SoylentNews is people
SoylentNews
from the only-the-shadow-knows...-and-has-head-up-its-ass dept.
The Central Intelligence Agency (CIA) used a quick and dirty web-based system to communicate with its agents around the world. Easy-to-use but not sophisticated. Iran and China used this system to find U.S. spies and convert or kill many agents, including entire national spy networks, starting around 2008.
Once you recognized the system, counter-spies could simply use Google to find the CIA's communication sites. They could then use standard traffic analysis to find out who visited the sites, identifying the spy networks.
Iran found spies using the system, converted some to double agents, while killing dozens of others. Iran may have passed the info to China, who wiped out the CIA network there, turning and killing 30+ agents. Iran then went spy hunting across the Middle East, too.
The absolute kicker: a CIA tech contractor identified the problem, that the network was compromised and spies were disappearing due to it, and reported it up the chain in 2008. He was ignored, punished and fired. Part of the reason we know this all happened is because he filed a federal whistleblower protection lawsuit.
So many/most of these U.S. agents would not be dead if CIA management AND the CIA inspector general had listened and acted on the report of a technical/security problem. Instead they denied they had a problem, burying their heads and their agents in the sand. Not only is the CIA riddled with terrible torture monkeys, but also deadly, incompetent, and inept management.
Article: The CIA's communications suffered a catastrophic compromise. It started in Iran.
Previously: CIA Informants Imprisoned and Killed in China From 2010 to 2012
Ex-CIA Officer Arrested, Suspected of Compromising Chinese Informants
(Score: 5, Interesting) by Anonymous Coward on Monday November 05 2018, @06:05PM (4 children)
The sad sack thing is that this still isn't fixed.
They changed some elements of the "signature" and they no longer stand up discussion forums of their own. But a significant amount of traffic has always funneled through public discussion and sharing sites like Slashdot and Wikipedia and this hasn't changed.
That is the only reason you are being told what little is in the article.
The whole human intelligence apparatus has always been a "hidden in plain sight" system, that started with local classified ads.
What has changed here is the platform for discussion no longer involves routing the conversation through multiple media sites and backpages is gone but that wouldn't be an attempt to staunch the bleeding.
Regardless of platform, this traffic looks like it's just part of the conversational flow, but with some strangeness thrown in. It's there hidden in plain sight.
It relies on conceptual conversational masking. A post with a single statement along the lines of "Ya know, 'topic' is like 'concept'" where topic is in fact topical and relevant but concept can seem way out in left field, eventually a reply comes in relating to another concept.
This is then followed by the same users later posting in older topics about 'concept' where they appear to be rambling a bit incoherently about a topic that is no longer front and center on the site.
The initial semi-incoherent ramblings are code strings not ciphers, and easy to identify because they are repeated verbatim by different users. You can find the conversations between agents and handlers, simply by looking at people who mostly, as in 80% of the time, are only talking with each other over a longish period of time, say days or weeks across a range of topics and these people are clearly neither SMEs nor do they posses more than a lay understanding of the topic.
An example of this would be a small handful of people discussing recent fusion energy discoveries but conflating concepts of fusion and fission (happens in Slashdot just before news broke of Iran's centrifuges being destroyed).
It's relevant, sorta, but it's wrong, however suddenly upon looking back, you notice that these same concepts do apply to something from the near future.
Once you understand how "concept" maps to "code", then it becomes relatively easy to follow the discussion holders, and understanding the discussion itself is as easy as exfiltrating a code book. While that sounds difficult, code books are electronic and produced by contractors and these contractors or at least their employees, do recognize the value of what they hold and will sell to the highest bidder because the risk vs reward is there.
Unfortunately, to facilitate these conversations, the intelligence community doesn't use disposable one time use accounts, because the account name is used by the handlers to pin a message to a human source element without the need for a digital signature. This has the effect of compromising the entire network once one participant is discovered. Tor hidden services were created to mask exactly this, but Tor public exits are now known to be weak because of exit node sibyls and logging. Iran, China, Russia all control as many nodes on Tor as the NSA and CIA do, and let's not forget Tor has always been a project of NAVY SIGINT and has never been shy about that. Tor packets whether destined for a hidden service or the web are easy to map back. If you control just 1% of nodes on the network you can reliably trace traffic back to a particular IP and in most cases you can decrypt it if you can man in the middle the handshake. That becomes especially easy if you're already in control at the POP or ISP level.
So if you're trying to find these conversations, the first step is to look for verbatim repeated phrases, because the verbatim repeats amount to a handshake. And this is what makes google so damned handy.
After the verbatim repeats, which allow you to identify both source and handler, you'll notice that in the conversations between these people there are conceptual repeats without being quite verbatim.
That's generally where the information exchange is.
In addition to repeated phrases. There have also been instances of emergency key killing for hidden services, using deadman's switches to canary that they have been compromised. This is what you are seeing when someone posts a nonsense message (usually AC) followed by a base64 encoded string.
The base64 encoded string is there to identify the poster (who is AC because the true poster is the automated canary), it's a crypto signature and used as a last resort to say "I've been compromised". The resource running it doesn't check in periodically and the automated system fires the message off, thereby notifying dog + world.
If you want to see proof, check out Slashdot and Wikipedia posts in the weeks and months leading to Arab Spring. The first place to look would be for an article about the political situation in Tunisia and some all but irrelevant posts comparing Union Générale Tunisienne du Travail (UGTT) to the Teamsters Union in the USA. That will point you onto conversations between a handler and a handful of operatives establishing the groundwork for Arab Spring in Tunisia utilizing UGTT and it's members to establish a flashpoint. Discussion tend to focus on union vs anti-union stances. Notice how the same people are discussing the same topics repeatedly, then suddenly stop at the start of the Syrian Civil war and now most of them never post at all anymore.
There are a ton of intelligence failures in our intelligence community from about the same time as well. It's almost like there was some money being handed under the table to root out these networks and this never really went away, the government just got better at denying it.
But foreign intelligence could never successfully compromise honest, hardworking, red blooded american citizens just keeping their nose down and doing their job in the bureaucracy, right? No way someone earning $55 - $60k per year would risk that position and the safety of their fellow countrymen for a few hundred thousand dollars with almost zero risk of ever being discovered. After all, even on that salary those people would have no problems affording an Ivy League education for their children, a half a million dollar home and nice car to go along with it. Even if it could be hidden in crypto currency with the subsequent thousand fold rise in value for literally no valid reason other than a ton of previously dark money flooding into the markets.
Not that it's related, but this was a major intelligence failure as well.
https://yro.slashdot.org/story/10/06/26/2149233/us-fears-loss-of-icq-honeypot [slashdot.org]
Ya know it's almost like the Israeli company Mirabilis had put in backdoors into their communication tool, like Blackberry did for Canada, but don't worry guys because Telegram from Russia is obviously free of any backdoors.
(Score: 0) by Anonymous Coward on Monday November 05 2018, @09:53PM (2 children)
This sounds interesting and informative... assuming it's true.
Do you have any specific examples you can point to in slashdot or wikipedia? I'd love to get a couple of slashdot IDs (or better, message threads) to check for myself. Given the ease you say at finding these, can you find a couple and provide a couple?
(Score: 3, Interesting) by Bot on Monday November 05 2018, @10:58PM
Hiding in plain sight has always made sense in general. If your plan for world domination is hidden and somebody stumbles into it, it is a disaster. If you put your plan in the homepage nobody bats an eye. I am not joking, there are official policies and news items and books and studies absolutely on par with the mein kampf, there is no sensation around it because they are public. What about things hiding as works of fiction? What about writing something with inconsistencies so that those inconsistencies can be pointed out to proclaim the item a fraud after it has circulated enough for its possession not to be problematic?
As for the rest of the comments if you use your fantasy you can come up with even better ways to communicate hiding in plain sight. Info in side channels.
Account abandoned.
(Score: 0) by Anonymous Coward on Tuesday November 06 2018, @04:57AM
The purple goose is flying backwards. Put the baby in the bath and and feed it mayonnaise. Do NOT go down to the woods today.
The eiderdown is inflated. Repeat. The eiderdown is inflated.
(Score: 2) by Gaaark on Monday November 05 2018, @11:23PM
Take third word of every paragraph, you get the code phrase:
"Sack some human platform on then semi-incoherent of understand facilitate you're to want a intelligence it's."
This means the tech contractor who tried to tell needs to be fired.
Already done. Message received and destroyed. Will be poo soon.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---