How Did Iran Find CIA Spies? They Googled It!

A covert "transitional" channel used for communicating with sources that Central Intelligence Agency handlers couldn't reach directly was exposed and infiltrated by Iranian intelligence in 2009. 

The breakdown in operational security, which apparently relied heavily on security through obscurity, was the result of Iranian intelligence officials simply using Google to locate the websites used as the communications channel after a double-agent exposed the method used by the CIA, according to a report from Yahoo News.

Once a double agent presented information about a website the agent had been directed to in order to communicate with the CIA, Iranian intelligence apparently used aspects of the URL to search for other, similar websites. 

Iranian officials were reportedly able to rapidly identify a number of other such sites, which were set up as temporary communications systems for new, unvetted sources by the CIA. 

As a result, Iran's intelligence was able to quickly identify the Iranians communicating through those sites. The breach led to the roundup in 2011 of 30 people identified by Iran as CIA spies.

Further digging into these compromised sites may have exposed the identity of CIA personnel as well. During the same timeframe, Iranian intelligence officials were also directly approaching US CIA officers, trying to recruit them to be double agents.

The exposure didn't end there.  A similar system used to manage Chinese sources was also compromised, leading to the arrest and execution of another approximately 30 people working on behalf of the US between 2011 and 2012.

Some of those deaths have been attributed to information provided to China by former CIA officer Jerry Chun Shing Lee. Former intelligence and national security officials told Yahoo News that the CIA's recruited agents in China were rounded up so quickly because the Chinese government had gained access to the temporary system used by the CIA to communicate with unvetted new sources, possibly because Iranian intelligence officials shared information about the details of the CIA's communications that they had discovered.

The former intelligence officials that spoke with Yahoo believe that the compromise of CIA assets may have been worldwide. And when coupled with the breach of the Office of Personnel Management discovered in 2015 and its potential counterintelligence value, the damage done was likely compounded, as the CIA reportedly was forced to withdraw field agents around the world that might have been exposed.

The nature of the "transitional" communications system isn't clear beyond it having a Web front end that was identifiable by using advanced Google search terms. 

But given that Iran and China both tightly control Internet traffic, simply identifying the sites could have allowed counter-intelligence teams to identify who was visiting sites like them, allowing those countries to potentially redirect them to bogus versions of the sites in order to further extract information about those individuals.

Ars Technica:

You Might Also Read:

Iran Targets Kurds With Spyware:

Iranian Political Influence Campaign Goes Global

« China Has “taken the gloves off” In Hacking Attacks
How To Avoid Facebook Phishing Scams »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Kleiner Perkins

Kleiner Perkins

For five decades, Kleiner Perkins has made history by partnering with some of the most ingenious and forward-thinking founders in technology and life sciences.

PAX Momentum

PAX Momentum

PAX Momentum is the Mid-Atlantic’s premier startup accelerator, specializing in cyber, enterprise software, telecom, CleanTech, FinTech, InsureTech, and AI.

Balance Theory

Balance Theory

Balance Theory provides the knowledge infrastructure and collaboration center for the cybersecurity community. A networked community to build better cybersecurity outcomes.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

MARS Suite

MARS Suite

MARS Suite is your all-in-one solution for cyber protection & compliance. Cybersecurity and risk management is what we do best. And we’re making it simple and easy.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.

Iron EagleX

Iron EagleX

Iron EagleX deliver engineering solutions in cloud computing, big data, cyber, and machine learning technologies to US Government customers.