of action”. We may make a mess of everything we (the government) touch but we’re big and we still move really fast (comparatively). I saw first hand how many nations militaries (I assume their intelligence services are similar) are way more fucked up and incapable of moving to action. It’s not that we’re so good, it’s just that we have a, relative, bias for action. In battle at least, momentum makes up for a lot, including terrible plans.

“Go down that road until you get blown up, then report back” I’ve read that attributed to Patton, but haven’t found a source.

That sounds like my entire command in Iraq.

Like in warmaking, success goes to whoever fails to make a dramatic mistake at a crucial moment.

The answer’s pretty simple. For the most part, no matter what their field, most people aren’t outstanding at their jobs. They do enough to get by but they’re not exceptional.

This is true throughout the world. America has average spies and Russia has average people trying to catch them.


what do you thinks harder? Getting a job as a CIA analyst or senior FAANG Developer?

Did you mean to reply to someone else?

My comment was that no matter the job, most people are average at the work they do, not exceptional. Not anything about difficulty in getting those jobs.


I valued your comment so wanted your input on an orthogonal question

What do you think is harder, being a senior engineer or breathing underwater?

Whoops, guess you're not as good as a fish.


I agree that each position may require different attitudes but I think it’s interesting to think how this situation might have been avoided if more people who were digitally Inclinded (fang applicants ) equally were applying to these positions

I think senior FAANG Developer.

Me too, but I think the public perception is that a cia analyst is a much more difficult job

I look at it more if you're smart enough to do either, which one pays way more, has better perks, doesn't require full lifestyle polygraph with a 10 year background investigation, or drug testing?

There wasn't too much technology that allowed you to blow off your entire CIA agency leg that long ago. Someone's inevitably going to screw up if you put this much valuable intel into a single system where the users and even the operators don't fully understand it. Technology can definitely amplify the damage from incompetence.

Why kill spies? I would think turning local spy in to double agent would be far more beneficial. Or at least feed them wrong information you want. Killing spies simply replaces them.

The second you go after anyone using the communication channel it's fairly likely the entire channel will shut down or change so you're much better off moving quickly on everyone you identify than leaving them out where they might disappear. This is especially true since the information China used was provided by Iran - so was very likely to leak sooner or later. Once you've rounded up all the spies it's up to the government what to do, but either they can trade them, imprison them or kill them and I guess this time they decided it was best to just send a message.


Weren't these just CIA informants i.e. not actual CIA officers? I think the word "spies" is a bit misleading.

phpbb ?

> And Google’s search functions allow users to employ advanced operators — like 'AND', 'OR'

ELI5 not needed...


Sadly, not even supported anymore.

Maybe it's a very sophisticated way to tell that {AND,OR} are not functionally complete.

Right, it should just have either NAND or NOR. Much simpler.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: