CIA use of insecure websites led Iran and China to discover informants

by Jacob Fuller

Lauren C. Moye, FISM News

 

In 2010, an Iranian informant for the U.S. Central Intelligence Agency was minutes from leaving Iran with state secrets he planned to share with the CIA. At the airport, he was apprehended by Iranian authorities who already knew all about his spying efforts.

Gholamreza Hosseini, a former nuclear engineer turned CIA asset, wasn’t captured because of betrayal and any slip-up on his part. It was the CIA’s negligent use of an insecure network of websites to communicate with assets that led to his discovery.

As a result of the easily discoverable network, dozens of CIA informants in Iran and China were imprisoned or executed between 2010 and 2012.

Reuters first reported an in-depth investigation of the events after locating Hosseini. He gave Reuters the former website that he used to contact CIA agents and transfer information, Iraniangoals.com. He was the only asset assigned to use this website.

Journalists asked the Citizen’s Lab of Toronto University, which specializes in researching digital espionage and threats to online security, to investigate how Iran might have discovered covert information about Hosseini’s espionage from the site.

Citizen’s Lab researchers used archived data from which they “quickly discovered that the secret messaging window hidden inside Iraniangoals.com could be spotted by simply right-clicking on the page to bring up the website’s coding.”

The undisguised coding gave away a hidden messaging platform and identified a fake search bar as a spot to input a password. Even worse, the analysts were able to eventually uncover 885 additional websites in the network after being provided with only one address.

The negligence of the CIA’s use of the websites is highlighted by the ease at which it could be cracked. Citizen’s Lab said in a released statement that a “motivated amateur sleuth could have mapped the CIA network” at the time that it was active.

The messaging system was used between 2009 to 2013. The 2018 Yahoo report that sparked the later investigation said the system became a global problem originating in Iran that “was left unrepaired — despite warnings about what was happening — until more than two dozen sources died in China in 2011 and 2012 as a result.”

That only happened because the CIA used the system beyond its intended purpose and for much longer than it should have.

“It was never meant to be used long term for people to talk to sources,” one anonymous former CIA official told Yahoo.

The first signs that Iran cracked the system occurred in 2010 after they began to identify CIA agents. Then, in 2011, the CIA spy system in the country crumbled. The result was a setback in information against Tehran as well as a ripple effect that continues to impact the CIA today after the publication of their network.

One defense contractor, John Reidy, warned the CIA of the security failures in 2008. According to Yahoo, Reidy contacted the CIA inspector general and other oversight committees in the following years. At one point, he warned that “70% of operations were potentially compromised” in all countries the CIA was active in.

Actions were not taken to address the security flaw until it was too late for many informants.

Meanwhile, the former assets who survived their compromised status often receive no help from the U.S. government. Hosseini makes a fraction of his former salary after his conviction and prison time. He struggles to support his family.

“It’s a stain on the U.S. government,” Hosseini told Reuters.

With the publicized failings of the CIA, it’s been difficult to rebuild the spy network in the countries most impacted. Additionally, there is still relevant information that can be gleaned from the inactive system of websites.

“Nevertheless, a subset of the websites are linked to individuals who may be former and possibly still active intelligence community employees or assets,” said the website analysts. This includes some who are potentially abroad and at least one current U.S. State Department employee.

The risk is so real that the analysts did not fully disclose their research methods to prevent the identification of potentially vulnerable individuals.

“Our hope is that this research, and our limited disclosure process, will ensure that no one connected to these websites will be in danger, and lead to accountability for this reckless behavior,” said Citizen’s Lab.

DONATE NOW