Pages

8 October 2022

On Agent Compromise in the Field

Zach Dorfman

In 2017, a team of New York Times journalists revealed that, beginning in 2010, Beijing’s counterintelligence apparatus had systematically rolled up the CIA’s sources in China. What caused the breach? The piece pointed to a potential agency turncoat — later identified as Jerry Chun Shing Lee, a former CIA operations officer — or a compromise of the agency's covert communications (COVCOM) system, the surreptitious digital means by which the agency interfaced with its assets there.

After the initial Times report, I dug into the asset roll-up in China. Many of my sources were adamant that Lee’s betrayal could not account for the extent of the agency’s losses there, if at all. They laid blame on the Internet-based COVCOM system used to communicate with the agency’s Chinese sources, characterizing the system as rudimentary and insecure. Former intelligence officials told me dozens of the U.S.’s Chinese sources had eventually been killed.

But the story went beyond China. Jenna McLaughlin and I spent months reporting on how Iranian counterintelligence had compromised a version of this same secret online COVCOM system, which relied on fake, CIA-created websites. As a result, Iranian counterintelligence extirpated the agency’s network there as well. We revealed that this breach occurred at around the same time as the one in China, and may have been the result of enhanced security cooperation between Beijing and Tehran. The breach also likely exposed and endangered any CIA asset around the world using some iteration of this system.

The technical compromises in China and Iran — and, potentially, across the globe — were an epochal disaster for the CIA and the wider U.S. intelligence community. Building robust source networks in countries led by America's authoritarian adversaries can take years. A great human source can be worth an incalculable number of technical intercepts. And in the case of China, the loss of the CIA’s network there coincided with the rise of Xi Jinping, the most powerful Chinese leader since Mao.

Last week, Reuters’ Joel Schectman and Bozorgmehr Sharafedin published an explosive, disturbing account of the long tail of Iran’s compromise of this secret communications platform. The Reuters story expands and deepens our understanding of the breach in Iran in key ways. These different stories, beginning with the Times’s, and now ending with Reuters’s, form an integrated body of work that are best absorbed in tandem. (I recommend reading them in this order.)

To their great credit, Schectman and Sharafedin actually located and analyzed the now-defunct COVCOM websites used by the CIA in Iran and elsewhere. Their reporting lays bare the agency's sloppiness: The source code for these websites — a simple click away for anyone visiting one of them — contained terms like "password" and "message," essentially screaming “secret communications platform.” The Reuters team, working with independent cybersecurity researchers, eventually identified over 350 separate CIA-authored sites used to transmit messages to agents in over 20 countries.

But, again, per Reuters, these contained fatal architectural flaws. Because U.S. intelligence officials purchased hosting services for these websites in bulk, they had sequential Internet Protocol addresses. In other words, instead of each site being compartmented from one another for security purposes, they were all easily linked together. This means that if Iran or China identified one such site, it would have been easy for them to locate others. And from there, Iranian or Chinese counterintelligence just had to see who accessed them. Whether this was, as Reuters and I separately reported, a throwaway COVCOM system or not — that is, one designed for unvetted agents or lower-priority ones — it does not reflect the level of technical ingenuity one would expect from the world’s premier all-source intelligence agency.

This is shocking reporting from the Reuters team, worthy of extended discussion in its own right. But I want to focus on another important aspect of their work: their interviews with the blown and abandoned assets themselves.

Schectman and Sharafedin spoke to half a dozen of these former Iranian CIA assets, some of whom, courageously, spoke on the record. Interestingly, not all appear to have been compromised by the agency’s faulty COVCOM system. This would seem to underscore Iran’s robust counterintelligence efforts against the U.S., and the CIA’s apparent underestimation of those efforts. (In 2018, former intelligence officials told me all of the agency's compromised China assets had eventually been executed as part of the 2010 roll-up; McLaughlin and I also reported that year that fewer blown sources were killed in Iran, with many jailed.)

As Reuters reports, some compromised Iranian assets served long prison sentences, and were subject to extensive torture and other deprivations. This makes it all the more impressive, and brave, that they — particularly those who still reside in Iran — chose to speak to Schectman and Sharafedin.

These people trusted the agency, implicitly, to take care of them. All feel abandoned by it, and by extension, the United States. Of this they have every right.

One man, an engineer sickened by the corruption and hypocrisy of the Islamic Republic, was a “digital walk-in,” volunteering his services to the CIA via an overt portal on the agency’s website. A subcontractor to a powerful state-owned conglomerate controlled by Ayatollah Khamenei’s office, he provided information relevant to Iran’s nuclear program. His use of the insecure COVCOM system appears to have led to his downfall.

Another man, a member of an Iranian paramilitary group with family links to Iran’s intelligence apparatus, physically walked into the U.S. consulate in Istanbul. He was tasked with collecting information about members of Tehran’s security services; a U.S. official in Istanbul told him to return later to the same facility. This, Reuters reports, was despite the fact that CIA knew at the time that Iranian intelligence was routinely surveilling the consulate, thereby endangering this source by asking him to return to the building.

A third man, a former Iranian government official, eventually jailed for “spying” for the CIA was, in his telling to Reuters, unwitting at best. This man, who ran a travel agency and had received a U.S. visa, visited the U.S. embassy in Dubai to try and drum up more business. Repeatedly called back to the U.S. embassy there, U.S. officials asked him to divulge increasingly sensitive information related to Iran’s aerospace industry and military, likely by a CIA officer posing as an U.S. immigration official, per Reuters. By the time he realized what he had shared—and to whom he had likely shared it — it was too late. Essentially, in his telling, entrapped, he was eventually rolled up by Iranian security services as a U.S. spy, though he says he never agreed to work for the CIA (or Iran, for that matter).

Whether these sources were compromised by a faulty COVCOM system, or more basic tradecraft errors, or by some amalgamation of deceit, callousness, and carelessness, these cases call into question the CIA's real commitment to its sources. Indeed, none of the six former agency assets identified by Reuters have been assisted by the U.S. since their release from prison, per these individuals. They were, it appears, cut loose entirely.

As Reuters notes, it can be dangerous for an intelligence agency to reach out to a blown ex-source. And in the world of counterintelligence, ex-sources can also be recruited as double agents, complicating resettlement efforts. But neither of those worries seem insurmountable or dispositive, given U.S. resources and ingenuity.

Now, an important caveat: I have known dedicated former CIA officials who have spoken of the care, respect, and obligation they felt toward their sources, and the lengths they would go to assist them. For many case officers — that is, the CIA's primary corps of spy handlers — this is a core part of their professional identity.

During the roll-up in China, for instance, a former U.S. official told me about a CIA officer who, aware that something was going terribly wrong there, organized final, assuredly dangerous, in-person meetings with agency sources. This distraught CIA officer essentially shoved wads of cash into sources' hands. This CIA officer warned them of the unfolding disaster and begged them to leave the country as fast as they could. Another source told me a story about a CIA official who, while being debriefed in Langley about the asset roll-up — and the slapdash COVCOM system — broke down in tears upon hearing that sources’ lives had been destroyed because of such obvious dereliction, of which they were previously unaware.

There are some sunnier stories out there, too. I know of a KGB defector who developed a decades-long friendship with his former handlers in U.S. intelligence. Those former officials felt a special bond and responsibility to this man, and wanted to help him navigate life in America.

But I don’t want to oversell this point, either. By its nature, the world of espionage is steeped in the sordid aspects of human experience, exploiting people’s vulnerabilities for narrow informational gain. That doesn’t mean it isn’t necessary or legitimate work, a key tool of modern statecraft.

Indeed, many former CIA officials have a decidedly pragmatic and amoral conception of their profession. Bad things happen when you spy, or recruit others to do so. You do what you do for a higher purpose, even if intermediary steps can sometimes stretch the boundaries of propriety (or even legal niceties). And yes, sometimes assets get compromised, jailed, even killed. I had a conversation once with a former senior CIA official with experience in Iran issues who had an almost naturalistic view of recurring asset losses there over the years: for him, it was a built-in, cyclical feature of the work and environment, like the denuding of deciduous forests every fall.

This is the heart of the matter. What can be explained away as the inevitable, if lamentable, byproduct of the deep structure of the intelligence profession? And when do individuals, and institutions, begin to bear responsibility for a preventable tragedy, one that led to the death and ruin of individuals who risked everything to spy for the United States?

Since I started reporting on this story years ago, I have occasionally asked former U.S. officials if they knew whether any individuals within the CIA or across the wider U.S. intelligence community had been held responsible for the COVCOM disaster. I don’t claim perfect knowledge, but I haven’t heard of a single instance of someone suffering professional, let alone legal, consequences for their negligence. (The CIA declined to comment.) Quite the opposite. In fact, as Jenna McLaughlin and I reported, it appears that a former CIA contractor, John Reidy, who blew the whistle on the faulty COVCOM system, was punished for speaking up. (The House and Senate Intelligence committees convened extensive, contentious, closed-door meetings on the asset losses in China and Iran, as McLaughlin and I reported. But that is the bare minimum one would expect in a catastrophe of this magnitude.)

Accountability is one of those words that gets thrown around a lot in journalism. We think it dignifies our profession, gives it the moral bearing that justifies our work, even — especially — when reporting on sensitive subjects. But here, it truly matters. Without accountability, avoidable disasters in America’s intelligence community will be treated as inevitabilities. Secrecy is inextricable from spycraft. But it can also provide a powerful tool for officials to evade responsibility. That may redound to a more powerful intelligence bureaucracy, but it is both morally self-defeating and, ultimately, detrimental to national security.

As the Reuters article shows, these Iranian assets deserved — and still deserve — better. The CIA deserves to be better. And the American people deserve a better CIA. A just legacy of a dismal era would be for America’s appointed guardians to labor, however imperfectly, toward all three.

No comments:

Post a Comment