CIA suffered ‘catastrophic’ compromise of its spy communication system

CIAThe United States Central Intelligence Agency suffered a “catastrophic” compromise of the system it uses to communicate with spies, which caused the death of “dozens of people around the world” according to sources. This is alleged in a major report published on Friday by Yahoo News, which cites “conversations with eleven former US intelligence and government officials directly familiar with the matter”. The report by the online news service describes the compromise of an Internet-based covert platform used by the CIA to facilitate the clandestine communication between CIA officers and their sources —known as agents or spies— around the world.

According to Yahoo News, the online communication system had been developed in the years after 9/11 by the US Intelligence Community for use in warzones in the Middle East and Central Asia. It was eventually adopted for extensive use by the CIA, which saw it as a practical method for exchanging sensitive information between CIA case officers and their assets in so-called ‘denied areas’. The term refers to regions of the world where face-to-face communication between CIA case officers and their assets is difficult and dangerous due to the presence of ultra-hostile intelligence services or non-state adversaries like the Taliban or al-Qaeda. However, it appears that the system was flawed: it was too elementary to withstand sustained scrutiny by Internet-savvy counterintelligence experts working for state actors like Iran, China or Russia.

In September of 2009, Washington made a series of impressively detailed revelations about the advanced status of Iran’s nuclear program. These angered Tehran, which redoubled its efforts to stop the US and others from acquiring intelligence information about the status of its nuclear program. Some sources told Yahoo News that one of the CIA assets inside Iran’s nuclear program was convinced by the Iranians to become a double spy. He proceeded to give Tehran crucial information about the CIA’s online communication system. Based on these initial clues, the Iranians allegedly used Google-based techniques “that one official described as rudimentary” to identify an entire network of CIA-maintained websites that were used to communicate with assets in Iran and elsewhere. The Iranians then kept tabs on these websites and located their users in order to gradually unravel an entire network of CIA agents inside their country. Around that time, Iranian media announced that the Islamic Republic’s counterintelligence agencies had broken up an extensive CIA spy ring consisting of more than 30 informants.

The Yahoo News report says that the CIA was able to successfully exfiltrate some of its assets from Iran before the authorities were able to apprehend them. The agency also had to recall a number of undercover officers, after they were identified by the Iranians. The effects of the compromise, however, persisted on a global scale, according to former US intelligence officials. In 2011 and 2012, another network of CIA spies was busted in China, leading to the arrest and execution of as many as three dozen assets working for the US. Many, says Yahoo News, believe that the Iranians coached the Chinese on how to use the CIA’s online communication system to identify clandestine methods and sources used by the agency.

Along with other specialist websites, IntelNews monitored these developments as they took place separately in Iran and China. However, the Yahoo News report is the first to piece together these seemingly disparate developments and suggest that they were likely triggered by the same root cause. What is more, the report suggests that the CIA had been warned about the potential shortcomings of its online communication system before 2009, when the first penetrations began to occur. In response to the compromise, the CIA has reportedly modified, and at times completely abandoned, its online communication system. However, the implications of the system’s compromise continue to “unwind worldwide” and the CIA is “still dealing with the fallout”, according to sources. The effects on the agency’s operational work are likely to persist for years, said Yahoo News.

Author: Joseph Fitsanakis | Date: 05 November 2018 | Permalink

Advertisements

CIA seeking new ways to protect officers’ secret identities online, says official

Dawn MeyerriecksIn a rare public appearance on Sunday, a senior member of the United States Central Intelligence Agency discussed ways in which ongoing technological changes pose challenges to concealing the identities of undercover operatives. Dawn Meyerriecks worked in industry for years before joining the CIA in 2013 as deputy director of the agency’s Directorate of Science and Technology. On April 22, she delivered one of the keynote speeches at the 2018 GEOINT Symposium. The meeting was held in Tampa, Florida, under the auspices of the Virginia-based United States Geospatial Intelligence Foundation, which brings together government agencies and private contractors.

In her speech, Meyerriecks discussed what she described as “identity intelligence”, namely the detailed piecing of a person’s identity from data acquired from his or her online activity and digital footprint left on wireless devices of all kinds. This data, combined with footage from closed-circuit television (CCTV) systems and other forms of audiovisual surveillance, poses tremendous barriers to clandestine operations, said Meyerriecks. Today, around 30 countries employ CCTV systems with features so advanced that they render physical tracking of human operatives unnecessary, she added. She went on to warn that the combination of these advanced systems with all-encompassing digital networks in so-called smart cities, as well as with the Internet of things, pose serious threats to the CIA’s ability to operate in secret. Abandoning the online grid is not a solution, said Meyerriecks, because doing so draws attention to the absentee. “If you have […] a six figure or low seven figure income, and you own no real estate, you don’t have any health [or] life insurance policies to speak of, you turn your cell phone off every day from 8:00 to 5:00, who do you work for?”, she said.

These technological challenges will not put an end human intelligence, but they are forcing “a sea of change” in the so-called “patterns of life” of clandestine operatives, said Meyerriecks. These operatives “are going to have to live their cover in a whole different way”, she said without elaborating. Ironically, technology may provide solutions to these challenges, for instance through phone apps that fake the geospatial coordinates of the device —“a growing area of research”, she remarked. Another example of a technological solution to the problem is the use of artificial intelligence algorithms to map CCTV camera networks in urban centers. These maps can help clandestine personnel avoid areas where camera networks are present, noted Meyerriecks.

Author: Joseph Fitsanakis | Date: 25 April 2018 | Permalink

Ukraine raids Russian internet search engine company as part of ‘treason’ probe

YandexUkrainian security service personnel raided the offices of a Russia-based internet search engine firm in two cities on Tuesday, as part of a treason investigation. The probe is reportedly related to the ongoing dispute between Kiev and Moscow, which intensified after 2014, when Russia unilaterally annexed the Russian district of Crimea. The Ukrainian government also accuses the Kremlin of clandestinely supporting pro-Russian insurgents in southeastern Ukraine, something that Moscow denies.

Earlier this month, Kiev announced that it would be blocking its citizens from using social media networks that are popular in Russia, including Yandex, a search engine that holds the lion’s share of the Russian internet usage market. The Ukrainian government argued that Russian social are were being used by Moscow to stir up pro-Russian sentiment and organize pro-Russian insurgents and activists inside Ukraine.

On Tuesday, members of Ukraine’s Security Service (SBU) raided the offices of Yandex in the Ukrainian capital Kiev and in the city of Odessa, Ukraine’s third largest city, located on the Black Sea coast. The two locations that were raided by the SBU are registered as subsidiaries of Yandex, which is based in the Russian capital Moscow. In a statement issued on the same day, the SBU said that the simultaneous raids were part of a wider “treason probe”. The security service argues in the statement that Yandex had been found to be sharing the personal information of Ukrainian Internet users with the Russian intelligence services. The illegally shared information included the details of Ukrainian military personnel, said the SBU statement. In turn, Moscow used the data provided by Yandex to plan, organize and carry out “espionage, sabotage and subversive operations” in Ukraine, said the SBU.

Late on Tuesday, a statement issued by Yandex in Moscow confirmed the SBU raids and said it would cooperate with the investigation by the Ukrainian authorities. Meanwhile, Kiev has said that the ban on Russian social media and Internet search engines will remain active for at least three years.

Author: Joseph Fitsanakis | Date: 31 May 2017 | Permalink

Russian subs looking for undersea Internet cables, say US officials

Undersea cableAn increased presence of Russian submarines near American territorial waters appears to correspond to the location of undersea Internet cables used for commercial and military communications, according to officials. Citing “more than half a dozen” American and European officials, including naval commanders and intelligence professionals, The New York Times said on Sunday that the United States Department of Defense was paying close attention to what it described as “significantly increased Russian activity” along known routes of the cables. The paper was referring to Russian underwater vessels, which Washington believes are equipped with technology designed to tap into the cables, or even to sabotage them, by severing them.

According to The Times, officials at the Pentagon believe that Moscow is less interested in tapping into the cables and more interested in mapping their location so that it can attack them during a hypothetical clash with the US. Superficially, the paper said that, according to US officials, the Russian Navy appeared to be seeking to locate the precise coordinates of the fiber-optic cables. The ultimate goal was to sever them “at some of their hardest-to-access locations” if Russia ever needed to disrupt the flow of communication to and from the US. The Russian submarines seem to be seeking some of the deeper locations of the undersea cable networks, which would make it harder for repair crews to locate and repair severed fiber-optic cables.

The New York Times said that, alongside commercial Internet cable networks, Russian submarines were looking for military networks, whose location is usually classified. The paper quoted a European diplomat, who said anonymously that Russian submarine patrols in American territorial waters had increased by nearly 50% since 2014. The level of activity of Russian submarines was now “comparable to what we saw in the Cold War”, said the diplomat.

Author: Ian Allen | Date: 26 October 2015 | Permalink

News you may have missed #857 (hacking edition)

Mossad sealBy IAN ALLEN | intelNews.org
►►UK spies hacked Belgian phone company using fake LinkedIn page. British spies hacked into the routers and networks of a Belgian telecommunications company Belgacom by tricking its telecom engineers into clicking on malicious LinkedIn and Slashdot pages, according to documents released by NSA whistleblower Edward Snowden. The primary aim, reports the German newsmagazine Der Spiegel, which obtained the documents, was to compromise the GRX router system that BICS controlled, in order to intercept mobile phone traffic that got transmitted by the router.
►►Indonesian hackers behind attack on Australian spy service website. Indonesian hackers are believed to have brought down the website of the Australian Secret Intelligence Service, Australia’s leading spy agency. The page was not working on Monday afternoon after hackers launched a “denial of service” attack. A “404 not found” message typically appears when a website crashes under a “denial of service” attack. The cyber attack is reportedly a response to revelations that Australia had been spying on its closest neighbor through its Jakarta embassy.
►►Hamas blasts alleged Mossad website. Hamas officials released a warning about a website called Holol (“solutions”), claiming it is a ruse set up by Israel’s Mossad intelligence agency to recruit Gazans as informants. The website’s “Employment” page states, “due to our connections with the Israeli Civil Administration, we can help you bypass the bureaucratic tape and procedural processes which prevent you from leaving Gaza”. The site also offers Israeli medical assistance, “due to connections with the Ministry of Health and the Israeli Civil Administration”. Palestinians interested in contacting the website’s officials are asked to provide their full name, telephone number, email, topic of inquiry, and an explanation of why they are asking for help. Last month, Lebanese group Hezbollah accused the Mossad of being behind a website seeking information on Hezbollah’s intelligence wing.

Mysterious website seeks intelligence on Hezbollah operatives

Hezbollah party workersBy JOSEPH FITSANAKIS | intelNews.org
Intelligence circles in the Middle East are abuzz with news of a mysterious website that appears to offer substantial financial rewards in exchange for information about alleged members of militant group Hezbollah. The website, located at stop910.com, describes its mission as helping end “Hezbollah-perpetrated terrorism in Lebanon and abroad”. It specifically targets the Lebanese group’s Unit 910, believed to be tasked with international operations, including intelligence gathering from around the world. Hezbollah is a Shiite militant group and political party that controls large swathes of Lebanese territory. It was founded in 1985 in response to the invasion of southern Lebanon by the Israel Defense Forces. It is largely funded by Iran and in recent years has come out in support of the Syrian government in the ongoing Syrian Civil War. Much of the stop910.com website consists of dozens of photographs of alleged Hezbollah operatives. Some are identified by name or alias, but the website asks for further information on them, including their real name, primary residence and telephone numbers or email accounts associated with them. Other photographs show images of unidentified individuals, whom the website describes as suspects known to be members of Hezbollah’s Unit 910. Next to each photograph, the website provides an allegedly secure link, which visitors can use to upload information and request payment. The website, which is currently blocked by most Lebanese Internet service providers, claims to represent an alliance of Western intelligence organizations. But McClatchy Newspapers contacted two Western intelligence officials who said the website was almost certainly an Israeli effort to gather information on Hezbollah activities. The United States-based news agency said it spoke to an unnamed “official based in Beirut […], who works for a European intelligence service”. Read more of this post

NSA ‘broke, circumvented Internet encryption standards’

NSA headquartersBy IAN ALLEN | intelNews.org |
The United States National Security Agency (NSA) has been able to crack or get around basic encryption standards used daily by hundreds of millions of Internet users, according to newly leaked documents. The New York Times said on Friday that it was in possession of documents that prove that the NSA is not restrained by universal encryption standards used in the US and abroad. The NSA, which is America’s largest intelligence agency, and is tasked by the US government with intercepting electronic communications worldwide, is now able to routinely circumvent Secure Sockets Layer or virtual private networks, as well as encryption protection standards used on fourth-generation cell phones. It therefore has instant access to the content of billions of encrypted messages exchanged by users of some of the Internet’s most popular email companies, including Gmail, Hotmail, Yahoo and Facebook. The paper said it obtained the documents from Edward Snowden, a technical contractor for the NSA who defected to Russia this past summer. They include internal NSA memoranda that suggest the NSA deployed specially built supercomputers to break Internet encryption standards. In other cases, the Agency worked with selected companies and convinced them to “build entry points into their products”. The multi-billion effort was apparently launched by the NSA in the early 2000s, soon after the US government lost a lengthy battle with the communications industry centering on the so-called ‘clipper chip’. Read more of this post