How did Iran find CIA spies? They Googled it

When he left the CIA in 2011 to become secretary of defense, Leon Panetta (right) was leaving in the midst of a huge crisis for the CIA, according to a Yahoo News report: a breach in communications had exposed dozens of CIA assets in Iran and China.

Enlarge / When he left the CIA in 2011 to become secretary of defense, Leon Panetta (right) was leaving in the midst of a huge crisis for the CIA, according to a Yahoo News report: a breach in communications had exposed dozens of CIA assets in Iran and China.
Central Intelligence Agency

A covert “transitional” channel used for communicating with sources that Central Intelligence Agency handlers couldn’t reach directly was exposed and infiltrated by Iranian intelligence in 2009. The breakdown in operational security—which apparently relied heavily on security through obscurity—was the result of Iranian intelligence officials simply using Google to locate the websites used as the communications channel after a double-agent exposed the method used by the CIA, according to a report from Yahoo News’ Zach Dorfman and Jenna McLaughlin.

Once a double agent presented information about a website the agent had been directed to in order to communicate with the CIA, Iranian intelligence apparently used aspects of the URL to search for other, similar websites. Iranian officials were reportedly able to rapidly identify a number of other such sites, which were set up as temporary communications systems for new, unvetted sources by the CIA. As a result, Iran’s intelligence was able to quickly identify the Iranians communicating through those sites. The breach led to the roundup in 2011 of 30 people identified by Iran as CIA spies.

Further digging into these compromised sites may have exposed the identity of CIA personnel as well. During the same timeframe, Iranian intelligence officials were also directly approaching US CIA officers, trying to recruit them to be double agents.

The exposure didn’t end there. Yahoo reported that a similar system used to manage Chinese sources was also compromised, leading to the arrest and execution of another approximately 30 people working on behalf of the US between 2011 and 2012.

Some of those deaths have been attributed to information provided to China by former CIA officer Jerry Chun Shing Lee. Former intelligence and national security officials told Yahoo News that the CIA’s recruited agents in China were rounded up so quickly because the government had gained access to the temporary system used by the CIA to communicate with unvetted new sources—possibly because Iranian intelligence officials shared information about the details of the CIA’s communications that they had discovered.

The former intelligence officials that spoke with Yahoo believe that the compromise of CIA assets may have been worldwide. And when coupled with the breach of the Office of Personnel Management discovered in 2015 and its potential counterintelligence value, the damage done was likely compounded, as the CIA reportedly was forced to withdraw field agents around the world that might have been exposed.

The nature of the “transitional” communications system isn’t clear beyond it having a Web front end that was identifiable by using advanced Google search terms. But given that Iran and China both tightly control Internet traffic, simply identifying the sites could have allowed counter-intelligence teams to identify who was visiting sites like them, allowing those countries to potentially redirect them to bogus versions of the sites in order to further extract information about those individuals.

Similar Posts: