Confirmed: Listening to Whistleblower John Reidy Could Have Saved the Lives of Numerous CIA Assets

Back in 2015, I looked at the whistleblower case of John Reidy, a former CIA contractor who had warned of catastrophic failures in a communications system.

Reidy describes playing three roles in 2005: facilitating the dissemination of intelligence reporting to the Intelligence Community, identifying Human Intelligence (HUMINT) targets of interest for exploitation, and (because of resource shortages) handling the daily administrative functions of running a human asset. In the second of those three roles, he was “assigned the telecommunications and information operations account” (which is not surprising, because that’s the kind of service SAIC provides to the intelligence community). In other words, he seems to have worked at the intersection of human assets and electronic reporting on those assets.

Whatever role he played, he described what by 2010 had become a “catastrophic intelligence failure[]” in which “upwards of 70% of our operations had been compromised.” The problem appears to have arisen because “the US communications infrastructure was under siege,” which sounds like CIA may have gotten hacked. At least by 2007, he had warned that several of the CIA’s operations had been compromised, with some sources stopping all communications suddenly and others providing reports that were clearly false, or “atmospherics” submitted as solid reporting to fluff reporting numbers. By 2011 the government had appointed a Task Force to deal with the problem he had identified years earlier, though some on that Task Force didn’t even know how long the problem had existed or that Reidy had tried to alert the CIA and Congress to the problem.

All that seems to point to the possibility that tech contractors had set up a reporting system that had been compromised by adversaries,

When news of CIA’s loss of numerous Chinese assets came out, I again pointed back to Reidy’s warnings.

Today, Yahoo confirms that the communications system weakness first identified by Reidy 11 years ago was indeed exploited first by Iran (where, Yahoo says, Reidy was stationed), then by China, and to a lesser degree, Russia.

Iran was able to use the vulnerability to unwind the US’ network of spies by using Google to identify signatures of the system.

This hunt for CIA sources eventually bore fruit — including the identification of the covert communications system.

A 2011 Iranian television broadcast that touted the government’s destruction of the CIA network said U.S. intelligence operatives had created websites for fake companies to recruit agents in Iran by promising them jobs, visas and education abroad. Iranians who initially thought they were responding to legitimate opportunities would end up meeting with CIA officers in places like Dubai or Istanbul for recruitment, according to the broadcast.

Though the Iranians didn’t say precisely how they infiltrated the network, two former U.S. intelligence officials said that the Iranians cultivated a double agent who led them to the secret CIA communications system. This online system allowed CIA officers and their sources to communicate remotely in difficult operational environments like China and Iran, where in-person meetings are often dangerous.

A lack of proper vetting of sources may have led to the CIA inadvertently running a double agent, said one former senior official — a consequence of the CIA’s pressing need at the time to develop highly placed agents inside the Islamic Republic. After this betrayal, Israeli intelligence tipped off the CIA that Iran had likely identified some of its assets, said the same former official.

The losses could have stopped there. But U.S. officials believe Iranian intelligence was then able to compromise the covert communications system. At the CIA, there was “shock and awe” about the simplicity of the technique the Iranians used to successfully compromise the system, said one former official.

In fact, the Iranians used Google to identify the website the CIA was were using to communicate with agents. Because Google is continuously scraping the internet for information about all the world’s websites, it can function as a tremendous investigative tool — even for counter-espionage purposes. And Google’s search functions allow users to employ advanced operators — like “AND,” “OR,” and other, much more sophisticated ones — that weed out and isolate websites and online data with extreme specificity.

According to the former intelligence official, once the Iranian double agent showed Iranian intelligence the website used to communicate with his or her CIA handlers, they began to scour the internet for websites with similar digital signifiers or components — eventually hitting on the right string of advanced search terms to locate other secret CIA websites. From there, Iranian intelligence tracked who was visiting these sites, and from where, and began to unravel the wider CIA network.

Yahoo describes that Iran and China likely traded technology, which is how China proceeded to use the same technique to target CIA assets.

While Yahoo doesn’t emphasize it, it seems likely that if SAIC and Raytheon hadn’t had so much power when Reidy first started warning of this compromise, it would have been addressed far more quickly. Instead, he lost clearance and was fired.

Which, on top of a lot of other lessons, seems to be a superb example of how ignoring a whistleblower can have catastrophic consequences.

15 replies
  1. Trip says:

    it seems likely that if SAIC and Raytheon hadn’t had so much power when Reidy first started warning of this compromise, it would have been addressed far more quickly. Instead, he lost clearance and was fired.

    That’s not likely to change any time soon:
    48 out of 64 Raytheon Co lobbyists in 2017-2018 have previously held government jobs

    Sales at the company’s intelligence, information and services business, its second biggest, rose 13 percent to $1.74 billion, boosted by higher revenue from various programs, including DOMino, which provides cybersecurity support to the U.S Department of Homeland Security.

    6 out of 7 SAIC lobbyists in 2017-2018 have previously held government jobs

  2. Concerned canuck says:

    Former Cdn Prime Minister Stephen Harper spoke this summer about this issue in terms of the coordination of cyber intelligence between 5 Eyes Nations. Specifically the concerns of Canada re the security risks of technology procurement with Chinese hardware that the US was using.

    Around the 9 minute mark:

  3. orionATL says:

    if this nation ever gets around to fixing its serious social problems like insufficient yearly income for 40% of the population, seriously negligent attention to environmental issues like air, water, waste, and climate change, state and federal legal systems severely distorted by corporate power unmatched elsewhere in the political system, and accelerating lack of competition among corporations supplying basic needs, then it is going to need to give the highest priority to the encouragement and the legal protection of whistleblowers both government and private. i fantasize about this problem from time to time and there are some remedies that engage me:

    1) ) statutes that affirmatively give the duty to citizens to engage in whistleblowing activity whenever they sense circumstances that they are familiar with indicate a need for whistleblowing.  this affirmative duty would extend to all citizens, including those operating on projects at any level of government security classification.

    2) an absolute prohibition on the use of economic retaliation (firing, demoting, discrediting work effort) by corporate, nonprofit, or government organizations including even apparent retaliation against a whistleblower and even before his/her charge is validated.

    3) a prohibition under penalty of swift loss of license or contract for organization lawyers, public relations/crisis firms, and executives or organization contractees, as well as regulatory officials, prosecutors, and judges who even attempt to violate whistleblower protection statutes.

    4) no elected or appointed government official from the president on down have the legal right to instantaneously classify or declassify a government document or program, or to forbid a government employee or conractor from testifying about or publicly criticizing a program or punish an employee gor doing so.

    don’t get me going on whistleblowing. there is no other citizen activity that will do a better job of blowing up the hidden unjust, suppressive underpinnings of the clubby government-corporate society we have evolved into, or a better job of suppressing random, foolish conspiracy inclinations; who needs those when real world organizational incompetence, dishonesty, favoritism, fraud, conspiracy beckon?

    • rip says:

      Great list of potential remedies.

      I would add a requirement that an independent organization be established well away from the fiats of the executive and congressional branches that would receive the first information about the activities called out by the whistle-blower. This organization may not have all the knowledge or clearances to see or act upon the suit but it could stand in to ensure that other in-house groups follow through with meaningful responses and actions as merited. It seems that some level of international organizations and civil liberties groups could be involved also.

      • orionATL says:

        yes! an excellent suggestion.

        there is absolutely no reason to let “the in-house team”, whether gov prosecutors or corporate attorneys (whose negative bias should always be assumed), have the first cut – and i do mean cut – at the whistleblower and her charge.

        • Diviz says:

          Transparency International Press Release

          24 JANUARY 2017

          “Transparency International Confirms the Disaccreditation of Its Chapter in the US”

          This action took place in accordance with Transparency International’s Accreditation Policy and included an initial Board decision on 27 November 2016, and a subsequent recommendation by a reconsideration panel on 2 January 2017, as provided in this policy.  All accredited Chapters of Transparency International undergo an accreditation review every three years to ensure consistency with Transparency International’s mission, values and principles and to confirm mutual interest in continuing working together.

          I interned there both in undergrad and graduate school. This is the first I’m hearing of this. I’m so intrigued. Salacious, delicious. When I was there (last time was in 2006), the Director was Nancy Zucker-Boswell. Hmmm…

        • Diviz says:

          Ok, there is more info in this coverage by Corporate Crime Reporter.

          In a 2015 interview with Corporate Crime Reporter, Sarah Chayes, author of Thieves of State: Why Corruption Threatens Global Security, was critical of Transparency International USA’s failure to tackle corruption in the United States — what she identified as a system of “legalized bribery.”
          Chayes says that there are four or five parties in the United States —  Wall Street, the health industry, the energy industry and the military industrial complex — that have wrested the laws to serve themselves.

          That’s pretty much exactly as I remember it. The international secretariat does have a free and confidential legal aid department for whistleblowers though. But I wonder if Americans would even think to contact them both because there is no US affiliate and because quite a bit of US corruption is legal and not seen as anything but “how things are ought to be.” Le sigh.

  4. Saul Tannenbaum says:

    So, a robots.txt file and “no index” tags would have kept their the Iranians from finding CIA infrastructure?

    That’s astounding.

  5. BroD says:

    Just to be clear, “assets” in this context means “people who–at substantial risk to themselves–were assisting American intelligence efforts.”

    Worth keeping this in mind.

  6. Eureka says:

    So needlessly tragic and frustrating.  And it doesn’t seem like the full scope of consequences is even understood.  Sources in Yahoo make it sound like the unheeded warnings culture remains fully operational, quel surprise.

  7. lefty665 says:

    Also from the article: “Former U.S. officials said the internet-based platform, which was first used in war zones in the Middle East, was not built to withstand the sophisticated counterintelligence efforts of a state actor like China or Iran. “It was never meant to be used long term for people to talk to sources,” said one former official. “The issue was that it was working well for too long, with too many people. But it was an elementary system.”

    This started coming unglued while Hayden was CIA director.  As former DIRNSA he knew better than to use a tactical system when communicating long term with covert operatives in hostile environments.  The idiocy spanned the CIA directorships of Hayden, Panetta, Morrell (acting, twice), Betrayous and apparently into Brennan’s watch too.  It also happened on the watches of DNIs McConnell (another ex DIRNSA), Blair and Clapper. WTF? As Casey Stengel once said of the Mets “Doesn’t anyone here know how to play this game?”  Insult to injury (not to mention deaths) is that several of these guys are still out there peddling twaddle about national security and THE RUSSIANS.  They clearly have no shame, and we’re paying handsome pensions to them all.

    This happened on the operations side of CIA where current CIA Director Haspel resided after her tour in torture. What role did she play in it as a senior executive? Funny we did not hear a whisper of this during her confirmation hearing. We have an ex CIA operative running for Congress locally. What was her involvement? We cannot know because it is classified.

    More from the article: “The deaths in China sent investigators into overdrive. Teams from the CIA, the FBI and the House Permanent Select Committee on Intelligence scrambled to try to figure out what had happened — and how to stem the damage.”

    Who’s missing from this picture, and the whole article? Maybe the NSA where they actually have people who know something about communications and keeping them secure. Put the CIA (the morons who created the problem), FBI (Stzrok in counter intelligence? Was his solution to give our spies FBI phones so they couldn’t be tracked?) and House staffers on the case, that’ll do it. Together they probably couldn’t break the igpay atinlay the CIA was perhaps using for encipherment at their string of internet cafes. They assembled a task force right out of the “Pink Panther”, and people who risked their lives to collaborate with us were dying while the whistle blower was fired in retaliation. As I asked before. WTF?

    I truly appreciate the work the reporters have done to bring this forward, as well as the earlier article one had in ‘Foreign Policy’. OTOH, they do seem a little naive.
    From the article: “And Google’s search functions allow users to employ advanced operators — like “AND,” “OR,” and other, much more sophisticated ones”

    OMG, they used “AND” and “OR”. If they had those they likely had the super sophisticated “IF” “THEN” and “ELSE” too! Are there no limits to the logical operators the nuclear crazed Iranian bastards deployed? The code might look something like:

    IF traffic between thissite AND thatsite OR theseothersites THEN CIAsite
                    IF site geolocates to Langley THEN CIAhomeoffice
                        ELSE is CIAspy AND gogettem if local OR tell Chinese/Russians
    LOOP until over

    From the article: “At the CIA, there was “shock and awe” about the simplicity of the technique the Iranians used to successfully compromise the system, said one former official.”

    About 4 lines of code plus a print output. “Shock and Awe” indeed.

    This story has huge implications and has clearly been kicking around D.C. for a decade. Why have we not heard about it before now? Will we hear more, or will it die again like it did after the NYT published a profoundly incomplete story and followup in 2017?

Comments are closed.