How Did Iran Find CIA Spies? They Googled It!

A covert "transitional" channel used for communicating with sources that Central Intelligence Agency handlers couldn't reach directly was exposed and infiltrated by Iranian intelligence in 2009. 

The breakdown in operational security, which apparently relied heavily on security through obscurity, was the result of Iranian intelligence officials simply using Google to locate the websites used as the communications channel after a double-agent exposed the method used by the CIA, according to a report from Yahoo News.

Once a double agent presented information about a website the agent had been directed to in order to communicate with the CIA, Iranian intelligence apparently used aspects of the URL to search for other, similar websites. 

Iranian officials were reportedly able to rapidly identify a number of other such sites, which were set up as temporary communications systems for new, unvetted sources by the CIA. 

As a result, Iran's intelligence was able to quickly identify the Iranians communicating through those sites. The breach led to the roundup in 2011 of 30 people identified by Iran as CIA spies.

Further digging into these compromised sites may have exposed the identity of CIA personnel as well. During the same timeframe, Iranian intelligence officials were also directly approaching US CIA officers, trying to recruit them to be double agents.

The exposure didn't end there.  A similar system used to manage Chinese sources was also compromised, leading to the arrest and execution of another approximately 30 people working on behalf of the US between 2011 and 2012.

Some of those deaths have been attributed to information provided to China by former CIA officer Jerry Chun Shing Lee. Former intelligence and national security officials told Yahoo News that the CIA's recruited agents in China were rounded up so quickly because the Chinese government had gained access to the temporary system used by the CIA to communicate with unvetted new sources, possibly because Iranian intelligence officials shared information about the details of the CIA's communications that they had discovered.

The former intelligence officials that spoke with Yahoo believe that the compromise of CIA assets may have been worldwide. And when coupled with the breach of the Office of Personnel Management discovered in 2015 and its potential counterintelligence value, the damage done was likely compounded, as the CIA reportedly was forced to withdraw field agents around the world that might have been exposed.

The nature of the "transitional" communications system isn't clear beyond it having a Web front end that was identifiable by using advanced Google search terms. 

But given that Iran and China both tightly control Internet traffic, simply identifying the sites could have allowed counter-intelligence teams to identify who was visiting sites like them, allowing those countries to potentially redirect them to bogus versions of the sites in order to further extract information about those individuals.

Ars Technica:

You Might Also Read:

Iran Targets Kurds With Spyware:

Iranian Political Influence Campaign Goes Global

« China Has “taken the gloves off” In Hacking Attacks
How To Avoid Facebook Phishing Scams »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

VXRL

VXRL

VXRL is a Hong Kong-based cybersecurity company. We provide consulting services, penetration testing, and corporate training.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

Sectra Communications

Sectra Communications

Sectra successfully develops and sells cutting-edge solutions in the expanding niche segments of medical IT and cybersecurity.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Siege Technologies

Siege Technologies

Siege Technologies is a pioneer of multi-purpose cybersecurity products and services that enable customers to leverage both offensive and defensive technologies.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

CyberGate Technologies

CyberGate Technologies

CyberGate Technologies is a world-class, customer focus cyber security service and consultancy company operating the UK, Europe, Middle East, and Africa.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Hakai Security

Hakai Security

Hakai is a consulting firm specializing in information security that offers customized services and products to meet the needs and goals of each business.