>But the CIA’s interim system contained a technical error: It connected back architecturally to the CIA’s main covert communications platform. When the compromise was suspected, the FBI and NSA both ran “penetration tests” to determine the security of the interim system. They found that cyber experts with access to the interim system could also access the broader covert communications system the agency was using to interact with its vetted sources, according to the former officials.
>In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems.
If you read between the lines, this raises the suspicion that there's a common underlying infrastructure which handles the communications, with management front-ends for different users which are firewalled off from each other, and the security of the system relied upon the firewall between the different front-ends to prevent users from finding out about each other. However, an attacker who compromised the "less secure" front end, could use that as a launching pad to attack the underlying communication infrastructure, and if the attacker pwned the infrastructure, then he'd have a back entrance to the "more secure" front end.
If that's the case, then somebody was grossly incompetent, depending on the age of the system: if the system is old enough, then somebody running ops in the CIA is incompetent, for continuing to operate a system whose security model ("all you need is a strong enough firewall!") was obsolete; if the system is young enough, then either the original architects, or the security engineers who certified the architecture (if there were any), for proposing an architecture with an obsolete security model.
Arguably, that incompetence amounts to criminal negligence, since it resulted in the deaths of US agents, and somebody should be tried for it.
> U.S. intelligence officers were also able to identify digital links between the covert communications system and the U.S. government itself, according to one former official—links the Chinese agencies almost certainly found as well. These digital links would have made it relatively easy for China to deduce that the covert communications system was being used by the CIA. In fact, some of these links pointed back to parts of the CIA’s own website, according to the former official.
How was this approved? This is such an obvious no-no. Would have expected a completely standalone, ring-fenced platform with absolutely no relationship to the government's known IP addresses and domains?
> and the security of the system relied upon the firewall between the different front-ends
I really don't think there's anything to conclude from the "firewall" comment. This term has become a layman way of describing any kind of intended separation between computer systems. People know what firewalls are and so it becomes an overused analogy. It's like how passwords are described as being "encrypted" in layman media.
I obviously have no technical info, but my guess from this article is that 'back entrance' is probably inferring too much.
I would bet that communication apps A and B made connections to the same someCIADomain/IP range (or other less obvious metadata patterns, maybe the shared methods produced enough entropy on the whole to fingerprint).
Thus even if one can't read the content of the message the firewall matches the discovered pattern === likely a spy; so if the less vetted App A source was compromised offline and thus the shared online pattern is now known so too are sources using App B who were less likely to be compromised offline.
How stupid it is to spend so much effort on compartmentalising their intel net in the country, but have all spies report by dialing in into the same website in a country employing few brigades worth of people reading tcpdumps 24/7?
Compare that to one way coded messages over hf radio: a place for pick up of a dead drop in n days is broadcasted, then it is picked up by a man who reads it, destroys it, and gtfos from the country. In that scheme nobody in any way contacts anybody in real time other that the HQ.
Deploys on computers. Web-based. Detectable through decryption or pattern analysis. Firewalls. It was a pair of Tor hidden services. The mistake was probably that they ran both on the same machine with only a firewall separating them, rather than physically different servers.
Here I was always assuming they employed the types of people who read HN to build systems like this. I'd expect e2e crypto, perfect forward secrecy, perhaps something akin to tor, and maybe even the ability to use steganography to disguise the fact any comms were really happening at all.
Oh look at this cute kitten picture, let me save it and then get the encrypted code out of it. That's great, let me upload this equally cute puppy riding a skateboard picture to the forum that contains my reply.
This makes a good case for an official software engineering licensing program like what we have for other kinds of engineers, at least for high-risk things like medical control systems and government security. Right now, a nontechnical person has no basis for evaluating the quality of engineer which they hired to do this job, except by asking other engineers, etc.
It took 8 years for the CIA to figure out what happened?? This certainly explains why China and Russia continue to conduct cyber operations basically at the same level of intensity they have been for years - US intelligence, despite its enormous, unaccountable budget is unable to stop them or even know where they are compromised. If there is an actual hot conflict between the US and either of these nations, I shudder to think what will happen.
I don't believe the US lacks in technical skill at the operational level. These failures are management and organizational failures.
The problem is that the real conflict the US faces is whether it should let its foreign policy be run by facts, or whether the intelligence agencies are simply there to manufacture consent for whatever the ruling party has decided to invade next. In the latter case the intelligence on the ground doesn't actually matter, so there's no political pressure to make sure it's done well.
I wonder if this is due to the ever increasing scale of the US intelligence services.
From my working life perspective smaller teams of talented people are often more impactful than significantly larger teams. E.g. Large teams create bureaucracy. And 'weak links' become harder to spot and typically allowed to remain.
I know nothing about this area so take my comment as curiosity only, but I wonder what USA gets/achieves for this $50-100bn intelligence budget? And what would they get at a $2bn funded group utilising a much smaller group of the best employees within the existing orgs.
For starters they can't really pay market salaries for the skills they need so to some degree this has more to do with laws on the books than with management and organizational failures.
Intelligence isn't just about human intelligence sources. Historically the US has been terrible at human intelligence and peerless at technical intelligence such as spy satellites, bugs, signals intercept, etc...
"This didn't make it into the piece, but here's how the Chinese treated people working with the CIA: According to one source, one asset working at a state tech institutes, and his pregnant wife, were executed live on closed circuit TV in front of the staff."
Obviously a revelation on Twitter about a secretive organisation's workings should always be taken with a grain of salt. However these sorts of reports aren't too uncommon, and it surprises me how there's a lot of pro-china commentators in communities such as HN who seem to glaze over these sorts of things and still aggressively promote the "Chinese way of doing things" is superior to whatever western value or opinion is the discussion point of the day.
> According to three of the officials, one was shot in front of his colleagues in the courtyard of a government building — a message to others who might have been working for the C.I.A.
This is exactly like the wild claims about "Iraqi babies being killed in incubators" [1]. It's an absurd, baseless claim but somehow it gets regularly accepted as true.
At some point you would think that journalists would show even a little intelligence, a little competence, a little skepticism.
I think the reason why Chinese government would execute defected officials, instead of putting them in prison for life, is because historically defected officials often caused very serious losses to the chinese communist party. For instance, one of the most damaging defectors in their history was Gu Shunzhang, who led to the arrest of hundreds of their underground communists (many of those arrested were executed by the KMT government at the time). In those early days, the Chinese communist party was very weak and had to fight for its own survival. So as a result, Zhou Enlai ordered the assassination of almost Gu's entire family, as warning and revenge [1]...
I think this bears a certain similarity to the rationale of that IRA members assassinated their defectors and French executed their traitors in WWII...
It's just sad to see that certain traditions still remained unchanged with the Chinese government (or more specifically, their communist party) ...but at least we can see how much they hate defectors; and we can find some common root of that in all humanity...
Perhaps things will change when they value human life more, which I think they will do when their individual's economic condition continues to improve...When the existence of an average life makes little difference to a society, statistically, life would be socially regarded as cheap...
The CIA has a long and storied history of arrogance, incompetence, and letting down sources. The book, “Legacy of Ashes” provides an excellent readable, detailed history of the Agency since its creation, with tons of primary-source interviews and research.
(The title refers to a quote by Eisenhower, who left the Presidency disappointed at the “legacy of ashes” which was all he felt the CIA accomplished during his tenure.)
I treat any media 'story' about spooks with great suspicion, because it almost almost invariably winds up over time that there are far more layers to the onion than are revealed in these types of exposes.
I wonder what 'The disaster in China has led some officials to conclude that internet-based systems, even ones that employ sophisticated encryption, can never be counted on to shield assets' is going to lead to? Some sort of new infrastructure may even already be in use...
When the Russians were concerned about security, they switched back to using typewriters. Don't assume that a high tech solution would always be the answer...
Another way to look at it is to consider that it’s really embarassing to suffer an extremely high cost in lives lost, over a misconfigured Group Policy Object or Windows Registry Key or /etc/hosts file.
Something like that is akin to trusting cheap sheetrock/gypsum board and a couple of molly screws to support the weight of some priceless oil painting in a massive ornamental frame.
To see a priceless thing destroyed, but for want of a proper wall to mount it on is insult to injury.
110% pure fantasy but could google be encouraged by the CIA to enter the Chinese market with whatever restrictions the Chinese government imposes but provide secure communication for whoever the CIA needs it for?
This is a fascinating story. But I always think about what the motives are to reveal such information. What you read is always different than the actual...
In a separate note, I'm not sure technically what the right solution is, but I imagine an encrypted stenographic message on a popular peer to peer internet service would be the best way to avoid detection. ... When the entire web is being monitored.
It’d be best to imagine something else. Stenographers are much too busy in court, recording transcripts of proceedings as they transpire. They wouldn’t have time to help avoid detection.
I think it’s probably better to use a stegosaurus, given their spiked tail, and boney plates, which will scare off any attackers.
Or maybe just safely conclude that casually pondering what might or might not work isn’t good enough, and cannot compare to what’s faced in a real situation, where simply knowing what the word steganography means wouldn’t help either.
Knowing how absurdly insecure any civilian consumer system is (laptop, smart phone, home assistant, self driving car), with zero day fire-and-not-a-drill-at-all advisories, pretty much every month, I don’t get how this sort of thing happens.
I also fail to see how a decision like this could be made:
The CIA had imported the system
from its Middle East operations...
To China? The degree of technical differences between those two regions is so intuitively disparate, that without having been to either, I’d still never estimate that a game plan for one would work in the other.
Cell phones make sense in desert territories with good satellite coverage, and attacking, as much as operating those same cell phones makes sense too, in a volatile atmosphere.
Meanwhile, in China, with world class supercomputing facilities operated at scientific research institutions, one can only safely assume that no amount of cryptography or electronic transmission is safe. Not even one-time pads.
Each seems like it’s own game, with it’s own rules. What a mistake to not approach them differently. It’s like trying to steal cars from a suburban driveway at dinner time, versus a city parking garage during rush hour. A car is not simply a thing with wheels, that rolls away as soon as you can hop inside.
Maybe they should have used BBM/iMessage/WhatsApp - all the civilian gear governments are screaming they need backdoors into because they’re too tough to crack...
Yes I say this partly in jest and also partly as a ‘why didn’t they’. BBM Enterprise over a VPN service popular with movie streamers would have actually helped them blend in... digitally speaking.
An intelligence operation has different requirements. While those listed applications might hide the contents of the messages, you can still see that messages were sent/received, and that might be enough to warrant you for summary execution in China.
During WW2/WW1 the British knew when air raids were coming from Germany by recognizing radio traffic patterns, and activity. The radio traffic was encrypted, and they could not understand whatever was sent, but the traffic itself created patterns that alerted them.
Just because the Albuquerque Police Department can't crack <insert secure messenger here> doesn't mean the NSA can't.
Interesting point about blending in, but I suspect they thought they could build a system more secure than the commercial options and/or didn't trust their security in the hands of a third party.
Fucking A man. As an American tax payer and patriot I am pissed that China gets away with shit like this. Time for us to play dirty games and get retribution.
It's probably also a mistake to use the set of communication systems for all your agents, even if you trust them. For something as high-risk as this, they should use bespoke systems for each agent or each sub-network. Doing otherwise is putting all their eggs in one basket.
[+] [-] solatic|7 years ago|reply
>In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems.
If you read between the lines, this raises the suspicion that there's a common underlying infrastructure which handles the communications, with management front-ends for different users which are firewalled off from each other, and the security of the system relied upon the firewall between the different front-ends to prevent users from finding out about each other. However, an attacker who compromised the "less secure" front end, could use that as a launching pad to attack the underlying communication infrastructure, and if the attacker pwned the infrastructure, then he'd have a back entrance to the "more secure" front end.
If that's the case, then somebody was grossly incompetent, depending on the age of the system: if the system is old enough, then somebody running ops in the CIA is incompetent, for continuing to operate a system whose security model ("all you need is a strong enough firewall!") was obsolete; if the system is young enough, then either the original architects, or the security engineers who certified the architecture (if there were any), for proposing an architecture with an obsolete security model.
Arguably, that incompetence amounts to criminal negligence, since it resulted in the deaths of US agents, and somebody should be tried for it.
[+] [-] covermydonkey|7 years ago|reply
> U.S. intelligence officers were also able to identify digital links between the covert communications system and the U.S. government itself, according to one former official—links the Chinese agencies almost certainly found as well. These digital links would have made it relatively easy for China to deduce that the covert communications system was being used by the CIA. In fact, some of these links pointed back to parts of the CIA’s own website, according to the former official.
How was this approved? This is such an obvious no-no. Would have expected a completely standalone, ring-fenced platform with absolutely no relationship to the government's known IP addresses and domains?
[+] [-] hackinthebochs|7 years ago|reply
I really don't think there's anything to conclude from the "firewall" comment. This term has become a layman way of describing any kind of intended separation between computer systems. People know what firewalls are and so it becomes an overused analogy. It's like how passwords are described as being "encrypted" in layman media.
[+] [-] dillondoyle|7 years ago|reply
I would bet that communication apps A and B made connections to the same someCIADomain/IP range (or other less obvious metadata patterns, maybe the shared methods produced enough entropy on the whole to fingerprint).
Thus even if one can't read the content of the message the firewall matches the discovered pattern === likely a spy; so if the less vetted App A source was compromised offline and thus the shared online pattern is now known so too are sources using App B who were less likely to be compromised offline.
[+] [-] baybal2|7 years ago|reply
Compare that to one way coded messages over hf radio: a place for pick up of a dead drop in n days is broadcasted, then it is picked up by a man who reads it, destroys it, and gtfos from the country. In that scheme nobody in any way contacts anybody in real time other that the HQ.
[+] [-] st26|7 years ago|reply
[+] [-] sandworm101|7 years ago|reply
Deploys on computers. Web-based. Detectable through decryption or pattern analysis. Firewalls. It was a pair of Tor hidden services. The mistake was probably that they ran both on the same machine with only a firewall separating them, rather than physically different servers.
[+] [-] SEJeff|7 years ago|reply
Oh look at this cute kitten picture, let me save it and then get the encrypted code out of it. That's great, let me upload this equally cute puppy riding a skateboard picture to the forum that contains my reply.
[+] [-] rb808|7 years ago|reply
[+] [-] xkcd-sucks|7 years ago|reply
[+] [-] _bxg1|7 years ago|reply
[+] [-] debt|7 years ago|reply
[+] [-] yborg|7 years ago|reply
I don't believe the US lacks in technical skill at the operational level. These failures are management and organizational failures.
[+] [-] pjc50|7 years ago|reply
The problem is that the real conflict the US faces is whether it should let its foreign policy be run by facts, or whether the intelligence agencies are simply there to manufacture consent for whatever the ruling party has decided to invade next. In the latter case the intelligence on the ground doesn't actually matter, so there's no political pressure to make sure it's done well.
[+] [-] Gustomaximus|7 years ago|reply
From my working life perspective smaller teams of talented people are often more impactful than significantly larger teams. E.g. Large teams create bureaucracy. And 'weak links' become harder to spot and typically allowed to remain.
I know nothing about this area so take my comment as curiosity only, but I wonder what USA gets/achieves for this $50-100bn intelligence budget? And what would they get at a $2bn funded group utilising a much smaller group of the best employees within the existing orgs.
[+] [-] brown9-2|7 years ago|reply
[+] [-] qaq|7 years ago|reply
[+] [-] bsder|7 years ago|reply
[+] [-] onetimemanytime|7 years ago|reply
a hot conflict entirely dependent on satellites and other means of communications. The war can end right after the first shot is fired.
[+] [-] EthanHeilman|7 years ago|reply
[+] [-] nyolfen|7 years ago|reply
https://twitter.com/zachsdorfman/status/1029861843521523712
[+] [-] King-Aaron|7 years ago|reply
[+] [-] 07d046|7 years ago|reply
> According to three of the officials, one was shot in front of his colleagues in the courtyard of a government building — a message to others who might have been working for the C.I.A.
https://www.nytimes.com/2017/05/20/world/asia/china-cia-spie...
[+] [-] dnomad|7 years ago|reply
At some point you would think that journalists would show even a little intelligence, a little competence, a little skepticism.
[1] https://en.wikipedia.org/wiki/Nayirah_testimony
[+] [-] 68c12c16|7 years ago|reply
I think this bears a certain similarity to the rationale of that IRA members assassinated their defectors and French executed their traitors in WWII...
It's just sad to see that certain traditions still remained unchanged with the Chinese government (or more specifically, their communist party) ...but at least we can see how much they hate defectors; and we can find some common root of that in all humanity...
Perhaps things will change when they value human life more, which I think they will do when their individual's economic condition continues to improve...When the existence of an average life makes little difference to a society, statistically, life would be socially regarded as cheap...
--
[1] https://www.nytimes.com/1991/02/03/weekinreview/the-world-15...
[+] [-] _iyig|7 years ago|reply
(The title refers to a quote by Eisenhower, who left the Presidency disappointed at the “legacy of ashes” which was all he felt the CIA accomplished during his tenure.)
[+] [-] olivermarks|7 years ago|reply
I treat any media 'story' about spooks with great suspicion, because it almost almost invariably winds up over time that there are far more layers to the onion than are revealed in these types of exposes.
I wonder what 'The disaster in China has led some officials to conclude that internet-based systems, even ones that employ sophisticated encryption, can never be counted on to shield assets' is going to lead to? Some sort of new infrastructure may even already be in use...
[+] [-] patrickg_zill|7 years ago|reply
[+] [-] jmnicolas|7 years ago|reply
[+] [-] ovi256|7 years ago|reply
The average half-life of an clandestine agent is surprisingly low, and planned for accordingly.
[+] [-] waterbear|7 years ago|reply
Something like that is akin to trusting cheap sheetrock/gypsum board and a couple of molly screws to support the weight of some priceless oil painting in a massive ornamental frame.
To see a priceless thing destroyed, but for want of a proper wall to mount it on is insult to injury.
[+] [-] mywacaday|7 years ago|reply
[+] [-] anonu|7 years ago|reply
In a separate note, I'm not sure technically what the right solution is, but I imagine an encrypted stenographic message on a popular peer to peer internet service would be the best way to avoid detection. ... When the entire web is being monitored.
[+] [-] wowzerz|7 years ago|reply
I think it’s probably better to use a stegosaurus, given their spiked tail, and boney plates, which will scare off any attackers.
Or maybe just safely conclude that casually pondering what might or might not work isn’t good enough, and cannot compare to what’s faced in a real situation, where simply knowing what the word steganography means wouldn’t help either.
[+] [-] evntllyCnsistnt|7 years ago|reply
I also fail to see how a decision like this could be made:
To China? The degree of technical differences between those two regions is so intuitively disparate, that without having been to either, I’d still never estimate that a game plan for one would work in the other.Cell phones make sense in desert territories with good satellite coverage, and attacking, as much as operating those same cell phones makes sense too, in a volatile atmosphere.
Meanwhile, in China, with world class supercomputing facilities operated at scientific research institutions, one can only safely assume that no amount of cryptography or electronic transmission is safe. Not even one-time pads.
Each seems like it’s own game, with it’s own rules. What a mistake to not approach them differently. It’s like trying to steal cars from a suburban driveway at dinner time, versus a city parking garage during rush hour. A car is not simply a thing with wheels, that rolls away as soon as you can hop inside.
[+] [-] matt_s|7 years ago|reply
[+] [-] JabavuAdams|7 years ago|reply
[+] [-] WindowsFon4life|7 years ago|reply
[+] [-] jarym|7 years ago|reply
Yes I say this partly in jest and also partly as a ‘why didn’t they’. BBM Enterprise over a VPN service popular with movie streamers would have actually helped them blend in... digitally speaking.
[+] [-] DownGoat|7 years ago|reply
During WW2/WW1 the British knew when air raids were coming from Germany by recognizing radio traffic patterns, and activity. The radio traffic was encrypted, and they could not understand whatever was sent, but the traffic itself created patterns that alerted them.
[+] [-] bsimpson|7 years ago|reply
Interesting point about blending in, but I suspect they thought they could build a system more secure than the commercial options and/or didn't trust their security in the hands of a third party.
[+] [-] repolfx|7 years ago|reply
[+] [-] AIX2ESXI|7 years ago|reply
[+] [-] 394549|7 years ago|reply
[+] [-] mikec3010|7 years ago|reply
[+] [-] secfirstmd|7 years ago|reply
[+] [-] throwawaymanbot|7 years ago|reply
[deleted]
[+] [-] guest|7 years ago|reply
[deleted]
[+] [-] sanatgersappa|7 years ago|reply
[+] [-] gregshap|7 years ago|reply