Iranians Compromised a Highly Sensitive CIA Covert Communications System in 2011 by Using Google Search: Report

In 2011, Iran was able to use Google's search functionality to hack into a secret CIA communication network that was being used to contact agents and informants around the world -- a breach that appears to have triggered the exposure and execution of Agency sources in China and Iran, Yahoo News reported Friday.

Actually Google had very little to do with this.

[hey!]

Most of the methods Iranians used would have been familiar to George Smiley. They looked at what the Americans obviously knew about Iran and figured out who could have told them. Then they leaned on those people and found out how they were communicating with the CIA.

This is where Google came in. These people were using phony websites to communicate with the CIA, and Iranian intelligence used Google to uncover similar websites. Then they hacked into those websites after which they had the keys to the kingdom.

It was the CIA's reliance on a bodged-together, vulnerable system that killed those assets. They used it even after they'd been warned by their own analysts in 2008 that it had been compromised.

Re:Long Article, Quick Summary

[XXongo]

This is a really long article that can be summarized in about two paragraphs:

Well, plus one more very important paragraph:

In 2008 — well before the Iranians had arrested any agents — a defense contractor named John Reidy, whose job it was to identify, contact and manage human sources for the CIA in Iran, had already sounded an alarm about a “massive intelligence failure” having to do with “communications” with sources. According to Reidy’s publicly available but heavily redacted whistleblower disclosure, by 2010 he said he was told that the “nightmare scenario” he had warned about regarding the secret communications platform had, in fact, occurred

They were told there was a problem. They ignored it, and fired the person who told them.

Re:why

[Nidi62]

Why don't they just use public pages? The internet has no shortage of discussion forums, many of which must be frequented by millions of people, even in Iran and China.

MMOs. MMOs make the perfect medium for covert communication. Think about how many hundreds, if not thousands of games there are that allow communication between players, many with world-wide player bases. You have behemoths like WoW with multiple servers in multiple regions down to $2 cellphone games. Even if a country were able to go through the arduous task of figuring if or what game is being used, simple tradecraft basics make monitoring difficult. It could be coded messages, set times to meet, or even something as simple as sending/giving a player a certain item or buying/selling an item at a certain price had different or predetermined meanings. Unless a target is already under surveillance and their machine is compromised an agency would have to covertly find/add a back door or crack and track every game available (and with VPNs and other methods even games NOT available) within it's borders.