More than 70 foreign nationals working as spies for the CIA in Iran and China were systematically identified and slaughtered in the past decade, due to a ridiculously weak web-based system the CIA used to communicate with foreign assets it couldn’t reach directly. This according to a devastating November 2 report in Yahoo News written by journalists Zach Dorfman and Jenna McLaughlin (center-left, but generally trustworthy).
Although the Iranian roll-up occurred in 2011, and the Chinese rout occurred from 2010 to 2012, the CIA did not remedy the root cause of the problem in its transient messaging scheme until 2013, when Yahoo reports teams of co-opted staffers worked around the clock to dismantle the compromised system.
Based on at least one analysis, it looks like a simple internet search using the command “InURL” and other readily available search tools revealed to Iranian and Chinese intelligence agencies a network of interconnected web sites that ultimately led back to CIA official servers. Iranian intelligence appears to be the first to have discovered and used the easy exploit, so simple as to be hardly describable as a hack, then passed the methodology on to others.
What’s more, it’s been public knowledge for years that the CIA had ample warning that something was amiss as early as 2006. Former CIA employee, then CIA contractor John Reidy had noticed agent compromises and pointed out the problem with the system to the agency at that time, ultimately taking his concerns to the CIA’s internal security apparatus and the office of its inspector general. Reidy was subsequently transferred, had his clearance restricted, and ultimately fired from his next contractor position in what appears it may be an act of petty bureaucratic revenge.
Reidy did not let the matter go, but in an extraordinary (although heavily redacted) appeal of the case he’d initially laid before the CIA to the newly created Intelligence Community Inspector General’s office, Reidy yet again detailed the problems he had identified, the assets he feared were blown and possibly killed, and the implications of both for future human intelligence source security. By that time, it was far too late.
The transient communication system the CIA used with its foreign assets was compromised sometime around 2010 by Iranian intelligence, Yahoo reports, perhaps by using a double agent who showed the Iranian Ministry of Intelligence an initial site. This was likely the key that opened up the entire CIA communication system. According to an earlier report by Dorfman, Iran later shared their methodology with other intelligence agencies, including the Chinese Ministry of State Security. Thus were large numbers of foreign nationals working for U.S. intelligence in both countries identified and killed from 2010 to 2012, and likely beyond. Iran claimed to have identified 42.
China hasn’t been so bold, or so stupid, as to announce their success, but, according to a New York Times report, up to a dozen American assets were found, interrogated, and slain (other reports say it was more than two dozen assets). These assets were perhaps confirmed as American spies for the Chinese Ministry of State Security by a separate success in either recruiting or stealing information from ex-CIA operations officer Jerry Chun Sing Lee, who was arrested by the FBI earlier this year. Lee allegedly had a list with Chinese assets’ real names written down in a couple of notebooks he kept with him.
Lee might go to prison. The Iranian and Chinese nationals who aided America and got caught should have been so lucky. Both Iran and China are murderous regimes that do not merely jail outed spies, of course. Some assets were exfiltrated by CIA operatives from Iran in the nick of time, according to the Yahoo report. There are no reports that any escaped from China, or lived.
Assets in Russia were reportedly protected from a similar purge by either the CIA having a different system in place or yet another last-minute emergency containment operation within the agency.
I am just a novelist who keeps up with intelligence matters and spycraft for my books, so my interest is that of an engaged amateur examining secondhand sources. In fact, I am favorably disposed toward America’s intelligence agencies, both military and civilian, which are filled with people who put their lives on the line to keep the country and the Western world safe and free.
News reports and analysis of intelligence matters are often rife with conspiracy thinking. Even when the news is genuine, there are agendas being pushed that someone outside the intelligence community has difficulty gauging due to necessary lack of background information. What’s more, I often find journalists and writers who specialize in intelligence reporting to be headcases and cranks who have somehow managed to don respectable garb.
Yet one can’t encounter Dorfman and McLaughlin’s major scoop with its revealing new information from 11 (probably disgusted and angry) former U.S. intelligence officials without being appalled at the ineptitude and arrogance the CIA displayed. Several questions immediately suggest themselves.
1. Have the specific problems been dealt with?
Considering the order of ineptitude on display, are there still exploitable copies of the web sites up on archive.org or elsewhere?
2. Are CIA foreign source communications actually fixed?
Have tried and true, centuries-old spycraft behaviors such as dead drops, brush passes, cypher pads, and the like been adapted and put in place in a modern setting? How anybody can be stupid enough to place the personal identities of spies for the United States in an electronic directory in the first place beggars the understanding. We don’t need to know the exact details, but has this practice been nixed and something better put in place?
3. Who let this happen?
Although Reidy’s reports were ignored during the Bush years, the real catastrophe got rolling during the Obama administration. As Michael Walsh points out at PJ Media, it played out under a carousel of changing directors. Walsh convincingly contends that administrative churn in an area the president disliked was a large reason for the failures. Can we get an accounting, and maybe even an apology to the American people for screwing up so badly?
4. Is the CIA itself fixed?
This is an agency that seems lately given to fantasy and bureaucratic truculence, especially for its role in the idiotic Russia collusion imbroglio. Did former director Mike Pompeo address any of these issues during his tenure? Most of all, can we trust that current director and CIA lifer Gina Haspel has gotten rid of the fools who set up, maintained, and defended the horrific transient communication system, and gotten rid of the knaves who ignored and hounded the stalwart Reidy out of a job?
5. Who are the spies who were killed?
Might as well tell us now. Whatever was going to be compromised is already shot to pieces. Whether these folks did it for money, revenge, sex, love, or purity of heart and love of freedom, they were doing the citizens of the United States, and the people of the free world, a huge service, obviously risking their lives in the process.
Have their surviving families been protected? Covertly rewarded with cash, tickets out, spots for their children in U.S. universities? We should do them right and take care of this debacle American-style, with more than an anonymous star on some wall at Langley. It is a pity we could not keep our spies safe, but at least we should honor their ultimate sacrifice.
6. What was revealed to China and Iran when these spies were interrogated?
How and when is this catastrophic failure going to come back and haunt us? Because it will.
This article has been corrected with respect to Jerry Chun Sing Lee’s former CIA title.