back to article 30 spies dead after Iran cracked CIA comms network with, er, Google search – new claim

Iran apparently infiltrated the communications network of CIA agents who allowed their secret websites, used to exchange messages with informants, to be crawled by Google. A report from Yahoo! News this week claims that a 2009 breach of the US spy bods' communications channels came after the Iranian government infiltrated a …

  1. ma1010 Silver badge
    Alert

    You're FIRED!

    Of course Reid was fired. He realized the bosses were doing something stupid and told them they shouldn't do what they were doing.

    Worst of all for him, events proved he was absolutely RIGHT while they were wrong, which is one totally unforgivable sin to a PHB. He simply had to be punished.

    1. Anonymous Coward
      Anonymous Coward

      Re: You're FIRED!

      Welcome to the world of the higher echelons on the civil service "Old Boys Club", to enter, just follow the rules:

      1) Don't say anything unless asked

      2) When asked, just agree

      3) Problems are not to be tackled, that is the purpose of long grass

      4) When problems get identified, close ranks

      5) When something goes wrong, blame the lower ranks or dissenters

    2. Drs. Andor Demarteau (ShamrockInfoSec)

      Re: You're FIRED!

      Typical for security people :(

      1. Anonymous Coward
        Anonymous Coward

        Re: You're FIRED!

        > Typical for security people :(

        Sure? I thought suicide by multiple gun shots to the head was the norm.

        1. Mark 65 Silver badge

          Re: You're FIRED!

          Sure? I thought suicide by multiple gun shots to the head was the norm.

          Is that before or after you've locked yourself in a holdall?

    3. The Man Who Fell To Earth Silver badge
      FAIL

      Re: You're FIRED!

      It's all moot at this point, as Trump refuses to stop making sensitive calls on his ancient unsecured cell phone. Every intelligence agency on the planet worth it's salt can monitor it.

    4. Tree
      Thumb Down

      Re: You're FIRED!

      If John Brennan did not prove the lack of intelligence at "the agency" this certainly provides proof. These government people are idiots and think they can do no wrong.

  2. Jemma Silver badge

    Kim Philby

    Is sitting somewhere on the astral plane with a nice G & T...

    pissing himself laughing... along with Burgess, Maclean, Blunt & company.

    while certain members of the CIA will be sweating like J.Edgar Hoover trying to squeeze into a new girdle...

    It's another case of the wasp & the stinging nettle.

    In other news.. is it just me or does American foreign policy seem recently like it was borrowed from episodes of Futurama?

    1. Yet Another Anonymous coward Silver badge

      Re: Kim Philby

      >does American foreign policy seem recently like it was borrowed from episodes of Futurama

      Traditionally it was somewhere between The Simpsons and The Flintstones

      1. Rich 11 Silver badge

        Re: Kim Philby

        More like Wacky Races on acid.

    2. h4rm0ny

      Re: Kim Philby

      >>In other news.. is it just me or does American foreign policy seem recently like it was borrowed from episodes of Futurama?

      Well Trump hasn't:

      1/ Funded ISIS and Al-Nusra as Obama did (proven and admitted before you click downvote).

      2/ Campaigned for and achieved the bombing and destruction of Libya as Hilary Clinton did (see above).

      3/ Is actually willing to engage in dialogue with Russia.

      4/ Has managed to bring North and South Korea to the negotiating table for the first time in forever. (credited to Trump by many, including SK's Foreign Minister).

      So to answer the question? Honestly, US Foreign policy is a step up from where it was, imo.

      1. PhilDin

        Re: Kim Philby

        Fair enough, no downvote but Obama funding ISIS sounds like a bold claim, anything reputable you can reference on that?

      2. Anonymous Coward
        Anonymous Coward

        Re: Kim Philby

        >(proven and admitted before you click downvote)

        You must be new around here.

  3. Jim Mitchell

    How long has Goggle supported boolean operators ?

    Not to belittle the actual issue here, but I thought Google search didn't support boolean operators? Apparently it does. Memories of AltaVista...

    1. Mark 85 Silver badge

      Re: How long has Goggle supported boolean operators ?

      They still have advanced search (https://www.google.com/advanced_search) even though it's not showing on the menu(s). Boolean still works also even though there's no trace that I can find on the search page. They used to have those options via links on the front page and dropdown menu.

      I guess they don't want people using those features to filter out the ads.

    2. John Presland

      Re: How long has Goggle supported boolean operators ?

      "a b" = a AND b, "a -b" = a NOT b, "a or b" (or its equivalent in another language, e.g. Polish "a lub b", Spanish "a o b") = a OR b.

      1. DropBear Silver badge

        Re: How long has Goggle supported boolean operators ?

        Actually, not quite (quotes below mean literal quotes typed):

        a b = a OR b OR any combination of any words vaguely related to either a or b

        "a" b = a and hopefully also something resembling b, but could just as well be just a.

        "a" "b" = a AND b

        "a b" = literal expression a b, in that exact order

  4. Michael Hoffmann
    Facepalm

    Quote: "This, Yahoo! says (citing agency officials), culminated in a 2012 incident in China where 30 agents working for the US were caught and executed.

    The CIA does appear to have lucked out when it comes to Russia. The Intelligence Agency ring fences its Russian activities and the report states that intel chiefs were quick to harden up its Russian communications channel at the first sign of trouble."

    /headdesk

    Because for the CIA the Cold War never ended and there is still a Soviet Union bugaboo - instead of China. But hey, they already own all manufacturing, the tech bigwigs catch a cold when China sneezes, so I guess they recognised that that horse has bolted.

    1. Phlogistan

      Who Watches The Watchmen...

      The CIA has never really been a friend to the Republic. They pretend they are out to hobble and confound the enemies of the United States. In practice they have always spent far too much effort on disinformation and psyops aimed inward towards the citizenry.

      Now they along with the rest of the THREE LETTER POWERS are too big to fail and only interested in protecting their turf.

      Pournelles Iron Law writ large.

    2. Uncle Ron

      Of Course...

      "Because for the CIA the Cold War never ended..." The Cold War didn't end and will never end because there is no international law. The United Nations is impotent and almost irrelevant. It only exists because there is a non-zero chance--just barely--that when people talk, there is less chance of war. And miscalculation is just a tiny bit lessened. That's it. There has always been and will always be a Cold War between and among all nations--not just the "west" and the Ruskies. Countries will always act in their own interests, even to the extent that they cooperate. And always act to protect their god-almighty "sovereignty." So don't blame or insult the CIA because it spies on everybody--even our friends. Reprehensible, unjust, and immoral things are done by all nations against all other nations, because, well, they can. But you -can- blame and insult the CIA for being inept, lazy and overfed. And -very- self-protective. Even at the expense of our own interests. IMHO, we are definitely not getting our money's worth out of them. Nations are not accountable to each other, and the CIA is not accountable to anyone. Congress?? Hahahahaha. ROTFL.

      1. Stevie Silver badge

        Re: Of Course...

        Well said, I think, but for the love of Mrs Hill, fourth year English teacher at St John Backsides comprehensive, PARAGRAPHS, man!

    3. Anonymous Coward
      Anonymous Coward

      >/headdesk

      >Because for the CIA the Cold War never ended

      My guess is that you are right: the Russian department is headed by old hands who will react instinctively if there is a shadow of a problem. Or "if there is a doubt then there is no doubt" as the cliche goes. The China desk is probably headed by young whippersnappers with a more "modern" view.

      I guess some desks will be reorganised pretty quickly now, as no door is closed faster than after the horse has bolted.

  5. Stuart Halliday

    Oh didn't we love 10 years ago looking for password files using Google Search from stupid Admins leaving root drives searchable from the Internet.

    Seems we've learned nothing and this time people are getting killed....

  6. The Nazz Silver badge

    Hmmmm, 2008, 2010 and 2012

    I may be wrong but don't all these dates fall within the period where the Commander-In-Chief was Obama? Someone who, it appears to me, was elected on the promise of change.

    Did he actually ever change anything for the better?

    1. Rol Silver badge

      Re: Hmmmm, 2008, 2010 and 2012

      Too right!

      We had our headmaster drummed out of his job, because one of our text books had a typo error.

      He deserved shooting, but the parents settled for tar and feathering, and was unceremoniously dumped on the parish boundary after a good kicking.

      He tried bleating something about not having any influence with Penguin Books, but the parents were having none of it.

    2. DougS Silver badge
      FAIL

      Re: Hmmmm, 2008, 2010 and 2012

      Should have known someone would try to make this political.

      And that someone dumb enough to do that would also be dumb enough to not realize that the year 2008 was when Bush Jr. was in office. Obama didn't become president until January 2009.

      Since the guy never claimed his reports reached cabinet level, let alone got the president's ear, I don't see how you can directly blame either Obama or Bush. This is down to pencil pushers at the CIA who like all pencil pushers don't like hearing that something being done under their purview is dangerous and wrong, and REALLY don't like hearing "I told you so" when the warnings are eventually proven accurate.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hmmmm, 2008, 2010 and 2012

        > I don't see how you can directly blame either Obama or Bush

        You can delegate the job. A leader, however, cannot delegate the responsibility.

    3. Wolfclaw Silver badge

      Re: Hmmmm, 2008, 2010 and 2012

      Changed his underwear and skin colour to political establishment white !

    4. h4rm0ny

      Re: Hmmmm, 2008, 2010 and 2012

      >>"Did he actually ever change anything for the better?"

      Well, he managed to spend around $10bn on an healthcare website which didn't work, so he made things better for somebody.

  7. Christoph Silver badge

    Those people risked their lives to help the USA, and the USA blew their cover and got them killed through sheer bloody incompetence, and managers covering their own arses rather than doing their job and protecting their people.

    You do not do that in intelligence work. At all costs you do NOT jeopardise your people. This is unbelievably bad.

    1. Anonymous Coward
      Anonymous Coward

      @Christoph

      You mean those traitors who risked their lives. This is how Americans would call American citizens risking their lives to help other countries.

      1. Anonymous Coward
        Anonymous Coward

        Re: @Christoph

        Indeed.

        In WW2 parlance they're called collaborators.

        No different from Afghans working for the US.

        1. Anomalous Cowshed

          Collaborators

          The worst place for this is France.

          In that country, if you want to have a salaried employment, you have no choice but to be a "collaborateur"!

    2. Anonymous Coward
      Anonymous Coward

      @Christoph

      "You do not do that in intelligence work. At all costs you do NOT jeopardise your people."

      That's exactly what they do, which is why no one has been held to account for it.

      And the messenger was "shot".

      Entirely self interest.

    3. Jemma Silver badge

      Re: You do NOT jeopardise the safety of your people...

      Have you read any of the history of the CIA, MI5, MI6, NKVD, KGB, FSB? Are you actually saying that with a straight face?

      The only thing that intelligence agencies have ever managed to do on a regular basis is cock up and get agents killed. KGB - accidentally uses one time pads twice - agents get caught (including Maclean & Fuchs). CIA we'd need all week for their monumental cock ups. MI6 is a perfect description for British intelligence because it has their collective IQ in the name, 6. The entire security vetting process for a dapper gent by the name of Harold Adrian Russell Philby (better known as "Kim") was "don't worry I know his dad" (who himself was a cross between Delboy Trotter & Lucky Luciano). The MIs and the foreign office between them managed to recruit virtually every single communist university student in the entire country by accident and then wondered why there were so many Russian spies floating around...

      You honestly couldn't make it up - and even Hollywood would laugh in your face if you told them the truth.

      1. Antron Argaiv Silver badge
        Thumb Up

        Re: You do NOT jeopardise the safety of your people...

        Those who do not remember the past are doomed to repeat it.

        ...or something like that. The Old Guard has retired, the Young Turks are now in charge. And there's nothing they don't know, because...The Internet.

        Sad.

    4. a handle

      "You do not do that in intelligence work. At all costs you do NOT jeopardise your people. This is unbelievably bad."

      That is a naive comment. Watch "panorama ira 2017". In war or "internal security" even your own agents are knowingly expendable - for the greater good? It's not about being fair, it is much uglier than many realise. I'll avoid becoming an agent.

  8. Anonymous Coward
    Big Brother

    Commander-In-Chief to blame

    That only applies if you think Obama is actually in charge. He was kept busy fending off minor scandals thought-up by the deep state. The real power lies elsewhere. The political system in the US has been hijacked by a modern day praetorian guard who think they know how to run things better then the politicians.

    1. Mark 85 Silver badge

      Re: Commander-In-Chief to blame

      The political system in the US has been hijacked by a modern day praetorian guard who think they know how to run things better then the politicians

      I'm not sure about the political system being owned by them, but since the politicians are self-absorbed by politics and self interest, there was a vacuum created in the power structure. Since nature abhors a vacuum, the three-letter agencies have been sucked into the job. This good for them as it ensures budget and minimal oversight.

      1. Chris G Silver badge

        Re: Commander-In-Chief to blame

        It may help to wonder where the $3.7 billion spent on 'lobbying' in the US last year was actually spent,

        and that's only the official reckoning.

        1. DougS Silver badge

          Re: Commander-In-Chief to blame

          You do realize that Obama was not president for a single day in 2008, when this was first reported, right?

    2. Uffish
      Alien

      Re: Eminence Grise

      Eisenhower said it was the Military Industrial Complex, now its just the NSA, soon it will be Facebook.

      1. Version 1.0 Silver badge

        Re: soon it will be Facebook

        Took many letters to be Facebook yet, they have to follow the KFC route and become a 3 letter agency first.

        1. anonymous boring coward Silver badge

          Re: soon it will be Facebook

          FaceBook Intelligence: FBI?

    3. veti Silver badge

      Re: Commander-In-Chief to blame

      The political system in the US has been hijacked by a modern day praetorian guard who think they know how to run things better then the politicians.

      I don't think there's much doubt about it - they do know how to run things better than the politicians.

      The problem is that this leaves out the important question: "better for what exactly?" That's what politicians are supposed to decide, but instead they spend their time trying to micromanage, mostly in the hope of scoring points off each other.

      If politicians would stick to their jobs and let the intelligencers do theirs, then the system would have a chance to work. But until then, expect this pointless power struggle to continue.

  9. Nick Kew Silver badge

    Stuxnet

    How about a timeline correlating this to Stuxnet? That might give some indication of who was waging (and winning) war on whom at the time.

  10. cantankerous swineherd Silver badge

    oxymoronic

    "secret website" - should have made the appropriate incantations to robots.txt obv.

    1. Anonymous Coward
      Anonymous Coward

      Re: oxymoronic

      While I'm scared you maybe right, I would speculate it maybe a little more complex than that but "dumbed down" for the media.

      - it was going on for a number of years (2009-2012)

      - this was found after one agent revealed a site to Iranian authorities.

      - Iran and China (who try and monitor all web content) found agents while Russia did not in spite of the extended time line. How big a part did country level Internet monitoring play versus "google search"? i.e. how much of this was pattern matching at a state-level proxy rather than Google-level web scraping as the difference in man-in-the-middle threat profiles against a site is significant.

      - given the large scale compromise of agents, why was it not shut down sooner? Again this leads me to suspect state-level Internet monitoring allowing a state to recognise patterns rather than making the same web site mistakes over the course of 3+ years not realising Google was the issue as it would suggest no maintenance/security monitoring/security testing and evading Russian/other countries detection by luck.

      1. anonymous boring coward Silver badge

        Re: oxymoronic

        " given the large scale compromise of agents, why was it not shut down sooner?"

        Presumably they gathered intelligence for a long time without acting on it. That's what I would do in their shoes.

    2. LDS Silver badge

      Re: oxymoronic

      Fending off spiders is a little more difficult than that. Once again, the Internet was built for a club of gentlemen, not a jungle of thugs. If you have a website, give a look to what crawls it.

      There's a chance they used apparently innocuous-looking sites, where people knowing what to look for could use to exchange messages - hence the need of using "advanced" searches to found out the relevant data.

      A hard remainder about how some corporations became nosy to sustain their business...

    3. Mark 85 Silver badge

      Re: oxymoronic

      But... robots.txt can be ignored and most likely is ignored by Google. Profits over privacy, etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: oxymoronic

        "But... robots.txt can be ignored and most likely is ignored by Google. Profits over privacy, etc."

        Check your web server logs to see rather than speculating maybe?

      2. Version 1.0 Silver badge

        Re: oxymoronic

        But robots.txt is actually a pointer to the placed to look.

        1. Is It Me

          Re: oxymoronic

          Then you just leave it as disallow: /

          it blocks indexing the site at all, and leaves no pointers about where to look

          Either that or use so many levels that are blocked higher up that the pointer about where to look isn't helpful.

    4. Tree
      Pirate

      Re: oxymoronic

      Another proof that GURGLE is evil, but the Iranian regime is moreso. Similarly chant "Death to America."

  11. IceC0ld Bronze badge

    Needs an acronym here, maybe we could reuse TITSUP :o) seems to be popular to keep using well past the use by date :oP

    Total Inability To Secure Unlevel Playing fields ....................

  12. vtcodger Silver badge

    Can this work?

    The CIA can't secure it's communications. What do you think the chances are that merchants you give your credit card and other personal information to can/will keep the information secret?

    Maybe we need to rethink this eCommerce thing.

    1. rmason Silver badge

      Re: Can this work?

      As shown by this whole magecart thing, and all the issues of the past, the only thing granting any level of relative safety with online shopping is the sheer number of targets,

      *You* (we, me etc) have only not been "had" yet because we are hidden in the crowd. Security by obscurity etc.

      Someone at work recently had an account drained via lots of small (sub £30 mobile phone top up cards). Queue lots of guffawing and asking what they did online. The truth is probably just being unlucky that day, despite all the assumptions that they must have done something monumentally stupid on t'internet..

      1. ibmalone Silver badge

        Re: Can this work?

        Someone at work recently had an account drained via lots of small (sub £30 mobile phone top up cards)

        A friend with a company issued card told me about an intriguing problem they had a while back. Card was issued by the company, but they were expected to pay bills. At some point they noticed very small transactions, think we're talking cents here, going through. No choice but to pay this off, but reported to employer. My hazy recollection of the ensuing tale: Employer, "It's nothing to do with us." Credit card company, "Card belongs to employer, not you, they'd need to talk to us". Payments were to a phone company account, phone company of course refused to provide any details of the account being paid to and claimed they couldn't stop accepting the payments. Think the resolution was to go back to the employer and say either sort this out or I wont hold this card any more. Nice trick, seems nobody is willing to try to hunt down whoever is grabbing small sums every so often, but multiply it by the number of credit cards in a large company and it adds up.

  13. Sorry that handle is already taken. Silver badge

    the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel

    There's nothing as permanent as a temporary fix.

    1. A.P. Veening

      Temporary

      "There's nothing as permanent as a temporary fix."

      Except for a temporary tax hike.

    2. localzuk

      Britain knows this one well... *looks at the 50 year old "temporary classroom" at his school*

      1. rmason Silver badge

        @Localzuk

        Hah! Spot on. My daughter now attends the same junior school I went to, complete with the "temporary" porta-cabins that went up in the late 80s/early 90's.

        Still there, still in use as classrooms. They were put up as a temporary measure while I attended, to allow the decoration/refit of another area.

        1. anonymous boring coward Silver badge

          "Still there, still in use as classrooms. They were put up as a temporary measure while I attended, to allow the decoration/refit of another area."

          Which is why I have so much confidence in the politicians. I'm sure Brexit will be a resounding success... If we can only push through the initial famine.

  14. Anonymous Coward
    Anonymous Coward

    We can look at it as "30 Traitors Executed after Counter-Intelligence Operation". After all, Iran would regard these "assets" as traitors to their state. When Aldrich Ames, Robert Hansen and Edward Snowden are mentioned by their government they are called traitors. And is execution really worse than being kept in solitary confinement for the rest of your days? 23 hours in a cell and 1 hour "exercise" by yourself.

  15. _LC_
    Facepalm

    Now why would they do that???

    It's not like the USA (and the CIA in particular) ever did anything bad to Iran - or did they? ;-)

  16. Anonymous Coward
    Anonymous Coward

    Karma?

    Considering the CIA has had a hand in a lot of shit that has gone on around the world over the past 60 years or so and are indirectly responsible for the deaths of tens or even hundreds of thousands of people, I think they got off lightly.

    1. Spazturtle Silver badge

      Re: Karma?

      Do you tell your friends and family that you support ISIS and Al-Qaeda? Or do you just post stupid things on the internet to sound edgy?

      I'm sure it makes you feel good to know that some poor Iraqis who gave information regarding ISIS movements near their villages to America got killed.

      1. Alien8n Silver badge

        Re: Karma?

        Actually the CIA can be directly linked to plenty of deaths. As can the British Government.

        Look at the CIA led coup of Indonesia that led to Suharto gaining power. The CIA gave the names of Communist sympathisers in Indonesia to Suharto which led to one of the biggest mass murders on the last century. Estimates are 500,000 people were killed in the purge, and the CIA was directly responsible for every death as they provided the names of every single one of them to Suharto's government. The British government, along with the US, collaborated with Indonesia when they invaded East Timor in 1975, even providing navy escort ships to the Indonesian government for transporting prisoners to their deaths. 100,000 East Timorese died from starvation and disease as a direct result of Indonesia's invasion, fully supported by both the British and US governments.

      2. _LC_
        Thumb Down

        Re: Karma?

        Actually, it was the US giving weapons to Al-Qaeda in Syria:

        https://www.mondialisation.ca/syrian-al-qaeda-commander-us-forces-are-arming-us-in-syria-the-americans-are-on-our-side-us-state-dept-we-would-never-provide-nusra-with-assistance/5548552

        [Syrian Al-Qaeda Commander: US Forces Are Arming Us in Syria]

        There are really numerous sources on this. Initially the US argued that their weapons ended up in the hands of Al-Qaeda 'by mistake'. Then, those 'mistakes' kept repeating. By now, it's rather clear that they kept furnishing/furnish the worst of islamists with weapons - and so does Saudi Arabia, btw.

      3. Anonymous Coward
        Anonymous Coward

        Re: Karma?

        @Spazturtle - Posting something which can easily be backed up with even a rudimentary search of the Internet along with a perfectly valid opinion is not stupid.

        However, posting a dumb and crass response to it tinged with very poor sarcasm is.

        1. Spazturtle Silver badge

          Re: Karma?

          "Posting something which can easily be backed up with even a rudimentary search of the Internet along with a perfectly valid opinion is not stupid."

          What are you even on about? He was celebrating civilians getting killed and said that "they got off lightly." People explain how getting killed by ISIS for supplying the US with information is 'getting off lightly'.

          What the CIA has previously done is completely irrelevant to whether informants deserved to die or not. If you report a crime to the police do you deserve to get hurt because the police have done bad things in the past?

          1. _LC_
            Holmes

            Re: Karma?

            How about the present and the future?

  17. J J Carter Silver badge
    Big Brother

    Face facts

    Should have used crooked Hillary's email server, the CIA has stated that's impervious to any and all espionage attempts or she'd be in jail...

    1. Justthefacts

      Re: Face facts

      Is that a bit like crooked Trump’s iPhone?

      The one that he uses to tweet from, despite that the Security Services stating publically and privately that it is against federal law and telling him to please stop.

      The one that there are video clips on national TV showing him using, including Fox News.

      You can go to @realdonaldtrump to read his tweet denying that he uses an iPhone to tweet, which says at the bottom “iPhone app”.

      Is that the sort of thing that you have in mind?

      1. Mark 85 Silver badge

        Re: Face facts

        You can go to @realdonaldtrump to read his tweet denying that he uses an iPhone to tweet, which says at the bottom “iPhone app”.

        But the hype of the myth that "all Apple products are secure" still runs rampant. I guese his Trumpiness believes it.

      2. Spazturtle Silver badge

        Re: Face facts

        LOL stop making shit up, members of the US government are allowed to use personal devices to do personal things. What Trump is doing is the correct thing, using a personal device for personal communications and using a secure device for secure communications.

        1. Justthefacts

          Re: Face facts

          Trump’s tweets have been the first notice he has given the world of Presidential policy. He has fired advisers over Twitter, in his capacity as president. It is not a personal account.

          You, along with him, are unable to differentiate *why* so much of what he does crosses the line between personal and official. He shouldn’t be employing his daughter and son-in-law as an adviser, for example.

          Considered as an actual security risk, Trump carries his phone on his person. Any attack vector which could compromise a device OTA (like for example, a Bluetooth buffer overrun attack) is immediately fatal. *When* rather than if his personal phone is security-compromised, it can be used as a spying microphone in his pocket. He is POTUS FFS. Not a middle-level official.

          Clinton’s risk was an *email server* running at home. Her attack surface was an email address. A physical attack would require someone to *enter her home*. The email server is not compromised even if she opened a dodgy email. Because it’s a server.

          If you were saying that her device used to *read* emails could be compromised over the internet, that’s a reason not to access email at home, wherever the email server is located. But that isn’t the allegation. Most managers read their email at home, over VPN, including most governmental officials, and nobody is saying that was against policy. Running an email server is not that risk.

          The server risk is someone entering her home could have stolen it and accessed the emails, breaking passwords with state-actor level methods.

          *But that didn’t actually happen. Did it.*

          1. Tree

            Re: Face facts

            Yeah, she could have wiped it with a cloth.

    2. anonymous boring coward Silver badge

      Re: Face facts

      "Should have used crooked Hillary's email server"

      Some kind of Ironic posting? Or do you sit stuck in front of Fox Propaganda all day?

      1. David Nash Silver badge

        Re: Face facts

        I read it as ironic and imagined the quotes around "Crooked Hillary".

        Stating that the CIA describes it as resisting all attempts.... really?

        But the number of downvotes suggest a number of people here read it as straight.

  18. David Shaw

    More “hard” facts here

    https://www.schneier.com/blog/archives/2018/08/cia_network_exp.html

    Bruce quotes from

    https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/

    Though one counter-narrative opinion considered the possibility that naming “comms protocols” or “insecure websites” was a typical smoke & mirror diversion trick away from something/someone more interesting!

    Who knows, at least the story has legs now that a new version has appeared after three months, but for those looking for the elusive “hard” facts , remember to factor in this six year old story by Michael Hastings

    https://www.buzzfeednews.com/article/mhastings/congressmen-seek-to-lift-propaganda-ban

  19. Will Godfrey Silver badge
    FAIL

    I stand corrected

    There really is no limit to people.s stupidity.

    Why would a so-called security establishment go anywhere near the internet? ... Except to snoop on what other people were saying.

    1. vtcodger Silver badge

      Re: I stand corrected

      Why would a so-called security establishment go anywhere near the internet?

      You have a agent within the tightly guarded biological warfare research site in Whichwhatisstania would you communicate via:

      A) A shortwave radio tranceiver that emits a traceable signal and requires an external antenna?

      B) A cell phone?

      C) A letter drop behind a rock in a city park?

      D) A letter drop in a hollowed out pumpkin on a farm owned by another spy?

      E) Late night meetings with a controller on a bridge in downtown Whichwhatisstan City?

      F) The Internet?

    2. Jon 37

      Re: I stand corrected

      Because they need to communicate with their agents. That means either risky scheduled face-to-face meetings, slow and risky dead drops, radio transmitters that can be located with direction-finding equipment, or reusing some legitimate communications channel. Spies have used letters (can be intercepted), phones (can be tapped), newspapers (coded classified ads), and now the Internet.

      There are a lot of advantages to the Internet, if done right. It's fast, encrypted, high-bandwidth, and you can hide the covert communications amongst lots of innocent legitimate data. However, there are obvious risks, too.

      1. Anonymous Coward
        Anonymous Coward

        Re: I stand corrected

        @ron_37

        "...advantages to the Internet, if done right. It's fast, encrypted, high-bandwidth..."

        Mmmmmm......."encrypted". There seems to be concern in some quarters about the security of encryption standards. The concern is that the encryption might be readable by -- who knows who? But of course, sensible "bad guys" would probably use their own encryption on top of the publicly available sort. Maybe even sensible "good guys" (if there are any!) should do the same. What do you think?

        72447393AE5B98D1B58E34BA12075D2690D16A92

        6ACB72C6231BF5C364BA398543DEB473B723D388

        62C344630B235F1627F14D6ED5D9F616DFE13705

        1065C64C485F0004A49D07FA16B7793AA2B09278

        2C01E62C1F02F483A70A70B8B24D03

        1. Anonymous Coward
          Anonymous Coward

          Your encryption is good enough

          to get your agent killed. Obviously there is a hidden message. This alone would trigger an investigation.

          How to successfully crack your encryption: https://xkcd.com/538/

          1. Anonymous Coward
            Anonymous Coward

            Re: Your encryption is good enough

            @AC

            Assumptions....what password? What encrypted laptop? None of the above!

            Everything on my laptop is in plain text.....move on....nothing to see here. The cipher text was downloaded from a widely used public web site (say, like The Register -- see above). I wonder who posted the cipher text? I wonder which of the hundreds or thousands of web hits represents the intended recipient(s)? I wonder how long it will take to figure this out.....never mind figure out the book cipher which was used (if indeed it was a book cipher)?

            The encryption only needs to be good enough for the answers to these questions to take a longish time. The people using this mechanism (whoever they are) are in the mean time communicating in real time.

            ......but I DID like the cartoon!

  20. John Smith 19 Gold badge
    Unhappy

    ""It was never meant to be used long term for people to talk to sources," "

    And yet it was.

    "temporary" infrastructure used long after it should have been replaced. No PHB has ever done that before.

    BTW the STUXNET malware was first discovered in 2010.

    According to Wikipedia it was though to have been in development (and deployment?) from 2005.

    So yes if the Iranians started noticing stuff earlier they would have been quite angry.

    It seems actions have consequences, even in malware. Who knew?

  21. charlie-charlie-tango-alpha

    "The CIA did not respond to a request for comment."

    And you are surprised?

    1. Uffish
      Black Helicopters

      Re: "The CIA did not respond..."

      That is what you are supposed to think.

    2. ElReg!comments!Pierre Silver badge

      Perhaps they did respond,

      On one of their secret sites. Someone fire up the Google !

  22. Paul Hovnanian Silver badge

    It's a tradeoff

    Between providing good encryption/anonymity for everyone (allowing our spies to blend into the crowd) and law enforcement's need to monitor sites and users for various violations.

    We may have lost some valuable overseas operatives. But Mickey Mouse is still safe.

    1. Anonymous Coward
      Anonymous Coward

      @Paul H - Re: It's a tradeoff

      Encryption is getting better with time while anonymity is the opposite. Even when your message is strongly encrypted, a couple of determined henchmen will have no problem extracting plain text from you and your unfortunate partner.

  23. Insane Reindeer
    Unhappy

    What about the double agent?

    Surely the biggest "mistake" the CIA made in this whole thing was not identifying the double agent *before* he told the Iranians about the website. Right? Obviously the Iranians would be on the look out for moles/agents within their country. But. At no point does the report say that they were actively using Google to search for these websites before the double agent put them onto it.

  24. FlamingDeath Bronze badge
    Holmes

    'intelligence services'

    Oxymoranic

  25. ecofeco Silver badge

    The world is run by morons.

    The old CIA would have never let something like this happen in the first place.

  26. nice spam database '); drop table users; --

    Sept.11 Intelligence failure?

    The whole world knows, and the (real) free world dares to voice it: Sept. 11 was a false flag operation to make invading Afghanistan more psychologically bearable for the US population. News sites shouldn't help perpetuate the fairy tale of terrorist attacks, especially this website, which is supposed to look at things from a technical/scientific angle.

    1. _LC_
      Alert

      Drug money

      There's even more to it. The whole world can see that Afghanistan has been turned into the world's biggest opium factory. You can see the fields from above; it's no secret.

      Now, there's a certain 'organization', which has been caught dealing drugs repeatedly. I wonder who's cashing in on Afghanistan's opium... Could it be? No, wait – it can't be! They can't be doing it again, they've already been caught before!?! :-P

  27. Flywheel Silver badge
    Joke

    The CIA did not respond to a request for comment

    It's okay, we'll just ask the Iranians what they said ...

  28. Anonymous Coward
    Anonymous Coward

    Encrypted message posted on the web for all to see ;-)

    Must contain some text

    1556 1236 9854 1215 2154 2545 6985 1452

    6958 2568 3695 4586 4569 2569 3654 2457

    2568 2541 3652 3645 7824 4584 2456 2569

    2458 2448 2458 2448 2548 1228 4566 3654

    4569 1759 2547 2667 3654 3664 2569 2564

    1. Anonymous Coward
      Anonymous Coward

      Re: Encrypted message posted on the web for all to see ;-)

      Please stop posting my PIN code on public websites...

  29. karlkarl Bronze badge

    Our nation would imprison the spies, not kill them.

    Just sayin'

  30. Stevie Silver badge

    Bah!

    I wonder if OPOTUS will be as vocally critical of this as he was over Hillary’s emails, another case of convenience over security concern. We will pass over the issue of phones.

    At least this is one thing from that era that cannot be blamed on the Snowden leaks.

  31. jelabarre59 Silver badge

    search operators

    Wait, someone got Google's advanced search operators to actually work???? Must be fake news, because *nobody* can make Google's advanced search to work anymore. Heck, Google will drop randon words out of a search phrase with the *FIRST* result simply because they're too lazy or incompetent to do it right.

  32. Mandoscottie
    Big Brother

    C= Central I=........

    Does anyone else have the laurel and hardy theme tune running through their head? No? Just me then :P

    You seriously couldn't make this stuff up, remind me again, the I in CIA,stands for intelligence...right?

    https://www.youtube.com/watch?v=uwhxc3OCBjc

  33. Anonymous Coward
    Anonymous Coward

    <meta name="googlebot" content="noindex">

    Next time, see title ---^ .

  34. Jake Maverick

    some good news at last then i guess....but this sounds deliberate to me, hard to believe that they really are that incompetent at that level....and they fire the only person who seemed to be? competent? what that tell ya..... :-(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019