![]() It described this blunder as " terrible spycraft."Īnd while numerically proximate or sequential identifiers may go unnoticed some of the time – security through obscurity – it only takes one double agent aware of the scheme to allow adversaries to connect the dots. Investigative research group Bellingcat, for example, has used the sequential numbering of passports to help identify the fake personas of Russian GRU agents. Such basic errors continue to trip up spy agencies. Anatomy of suspected top-tier decade-hidden NSA backdoor.Former CIA engineer Joshua Schulte convicted of spying over WikiLeaks dump.CIA accused of illegally spying on Americans visiting Assange in embassy.Ex-NSA trio who spied on Americans for UAE now banned from arms exports."The result was that numerical identifiers, or IP addresses, for many of these websites were sequential, much like houses on the same street," Reuters explained. What makes the infrastructure ridiculous or reckless is that many of the websites had similarities with others in the network and that their hosting infrastructure appears to have been purchased in bulk from the same internet providers and to have often shared the same server space. "Sloppy ass website widget architecture plus ridiculous hosting/DNS decisions by CIA/CIA contractors likely resulted in dozens of CIA spies being killed," he said. Zach Edwards put it more bluntly on Twitter. The security group blames the CIA's "reckless infrastructure" for the alleged agent deaths. It says it intends to disclose some details to US government oversight bodies. The encrypted messaging widgets from CIA can be found on websites in numerous languages, & technical fingerprints made it possible to find more websites within the network, even nearly a decade after they had been taken down, thanks to the Did the CCP know too? Ĭitizen Lab says it has limited the details contained in its report because some of the websites point to former and possibly still active intelligence agents. For example, the supposed search box on iraniangoalscom is actually a password input field to access such its hidden comms functionality – which you'd never guess unless you inspected the website code to see the input field identified as type="password" or unless the conversion of text input into hidden Įntering the appropriate password opened a messaging interface that spies could use to communicate. The websites were designed to look like common commercial publications but included secret triggering mechanisms to open a covert communication channel. All of these flaws would have facilitated discovery by hostile parties." "In addition, blocks of sequential IP addresses registered to apparently fictitious US companies were used to host some of the websites. "The websites included similar Java, JavaScript, Adobe Flash, and CGI artifacts that implemented or apparently loaded covert communications apps," Citizen Lab explains in its report. But they are alleged to have facilitated covert communications, and to have done serious harm to the US intelligence community and to those risking their lives to help the United States. ![]() These websites, said to have operated between 20, presented themselves as harmless sources of news, weather, sports, healthcare, or other information. Bill Marczak, from Citizen Lab, and Zach Edwards, from analytics consultancy Victory Medium, subsequently examined the website and deduced that it had been part of a CIA-run network of nearly 900 websites, localized in at least 29 languages, and intended for viewing in at least 36 countries. Reuters found one of the CIA websites, iraniangoalscom, in the Internet Archive and told Citizen Lab about the site earlier this year. ![]() Also, 30 operatives in Iran were said to have been identified by Iranian intelligence, fewer of whom were killed as a consequence of discovery than in China.īlocks of sequential IP addresses registered to apparently fictitious US companies were used to host some of the websites The duo's report indicated that the system involved a website and claimed "more than two dozen sources died in China in 20" as a result of the compromise. Word of a catastrophic failure in CIA operational security initially surfaced in 2018, when Yahoo ! News reporters Zach Dorfman and Jenna McLaughlin revealed "a compromise of the agency’s internet-based covert communications system used to interact with its informants." ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |