The following is from http://www.salon.com/2015/09/26/how_to_explain_the_kgbs_amaz... and describes the way the Russians implemented SELECT * WHERE CIA FROM EMBASSY_EMPLOYEES: "differences in the way agency officers undercover as diplomats were treated from genuine foreign service officers (FSOs). The pay scale at entry was much higher for a CIA officer; after three to four years abroad a genuine FSO could return home, whereas an agency employee could not; real FSOs had to be recruited between the ages of 21 and 31, whereas this did not apply to an agency officer; only real FSOs had to attend the Institute of Foreign Service for three months before entering the service; naturalized Americans could not become FSOs for at least nine years but they could become agency employees; when agency officers returned home, they did not normally appear in State Department listings; should they appear they were classified as research and planning, research and intelligence, consular or chancery for security affairs; unlike FSOs, agency officers could change their place of work for no apparent reason; their published biographies contained obvious gaps; agency officers could be relocated within the country to which they were posted, FSOs were not; agency officers usually had more than one working foreign language; their cover was usually as a “political” or “consular” official (often vice-consul); internal embassy reorganizations usually left agency personnel untouched, whether their rank, their office space or their telephones; their offices were located in restricted zones within the embassy; they would appear on the streets during the working day using public telephone boxes; they would arrange meetings for the evening, out of town, usually around 7.30 p.m. or 8.00 p.m.; and whereas FSOs had to observe strict rules about attending dinner, agency officers could come and go as they pleased." I read the book. When a CIA agent's cover was blown, the CIA had a spare care and apartment and the agent's replacement needed just that, so they tended to reuse the car and apartment. And wondered why the replacement was then identified so quickly.
So. After that long digression, here comes a hypothesis: Organisations that can keep their mistakes secret, can make themselves seem much more capable than other, similarly large organisations.
At the University of Maryland, our network access was through the NSA's "secret" MILNET IMP 57 at Fort Mead. It was pretty obvious that UMD got their network access via NSA, because mimsy.umd.edu had a similar "*.57" IP address as dockmaster, tycho and coins.
Whenever the network went down (which was often), we had to call up a machine room at Fort Mead and ask them to please press the reset button on the box labeled "IMP 57". Sometimes the helpful person who answered the phone had no idea which box I meant, so I had describe to him which box to reset over the phone. ("Nope, that didn't work. Try the other one!" ;) They were even generous enough to issue us (CS department systems staff and undergrad students) our own MILNET TACACS card.
On mimsy, you could get a list of NSA employees by typing "grep contact /etc/passwd", because each of their courtesy accounts had "network contact" in the gecos field.
Before they rolled out TACACS cards, anyone could dial up an IMP and log in without a password, and connect to any host they wanted to, without even having to murder anyone like on TV:
My understanding is that official cover is more a matter of politeness than secrecy. An embassy employee is obviously a foreign agent in some capacity. The real game is preventing the host country from discovering links between official-cover and non-official-cover agents, since the latter group’s affiliation is actually secret.
> The CIA does appear to have lucked out when it comes to Russia. The Intelligence Agency ring fences its Russian activities and the report states that intel chiefs were quick to harden up its Russian communications channel at the first sign of trouble.
Your post makes a lot of sense for that above line in the article. Maybe Russia would rather keep tabs on them as known-people rather than murder them. China seemed to have taken it personally, which is ironic given their vast purported corporate espionage spy networks.
Totally true. That Fogle guy was standing out like a white crow among the rest of the "geriatric ward" that US embassy in Russia was.
Moreover, to a Russia person, it would be totally unbelievable that such pipsqueak could get to the position of a "third secretary" of anything in his short, only 5 years long career.
Although I personally don't find this type of humour funny
I can understand why beginners use it. However, if you are going to use it, please make an effort and get it right. In your attempt to showing off, you're just showing you don't know basic SQL.
The question is, why did they need an informal communication channel? What made this easy, and why was using a correct channel considered too difficult? Maybe Edward Tufte will write about this someday, as this might be another example where user interface design ended up having a big impact on world history (Tufte has written about John Snow using a clever map to end the cholera epidemic in London in 1853 and the Challenger shuttle disaster of 1986, the launch being allowed partly because the engineers from Thiokol were not able to present their information in a comprehensible way).
The article says:
"But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels. "It was never meant to be used long term for people to talk to sources," the report quotes one official as saying."
So why did it last so long? What did it offer that the more official channels did not? What kept the agency from developing technology that might have allowed better protected communication channels that might have also been easy to use?
Protected communication is not a sideline for the CIA, it is the core competency. This is something the CIA is supposed to be good at.
I always fight temporary solutions because there is a perception that one does not need to be as rigorous with temporary solutions. Then there is no sense of urgency for a replacement because this one works, it becomes a "technical debt", a "nice to have", and never gets fixed. In some cases, lack of rigour is the one functionality everybody loves that cannot be removed (security vs convenience).
> The question is, why did they need an informal communication channel? What made this easy, and why was using a correct channel considered too difficult?
My understanding is that this channel was used for "un-vetted" sources, which I take to mean sources the CIA didn't yet fully trust with their main communications systems. I'm sure they're constantly approached by double-agents looking for information about how they communicate with their sources, so they need more "throwaway" systems for people who potentially could be double agents to use.
A Greek saying goes: Ουδέν μονιμότερον του προσωρινού. (There is nothing more permanent than the temporary)
I keep thinking about it when building out information system architectures, especially ones that interface with end users. Bad design is metastatic and unbelievably hard to get out of. Whatever the cost of reversing a bad design decision you have in mind, 10x it and you still might not be truly there.
>So why did it last so long? What did it offer that the more official channels did not? What kept the agency from developing technology that might have allowed better protected communication channels that might have also been easy to use?
It hadn't been broken, so why bother? Sure one of our employees is telling us that it's dangerously insecure, but if its so bad why hasn't it been compromised?
And this is eight years after the largest HIPAA violation ever (at the time) at NY Presbyterian suffered because a physician programmer was allowed to take down a firewall and Google started indexing patient records.
https://www.businessinsider.com/new-york-presbyterian-columb...
I always like to think of the counter case, but note, this is pure speculation. Could the CIA have planted a fake insecure communications system in order to execute key players in Iran's nuclear program? It would be a force-amplifying move. Instead of having 15 spies, you could have 1 (the double agent in this case) who reveals the fake communications network, that in turn takes numerous other players off the board.
It’s easy to target poor security as the culprit, but it seems another root cause is such bad UX of official, secure communication channels that drove these agents to chat in this alternative, vulnerable system.
Just as a river follows the path of least resistance, so too will users follow the best UX software. Bad UX kills.
UX can't provide security. It can only provide better UX.
Security is a spectrum from convienent/useful to secure. They are mutually exclusive characteristics.
Perfect UX won't remove inconvience of having to preaarange deliver of one time pads, biometric twofactor auth, waiting out of band confirmation of your identity, etc.
All of those can have horrible UX on top of the inconvienence. But even with perfect UX they will never be frtionless as being able to use any device, on any network, using any app/OS, to post on a useless/passwordless site.
So, security is intrinsically difficult for an organization to get right, because the learning landscape is not continuous. You don't have gradually increasing costs from going in a particular direction; you have apparently zero costs, maybe even rewards, from going in that direction until suddenly OMFG WE HAVE A PROBLEM! This is hard for any machine learning algorithm to deal with, and it is hard for individuals to deal with, and so no surprise that it is hard for organizations to deal with. Lax security, in most cases, yields zero apparent costs until suddenly it is very expensive.
All of which is outweighed by the fact that dealing with this kind of thing is the CIA's reason for existence as a separate intelligence agency, outside of the military (since Pearl Harbor). I am not at all convinced that we would be doing worse to fold intelligence back into the military as it was pre-WWII, because having a culture that understands this kind of problem is the CIA's whole purpose for being separate, and it doesn't seem to have worked.
This incident is now used to as part of a collective PR case for military action in Iran.
Earlier articles [0] on this CIA failure points to China breaking the network. Which is odd now that it’s used to make the case against Iran.
Bit of a mis-leading headline considering the article states:
"After a double agent showed Iran's government one of the sites, they were then able to use Google to identify other sites the intel agency was using and began to intercept communications."
One of my favorite pastime activities: googling for certain unsecured automation systems and messing around with them. They can be found with zero false positive rate thanks to an obvious misspelling on the login page. There's no need to resort to inurl, intitle and similar modifiers that trigger the captcha almost every time.
Basically, an internal mole leaked the network, which the Chinese then exploited to roll up the agents. It's not like China just stumbled upon it, they were tipped off. While the nature of the platform didn't help, the roll up was caused by a double agent.
I've always thought that the CIA was completely incompetent, but I've never seen more conclusive evidence than this. I've never worked with anyone so flippant about security, but no one should ever expose secrets without proper auth. I won't even expose user address without cert or password auth. It just goes to show you that the old adage is true: if you are a completent programmer you don't end up in government.
> But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels.
there are couple things come to mind in that context - that story of Iran MITM-ing HTTPS using a small CA they either hacked and/or acquired and Siemens spying software/hardware at Iran's telcos.
> A defense contractor for the CIA named John Reidy claims he warned the agency that it was using insecure communications systems in 2008, and again in 2010 when he started to suspect the channels had been cracked. A year later he was fired by the agency, a move he claims was retaliation for not shutting up.
strongbox.gov is needed to protect people with brains from being strong-armed by management without brains:
They made websites for fake companies offering job and visa opportunities. People would reply and end up recruited. I'm not sure how exactly they used it for further communication though.
[+] [-] Arnt|7 years ago|reply
The following is from http://www.salon.com/2015/09/26/how_to_explain_the_kgbs_amaz... and describes the way the Russians implemented SELECT * WHERE CIA FROM EMBASSY_EMPLOYEES: "differences in the way agency officers undercover as diplomats were treated from genuine foreign service officers (FSOs). The pay scale at entry was much higher for a CIA officer; after three to four years abroad a genuine FSO could return home, whereas an agency employee could not; real FSOs had to be recruited between the ages of 21 and 31, whereas this did not apply to an agency officer; only real FSOs had to attend the Institute of Foreign Service for three months before entering the service; naturalized Americans could not become FSOs for at least nine years but they could become agency employees; when agency officers returned home, they did not normally appear in State Department listings; should they appear they were classified as research and planning, research and intelligence, consular or chancery for security affairs; unlike FSOs, agency officers could change their place of work for no apparent reason; their published biographies contained obvious gaps; agency officers could be relocated within the country to which they were posted, FSOs were not; agency officers usually had more than one working foreign language; their cover was usually as a “political” or “consular” official (often vice-consul); internal embassy reorganizations usually left agency personnel untouched, whether their rank, their office space or their telephones; their offices were located in restricted zones within the embassy; they would appear on the streets during the working day using public telephone boxes; they would arrange meetings for the evening, out of town, usually around 7.30 p.m. or 8.00 p.m.; and whereas FSOs had to observe strict rules about attending dinner, agency officers could come and go as they pleased." I read the book. When a CIA agent's cover was blown, the CIA had a spare care and apartment and the agent's replacement needed just that, so they tended to reuse the car and apartment. And wondered why the replacement was then identified so quickly.
So. After that long digression, here comes a hypothesis: Organisations that can keep their mistakes secret, can make themselves seem much more capable than other, similarly large organisations.
[+] [-] DonHopkins|7 years ago|reply
https://emaillab.jp/dns/hosts/
https://multicians.org/site-dockmaster.htmlWhenever the network went down (which was often), we had to call up a machine room at Fort Mead and ask them to please press the reset button on the box labeled "IMP 57". Sometimes the helpful person who answered the phone had no idea which box I meant, so I had describe to him which box to reset over the phone. ("Nope, that didn't work. Try the other one!" ;) They were even generous enough to issue us (CS department systems staff and undergrad students) our own MILNET TACACS card.
On mimsy, you could get a list of NSA employees by typing "grep contact /etc/passwd", because each of their courtesy accounts had "network contact" in the gecos field.
Before they rolled out TACACS cards, anyone could dial up an IMP and log in without a password, and connect to any host they wanted to, without even having to murder anyone like on TV:
https://www.youtube.com/watch?v=hVth6T3gMa0
[+] [-] closeparen|7 years ago|reply
[+] [-] AlexCoventry|7 years ago|reply
And also much slower to learn from their mistakes. The history of the CIA is pretty depressing, in this regard.
https://en.wikipedia.org/wiki/Legacy_of_Ashes_(book)
[+] [-] dev_dull|7 years ago|reply
Your post makes a lot of sense for that above line in the article. Maybe Russia would rather keep tabs on them as known-people rather than murder them. China seemed to have taken it personally, which is ironic given their vast purported corporate espionage spy networks.
[+] [-] EliRivers|7 years ago|reply
[+] [-] std_throwawayay|7 years ago|reply
[+] [-] baybal2|7 years ago|reply
Moreover, to a Russia person, it would be totally unbelievable that such pipsqueak could get to the position of a "third secretary" of anything in his short, only 5 years long career.
[+] [-] fit2rule|7 years ago|reply
Organizations gain only corruption through secrecy. Fix the reason for having to keep a secret, and you build a strong organization.
[+] [-] nyolfen|7 years ago|reply
[+] [-] aaron695|7 years ago|reply
[deleted]
[+] [-] stevew20|7 years ago|reply
[deleted]
[+] [-] commandlinefan|7 years ago|reply
ftfy
[+] [-] dorfsmay|7 years ago|reply
Although I personally don't find this type of humour funny I can understand why beginners use it. However, if you are going to use it, please make an effort and get it right. In your attempt to showing off, you're just showing you don't know basic SQL.
[+] [-] lkrubner|7 years ago|reply
The article says:
"But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels. "It was never meant to be used long term for people to talk to sources," the report quotes one official as saying."
So why did it last so long? What did it offer that the more official channels did not? What kept the agency from developing technology that might have allowed better protected communication channels that might have also been easy to use?
Protected communication is not a sideline for the CIA, it is the core competency. This is something the CIA is supposed to be good at.
[+] [-] dorfsmay|7 years ago|reply
"It's temporary unless it works" - Red Green.
I always fight temporary solutions because there is a perception that one does not need to be as rigorous with temporary solutions. Then there is no sense of urgency for a replacement because this one works, it becomes a "technical debt", a "nice to have", and never gets fixed. In some cases, lack of rigour is the one functionality everybody loves that cannot be removed (security vs convenience).
https://en.wikipedia.org/wiki/The_Red_Green_Show#Red_Green
https://www.youtube.com/watch?v=pY7nx5Z6Kzo&t=3m41s
[+] [-] ardy42|7 years ago|reply
My understanding is that this channel was used for "un-vetted" sources, which I take to mean sources the CIA didn't yet fully trust with their main communications systems. I'm sure they're constantly approached by double-agents looking for information about how they communicate with their sources, so they need more "throwaway" systems for people who potentially could be double agents to use.
The original reporting is better than this Register summary: https://www.yahoo.com/news/cias-communications-suffered-cata.... I think Ars Technica had a better summary: https://arstechnica.com/tech-policy/2018/11/how-did-iran-fin....
[+] [-] alexandros|7 years ago|reply
I keep thinking about it when building out information system architectures, especially ones that interface with end users. Bad design is metastatic and unbelievably hard to get out of. Whatever the cost of reversing a bad design decision you have in mind, 10x it and you still might not be truly there.
[+] [-] boomboomsubban|7 years ago|reply
It hadn't been broken, so why bother? Sure one of our employees is telling us that it's dangerously insecure, but if its so bad why hasn't it been compromised?
[+] [-] spdionis|7 years ago|reply
[+] [-] strictnein|7 years ago|reply
https://www.yahoo.com/news/cias-communications-suffered-cata...
[+] [-] Guereric|7 years ago|reply
[+] [-] ummonk|7 years ago|reply
[+] [-] robterrin|7 years ago|reply
[+] [-] TACIXAT|7 years ago|reply
[+] [-] joe_the_user|7 years ago|reply
So in this case, no.
I assume Iran would be careful if they saw a variety of loyal and crucial players implicated.
[+] [-] ryanmarsh|7 years ago|reply
[deleted]
[+] [-] seancoleman|7 years ago|reply
Just as a river follows the path of least resistance, so too will users follow the best UX software. Bad UX kills.
[+] [-] njharman|7 years ago|reply
Security is a spectrum from convienent/useful to secure. They are mutually exclusive characteristics.
Perfect UX won't remove inconvience of having to preaarange deliver of one time pads, biometric twofactor auth, waiting out of band confirmation of your identity, etc.
All of those can have horrible UX on top of the inconvienence. But even with perfect UX they will never be frtionless as being able to use any device, on any network, using any app/OS, to post on a useless/passwordless site.
[+] [-] rossdavidh|7 years ago|reply
All of which is outweighed by the fact that dealing with this kind of thing is the CIA's reason for existence as a separate intelligence agency, outside of the military (since Pearl Harbor). I am not at all convinced that we would be doing worse to fold intelligence back into the military as it was pre-WWII, because having a culture that understands this kind of problem is the CIA's whole purpose for being separate, and it doesn't seem to have worked.
[+] [-] salimmadjd|7 years ago|reply
[0] https://foreignpolicy.com/2018/08/15/botched-cia-communicati...
[+] [-] jamisteven|7 years ago|reply
[+] [-] anilakar|7 years ago|reply
[+] [-] jorblumesea|7 years ago|reply
Basically, an internal mole leaked the network, which the Chinese then exploited to roll up the agents. It's not like China just stumbled upon it, they were tipped off. While the nature of the platform didn't help, the roll up was caused by a double agent.
[+] [-] partiallypro|7 years ago|reply
[+] [-] jxcole|7 years ago|reply
[+] [-] awaisraad|7 years ago|reply
https://tribune.com.pk/story/1756290/1-pakistan-regional-spy...
I guess this meeting had something to do with all of this.
[+] [-] boomboomsubban|7 years ago|reply
[+] [-] charlysl|7 years ago|reply
[+] [-] blattimwind|7 years ago|reply
No, doing this is:
> But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels.
[+] [-] lordgrenville|7 years ago|reply
[+] [-] meowface|7 years ago|reply
[+] [-] trhway|7 years ago|reply
[+] [-] platz|7 years ago|reply
Some code never dies
[+] [-] cyphunk|7 years ago|reply
strongbox.gov is needed to protect people with brains from being strong-armed by management without brains:
https://medium.com/@cyphunk/the-nature-of-conflict-is-changi...
[+] [-] aeriklawson|7 years ago|reply
[+] [-] drakenot|7 years ago|reply
[+] [-] boomboomsubban|7 years ago|reply