How Did Iran Find CIA Spies? They Googled It!

Uploaded on 2018-11-12 in INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE--USA, NEWS-Cybersecurity News

A covert "transitional" channel used for communicating with sources that Central Intelligence Agency handlers couldn't reach directly was exposed and infiltrated by Iranian intelligence in 2009. 

The breakdown in operational security, which apparently relied heavily on security through obscurity, was the result of Iranian intelligence officials simply using Google to locate the websites used as the communications channel after a double-agent exposed the method used by the CIA, according to a report from Yahoo News.

Once a double agent presented information about a website the agent had been directed to in order to communicate with the CIA, Iranian intelligence apparently used aspects of the URL to search for other, similar websites. 

Iranian officials were reportedly able to rapidly identify a number of other such sites, which were set up as temporary communications systems for new, unvetted sources by the CIA. 

As a result, Iran's intelligence was able to quickly identify the Iranians communicating through those sites. The breach led to the roundup in 2011 of 30 people identified by Iran as CIA spies.

Further digging into these compromised sites may have exposed the identity of CIA personnel as well. During the same timeframe, Iranian intelligence officials were also directly approaching US CIA officers, trying to recruit them to be double agents.

The exposure didn't end there.  A similar system used to manage Chinese sources was also compromised, leading to the arrest and execution of another approximately 30 people working on behalf of the US between 2011 and 2012.

Some of those deaths have been attributed to information provided to China by former CIA officer Jerry Chun Shing Lee. Former intelligence and national security officials told Yahoo News that the CIA's recruited agents in China were rounded up so quickly because the Chinese government had gained access to the temporary system used by the CIA to communicate with unvetted new sources, possibly because Iranian intelligence officials shared information about the details of the CIA's communications that they had discovered.

The former intelligence officials that spoke with Yahoo believe that the compromise of CIA assets may have been worldwide. And when coupled with the breach of the Office of Personnel Management discovered in 2015 and its potential counterintelligence value, the damage done was likely compounded, as the CIA reportedly was forced to withdraw field agents around the world that might have been exposed.

The nature of the "transitional" communications system isn't clear beyond it having a Web front end that was identifiable by using advanced Google search terms. 

But given that Iran and China both tightly control Internet traffic, simply identifying the sites could have allowed counter-intelligence teams to identify who was visiting sites like them, allowing those countries to potentially redirect them to bogus versions of the sites in order to further extract information about those individuals.

Ars Technica:

You Might Also Read:

Iran Targets Kurds With Spyware:

Iranian Political Influence Campaign Goes Global

« China Has “taken the gloves off” In Hacking Attacks
How To Avoid Facebook Phishing Scams »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Itaccel

Itaccel

IT Accel began a decade ago as a band of technical recruiters who wanted to bring our experience and depth of knowledge to solving complex human resou

Inogesis

Inogesis

Inogesis helps blue-chip organisations harness disruptive technologies and thinking to drive new revenues or overcome challenges by connecting them with dynamic small companies.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

riskmethods

riskmethods

riskmethods helps you proactively identify, assess and mitigate supply chain risk. You need to master supply chain risk management—we can help.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

Difenda

Difenda

Difenda Shield is a fully integrated and modular cybersecurity suite that gives your organization the agility it needs to implement a world-class cybersecurity system.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

NVISO Security

NVISO Security

NVISO is a pure-play cyber security consulting firm, focused mainly on the Financial Sector, the Technology Sector, and Government & Critical Infrastructure.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.

SafeShark

SafeShark

SafeShark are Product Security and Telecommunications Infrastructure (PTSI) Act and Radio Equipment Directive (RED) compliance specialists.