CIA systems 'hacked' by googling. Dozens of informants globally killed as result
yahoo.comAccording to the article the Iranians used advanced Google techniques like the "AND", and "OR" operators. Truly sophisticated work.
The CIA put their top-secret info on the public Internet, because password-protecting it was too inconvenient. Then adversaries found the info. US intelligence services treating foreign informants as expendable, as always. Also seen when US abandoned Afghan translators to be killed by Taliban.
I dought it's inconvenience... Most likely a form of incompetence, at some level, in some department. Everyone can recognize the severity of this information leaking to "enemies of the state".
The time-old saying applies here: "Never assume malice with what can readily be explained by incompetence".
From the article:
>Former U.S. officials said the internet-based platform, which was first used in war zones in the Middle East, was not built to withstand the sophisticated counterintelligence efforts of a state actor like China or Iran. “It was never meant to be used long term for people to talk to sources,” said one former official. “The issue was that it was working well for too long, with too many people. But it was an elementary system.”
>“Everyone was using it far beyond its intention,” said another former official.
I find this the most baffling. I'm also of the mind that assuming malice here is a bit too much, but what's the point of info security if not to protect systems from being used in ways they weren't intended?
I've read horror stories about bad sysadmin jobs but users not using a system as intended don't usually have a body count as a result.
A legacy system that few were willing to give up; no surprises there.
The dead agents and the dismantled spy network show that it worked. Why complicate things, when "AND" + "OR" work just fine? Someone screws up and a site is offline in certain regions for x hours. CIA screws up and people are dead, not to mention sources, work in progress regarding industrial espionage, arms sales etc etc.
Truly, truly; pathetic. Several dozen people at least knew better and instead of fixing it, tried to bury the guy who raised the alarm.
The IG had this information and didn’t act. Completely mind-blowing. Dozens of agents/assets killed. An entire class exploded.
Truly, a national embarassment and of course no one is going to jail.