Interesting story of a CIA intelligence network in China that was exposed partly because of a computer security failure:
Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected — and there would be no way to trace the communication back to the CIA. But the CIA’s interim system contained a technical error: It connected back architecturally to the CIA’s main covert communications platform. When the compromise was suspected, the FBI and NSA both ran “penetration tests” to determine the security of the interim system. They found that cyber experts with access to the interim system could also access the broader covert communications system the agency was using to interact with its vetted sources, according to the former officials.
In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems.
U.S. intelligence officers were also able to identify digital links between the covert communications system and the U.S. government itself, according to one former official — links the Chinese agencies almost certainly found as well. These digital links would have made it relatively easy for China to deduce that the covert communications system was being used by the CIA. In fact, some of these links pointed back to parts of the CIA’s own website, according to the former official.
People died because of that mistake.
The moral — which is to go back to pre-computer systems in these high-risk sophisticated-adversary circumstances — is the right one, I think.
Posted on August 29, 2018 at 8:10 AM •
The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years.
The always interesting gruqq has some interesting commentary on the group and its tactics.
Lots of detailed information in the report, but I admit that I have never heard of ProtectWise or its research team 401TRG. Independent corroboration of this information would be helpful.
Posted on July 20, 2018 at 6:38 AM •
The Intercept has a long article on Japan’s equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising.
The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work even the location of its headquarters. Most Japanese officials, except for a select few of the prime minister’s inner circle, are kept in the dark about the directorate’s activities, which are regulated by a limited legal framework and not subject to any independent oversight.
Now, a new investigation by the Japanese broadcaster NHK — produced in collaboration with The Intercept — reveals for the first time details about the inner workings of Japan’s opaque spy community. Based on classified documents and interviews with current and former officials familiar with the agency’s intelligence work, the investigation shines light on a previously undisclosed internet surveillance program and a spy hub in the south of Japan that is used to monitor phone calls and emails passing across communications satellites.
The article includes some new documents from the Snowden archive.
Posted on May 21, 2018 at 9:54 AM •
The White House has eliminated the cybersecurity coordinator position.
This seems like a spectacularly bad idea.
Posted on May 17, 2018 at 6:23 AM •
Interesting history of the US Army Security Agency in the early years of Cold War Germany.
Posted on March 8, 2018 at 6:29 AM •
New York Magazine published an excellent profile of the single-document leaker Reality Winner.
Posted on December 29, 2017 at 6:34 AM •
Amazon has a cloud for US classified data.
The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it.
Posted on November 21, 2017 at 6:16 AM •
Interesting post-Snowden reading, just declassified.
(U) External Communication will address at least one of “fresh look” narratives:
- (U) NSA does not access everything.
- (U) NSA does not collect indiscriminately on U.S. Persons and foreign nationals.
- (U) NSA does not weaken encryption.
- (U) NSA has value to the nation.
There’s lots more.
Posted on August 30, 2017 at 6:15 AM •
Apple is fighting its own battle against leakers, using people and tactics from the NSA.
According to the hour-long presentation, Apple’s Global Security team employs an undisclosed number of investigators around the world to prevent information from reaching competitors, counterfeiters, and the press, as well as hunt down the source when leaks do occur. Some of these investigators have previously worked at U.S. intelligence agencies like the National Security Agency (NSA), law enforcement agencies like the FBI and the U.S. Secret Service, and in the U.S. military.
The information is from an internal briefing, which was leaked.
Posted on June 27, 2017 at 6:25 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.