[Cryptography] crypto leak to Iranians via Iraqis

Nico Williams nico at cryptonector.com
Wed Jan 3 18:31:19 EST 2018 

On Wed, Jan 03, 2018 at 10:52:51PM +0100, iang wrote:
> 3 STELLAR WIND
> 
> IN THE SUMMER of 2003, the New York Times named a new Washington bureau
> chief: Philip Taubman, an old friend of Bill Keller’s. Taubman had been the
> Times’s Moscow bureau chief when Keller won a Pulitzer Prize as a
> correspondent there. Now Taubman was Keller’s man in Washington.
> 
> Taubman and I developed a friendly relationship. He had covered national
> security and intelligence matters earlier in his career, and he seemed eager
> for scoops. But by 2004, I began to disagree with some of his decisions.
> That spring, I learned that the Bush administration had discovered that
> Ahmad Chalabi, the neoconservatives’ golden boy in Iraq, had told an Iranian
> intelligence official that the National Security Agency had broken Iranian
> codes.
> 
> That was a huge betrayal by the man some senior Bush administration
> officials had once considered installing as the leader of Iraq. But after I
> called the CIA and NSA for comment, NSA Director Michael Hayden called
> Taubman and asked him not to run the story. Hayden argued that even though
> Chalabi had told the Iranians that the U.S. had broken their codes, it
> wasn’t clear the Iranians believed him, and they were still using the same
> communications systems.
> 
> Taubman agreed, and we sat on the story until the CIA public affairs office
> called and told him that someone else was reporting it, and that we should
> no longer feel bound not to publish. I was upset that I had lost an
> exclusive, and I believed that Hayden’s arguments against publication had
> been designed simply to save the White House from embarrassment over
> Chalabi.

Some lessons:

0) Risen is a moron or disingeneous (or both).

1) Don't cry for Risen.

2) No really, don't cry for Risen!

3) Don't share secrets of this magnitude with people who don't have to
   know.  Chalabi almost certainly didn't have to know!

   (Of course, Chalabi could, if he didn't really know, have
   inadvertently revealed this to the Iranians too.  Even if he didn't
   know, but what he was told implied a break to the Iranians, then
   maybe he shouldn't have been told any such thing to begin with.)

   (Chalabi also could just not have known anything yet told the
   Iranians just to impress them with his claimed level of access.  That
   would still be a compromise, and a betrayal.)

4) If told your crypto is broken, you might want to take advantage of
   this information, and eventually test it, which brings us to:

There are plausible very good reasons for asking a journalist not to
reveal that the enemy knows a secret of this magnitude that go beyond
screwing the journalist or saving oneself embarrassment.  Here's one
reason, for example:

   Just because the enemy knows you broke their crypto doesn't mean that
   they know that you know that they know this.

   If the enemy is using knowledge of the break to feed you
   disinformation, they may also have to forego protection for lots of
   other traffic just to avoid tipping you to their knowledge of your
   break, so there can still be real intelligence to be had.

   Once they know you know they know you broke their crypto they have no
   reason to continue using any longer than it takes to deploy new
   crypto.

And besides, Risen himself lists another good reason: the Iranians might
not have believed what Chalabi told them.  So that's two plausible very
good reasons right there.

Risen should have had the courage to publish, or the else loyalty to
country not to.  Pick one.  Most likely he held back only to avoid
losing access.

Even if the only real reason to ask Risen to not publish was to save the
administration embarrassment, Risen couldn't have known this.

Nico
--

More information about the cryptography mailing list