Dozens of Spies Killed Thanks To Flawed CIA Comms System

Uploaded on 2018-11-14 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

A flawed online communications system developed by the CIA was exposed to Google’s web crawlers, ultimately leading to the execution of dozens of spies. 

The unnamed platform was cracked by Iranian intelligence after a tip-off by a double agent revealed the website they used to communicate with their CIA handlers. Google searches allowed them to locate other secret CIA websites and, from there, start to pick apart the entire spy network.

This all started in 2009 after Tehran went looking for US moles following the announcement by the Obama administration of the discovery of a secret underground enrichment facility. However, the impact was felt globally, most probably after Iran shared its intelligence with China, a move which ultimately led to an estimated 30 CIA spies being executed by Beijing and the collapse of its network there.

This “catastrophic” chain of events led to 70% of the CIA’s spy network potentially exposed to compromise at one point between 2009-13, according to the report. The after-effects are apparently still being felt today.

The problem stemmed from over-confidence among US officials in the use of the platform in hostile states like Iran and China where rigorous state monitoring makes it difficult to communicate in secret.
“It was never meant to be used long term for people to talk to sources,” said one former official. “The issue was that it was working well for too long, with too many people. But it was an elementary system.”
Another issue highlighted by the report was the lack of accountability for the failure in the intelligence services, and the sacking of a whistleblower who first brought the problem out into the open back in 2011.
“Our biggest insider threat is our own institution,” remarked a former official.

Infosecurity:      Image: Nick Youngson

You Might Also Read: 

How Did Iran Find CIA Spies? They Googled It!:

Iranian Political Influence Campaign Goes Global:

« Neither US, Russia Or China Will Sign Macron's Cyber Pact
Darktrace Describe The Alarming Future AI Attack Scenario »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

Delphix

Delphix

Delphix is the industry leader for DevOps test data management.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

Claroty

Claroty

Claroty was conceived to secure and optimize OT networks that run the world’s most critical infrastructures.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

TAC Security (TAC Infosec)

TAC Security (TAC Infosec)

TAC Security (aka TAC Infosec) is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.

SecureCyber

SecureCyber

Secure Cyber Defense offers industry-leading technology and managed detection and response solutions.