Dozens of Spies Killed Thanks To Flawed CIA Comms System

A flawed online communications system developed by the CIA was exposed to Google’s web crawlers, ultimately leading to the execution of dozens of spies. 

The unnamed platform was cracked by Iranian intelligence after a tip-off by a double agent revealed the website they used to communicate with their CIA handlers. Google searches allowed them to locate other secret CIA websites and, from there, start to pick apart the entire spy network.

This all started in 2009 after Tehran went looking for US moles following the announcement by the Obama administration of the discovery of a secret underground enrichment facility. However, the impact was felt globally, most probably after Iran shared its intelligence with China, a move which ultimately led to an estimated 30 CIA spies being executed by Beijing and the collapse of its network there.

This “catastrophic” chain of events led to 70% of the CIA’s spy network potentially exposed to compromise at one point between 2009-13, according to the report. The after-effects are apparently still being felt today.

The problem stemmed from over-confidence among US officials in the use of the platform in hostile states like Iran and China where rigorous state monitoring makes it difficult to communicate in secret.
“It was never meant to be used long term for people to talk to sources,” said one former official. “The issue was that it was working well for too long, with too many people. But it was an elementary system.”
Another issue highlighted by the report was the lack of accountability for the failure in the intelligence services, and the sacking of a whistleblower who first brought the problem out into the open back in 2011.
“Our biggest insider threat is our own institution,” remarked a former official.

Infosecurity:      Image: Nick Youngson

You Might Also Read: 

How Did Iran Find CIA Spies? They Googled It!:

Iranian Political Influence Campaign Goes Global:

« Neither US, Russia Or China Will Sign Macron's Cyber Pact
Darktrace Describe The Alarming Future AI Attack Scenario »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Rollbar

Rollbar

Rollbar is a full-stack error monitoring platform for web and mobile applications. We help developers find and fix bugs fast. Built by developers for developers.

Cyber Security Network

Cyber Security Network

Cyber Security Network provide specialist cyber security recruitment services.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

Guardian Data Destruction

Guardian Data Destruction

Guardian Data Destruction provides a comprehensive suite of onsite e-data destruction services.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

Securolytics

Securolytics

Securolytics offers the simplest, most complete and affordable IoT security for all organizations. Securolytics quickly identifies unmanaged devices to reduce security and compliance risks.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

SecurityStudio

SecurityStudio

SecurityStudio is a continuous cybersecurity risk management platform that allows decision-makers to quickly identify the most immediate threats and make confident risk informed decisions.

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council is a leading collaborative effort between Government of India and Industry to raise Cybersecurity awareness nationally.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.