CIA’s secret online network unravelled with a Google search

According to reports, the US government is still reeling from a catastrophic, years-long intelligence failure that compromised its internet-based covert communications system and left CIA informants vulnerable to exposure and execution worldwide.

In 2013, following the compromise, CIA experts worked feverishly to reconfigure their secret websites and try to move their informants to safety, but intelligence sources say that damage this severe probably can’t be wholly undone.

Yahoo published a report last week about the previously unreported intelligence disaster.

According to Yahoo, which relied on 11 former intelligence and national security officials for the report, the problem started in Iran and “spiderwebbed” out to countries that were friendly to Iran.

It wasn’t just one point of failure: it was a string of them. One of the worst intelligence failures of the past decade was in 2009, when the Obama administration discovered a secret Iranian underground enrichment facility. The Iranians, furious about the breach, went on a mole hunt, Yahoo reports, looking to dig out foreign spies.

Unfortunately for the US and its agents, it didn’t take long to find the moles. That’s due in large part to what one former official called an “elementary system” of internet-based communications – one that was never meant to stand up to sophisticated counterintelligence efforts such as those of China or Iran, let alone one that should have been entrusted with the extremely sensitive communications between the CIA and its sources.

That system had initially been used in war zones in the Middle East, and entropy kept it in use by far more people, for far longer, than originally intended. Part of the problem is that it was easy to use, tempting intelligence agencies to overlook its shortcomings. Yahoo quotes a former official:

It was never meant to be used long term for people to talk to sources. The issue was that it was working well for too long, with too many people. But it was an elementary system.

Another former official:

Everyone was using it far beyond its intention.

Two of Yahoo’s sources from the intelligence community said that the Iranians had cultivated a double agent who led them to the CIA’s secret communication system, which it was using in areas such as China and Iran, where in-person meetings can be dangerous. The CIA eventually learned from Israeli intelligence that Iran had likely identified some of its agents.

Finding out about Iran’s discovery of its secret communications system didn’t put an end to the intelligence breakdown, given that the Iranians used a simple method to take the single thread of the initial website and use it to unravel the far wider CIA network.

Namely, they Googled it.

A former intelligence official says that once the Iranians were shown the website where CIA handlers communicated with their sources, they began to search for other websites with similar digital signifiers or components. By using simple Boolean search operators – like “AND,” “OR,” as well as more sophisticated ones – the Iranians eventually came up with advanced search terms that would lead them to other secret CIA websites.

After that, it was just a question of tracking who was visiting the CIA’s sites, and from where.

By 2013, Iranian cyber experts had gone on the offensive, tracking CIA agents outside of Iran’s borders. “Iran was aggressively going out to hunt systems down,” a former intelligence official said. “They weren’t just protecting themselves anymore.”

It’s not clear whether Iran shared its findings with its counterparts in China or whether Chinese intelligence figured it out on its own, but between 2010 and 2012, China dismantled the CIA’s spying operations within the country.

This all may have been avoided if a whistleblower’s warnings had been heeded. In 2008 – well before Iran or China found and arrested CIA agents – John Reidy, who worked for CIA subcontractors helping to identify, manage, and report on human assets in Iran, had already warned about fraud involving a CIA subcontractor, and a “catastrophic intelligence failure” in which “upwards of 70% of our operations had been compromised” by hostile penetration of US intelligence computer networks.

Reidy’s disclosure is publicly available – here it is in an appeal he filed regarding a decision from an external review panel about his whistleblower report – though it’s heavily redacted.

According to that disclosure, by 2010 he’d been told, by multiple government employees, that the “nightmare scenario” he had warned about regarding the secret communications platform had, in fact, transpired.

According to Reidy, the communications system compromise became evident after operation “anomalies” began to surface in operations, including “sources abruptly and without reason ceasing all communications with us.”

Nobody did anything but brush it aside and cover it up, Reidy said, including congressional oversight committees. He was sidelined, and then he was fired. Yahoo spoke to his attorney, Kel McClanahan, who said that things could have turned out far differently if they’d listened and acted:

Can you imagine how different this whole story would’ve turned out if the CIA [inspector general] had acted on Reidy’s warnings instead of going after him? Can you imagine how different this whole story would’ve turned out if the congressional oversight committees had done oversight instead of taking CIA’s word that he was just a troublemaker?

Irvin McCullough, a national security analyst with the Government Accountability Project, a nonprofit that works with whistleblowers, said the failure of intelligence and government agencies turned it into an intelligence disaster of epic scale:

This is one of the most catastrophic intelligence failures since Sept. 11. And the CIA punished the person who brought the problem to light.