[Cryptography] Massive CIA communications compromise starting in 2008

Arnold Reinhold agr at me.com
Fri Nov 2 12:29:42 EDT 2018


This article describes a massive CIA communication system failure from 2008 to 2013, with continuing issues. It seems the CIA used a series of phony web sites to communicate with agents in hostile countries.  The Iranians apparently found some by tracking down moles based on who knew about information that had leaked, e.g. their underground enrichment facility. They then analyzed the sites they knew about and developed signatures that could be used to successfully find similar sites using Google searches. They likely shared the information with other countries including China. Large portions of CIA networks in many countries were compromised and dozens of sources executed. Some sources were likely turned, creating ongoing problems as to who is still trustworthy. An interesting quote form the article:

'Within some corners of the intelligence world, “there was widely held belief that technology was the solution to all communications problems,” according to one of the former officials. Proponents of older methods — such as chalk marks, burst communications, brush passes and one-time pads — were seen as “troglodytes,” said this official.’

A defense contractor, John Reidy, detected and reported problems in 2008 but was then reassigned and later fired. Apparently no one has been held accountable.

Arnold reinhold

More information about the cryptography mailing list