Darknet Diaries - 75: Compromised Comms
Episode Date: September 29, 2020From 2009 to 2013 the communication channels the CIA uses to contact assets in foreign countries was compromised. This had terrifying consequences.Guests this episodes are Jenna McLaughlin ...and Zach Dorfman.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools.View all active sponsors.Sources https://finance.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html Video: Fostering Bipartisanship in Intelligence Oversight CNAS2019 https://www.mcclatchydc.com/news/nation-world/national/article28348576.html https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/ https://www.nytimes.com/2017/05/20/world/asia/china-cia-spies-espionage.html https://www.nytimes.com/2018/01/17/world/asia/jerry-lee-cia-china-mole-hunt-suspect.html https://news.yahoo.com/cia-fix-communications-system-left-trail-dead-agents-remains-elusive-100046908.html https://www.washingtonpost.com/archive/sports/1988/03/21/cuban-defector-impeaches-cia-spies/10cec17c-076b-4867-96c5-628b8435a852/ https://en.wikipedia.org/wiki/Aldrich_Ames AttributionDarknet Diaries is created by Jack Rhysider.Research assistance this episode from Yael Grauer.
Transcript
Discussion (0)
You know about this guy, Aldrich Ames?
If you were watching the news in 1994, you'd certainly hear all about him.
I'd like to say a word about the Ames espionage case and our broader interest regarding Russia.
U.S.-Russian relations were chilled early in the year when the CIA announced one of its top agents was spying for the Soviet Union and then Russia.
The burning questions in Washington, how could it have taken so long,
so long to arrest the highest ranking CIA officer ever accused of selling out to the Russians?
Aldrich Ames and his wife Maria are still, of course, the alleged spies.
But there is no doubt in Washington tonight that this is an intelligence disaster.
In short, Aldrich Ames was a CIA officer working in Langley, Virginia at the CIA headquarters.
He was responsible for Soviet counterintelligence, which means he was trying to figure out what intelligence information Russia had on the U.S.
As part of his work, he learned about the activity of CIA spies in Russia.
At first, I think he was just trying to con Russian intelligence out of some cash.
He contacted the Soviet embassy and offered them information
that I think he thought was worthless.
He asked for $50,000,
and they paid up.
And I think he felt like he pulled one over
on the Soviets.
But this crossed a line
that he wasn't able to step back from.
Any good spy agency knows
the most effective way to get someone to give you secrets is to give them money.
Aldrich was vulnerable to this.
When the Soviets reached out offering more money just to sit and have lunch, he would agree and take the cash.
And this was sometimes tens of thousands of dollars.
And soon enough, Aldrich started giving up more details in exchange for cash.
He started giving the names of the CIA spies that were assigned to the Soviet bloc.
And quickly, the spies he named were starting to disappear.
Russia was capturing and killing the CIA agents that Aldrich Ames was giving them information on.
Aldrich gave a lot of information to the Russians, which earned him $4.6 million by 1985.
Well, this money changed him.
He got cosmetic dentistry done to make his teeth look better.
He stopped wearing cheap clothes and was wearing nice suits to work.
He bought a $50,000 Jaguar and a $540,000 house, all paid in cash.
All this with an annual CIA salary of $60,000 a year.
This was suspicious.
While the CIA and FBI were investigating the deaths of the CIA agents in Russia,
they started looking into Aldrich and found enough evidence to arrest him.
He was found guilty of giving information to the Russians
and currently is serving the rest of his life in prison.
Aldrich was a trusted CIA agent, but he abused that trust.
His betrayal led to the deaths of several of his fellow agents.
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is Dark by Delete Me.
I know a bit too much about how scam callers work.
They'll use anything they can find about you online to try to get at your money.
And our personal information is all
over the place online. Phone numbers, addresses, family members, where you work, what kind of car
you drive. It's endless and it's not a fair fight. But I realize I don't need to be fighting this
alone anymore. Now I use the help of Delete.me. Delete.me is a subscription service that finds
and removes personal information from hundreds of data brokers' websites and continuously works to
keep it off. Data brokers hate them because Delete.me makes sure your personal profile is Thank you. privacy. Take control of your data and keep your private life private by signing up for Delete Me.
Now at a special discount for Darknet Diaries listeners. Today, get 20% off your Delete Me plan
when you go to joindeleteme.com slash darknetdiaries and use promo code darknet at checkout. The only
way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code Darknet at checkout. That's join delete me dot
com slash Darknet Diaries. Use code Darknet. Support for this show comes from Black Hills
Information Security. This is a company that does penetration testing, incident response,
and active monitoring to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work.
If you want to improve the security of your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand, is a teacher, and he's made it a mission
to make Black Hills Information Security world-class in security training. You can learn
things like penetration testing, securing the cloud, breaching the cloud,
digital forensics, and so much more.
But get this, the whole thing is pay what you can.
Black Hills believes that great intro security classes
do not need to be expensive,
and they are trying to break down barriers
to get more people into the security field.
And if you decide to pay over $195,
you get six months access to the MetaCTF Cyber Range,
which is great for practicing your skills and showing them off to potential employers.
Head on over to BlackHillsInfosec.com to learn more about what services they offer
and find links to their webcasts to get some world-class training.
That's BlackHillsInfosec.com.
BlackHillsInf-N-F-O-S-E-C dot com. Blackhillsinfosec.com.
Okay, so I read this news story once on Yahoo News,
and it's one of those stories that when you read it, you're like, holy cow, what? Seriously?
And I haven't been able to forget it since I read it, and I want you to hear the story too.
So I called up the two reporters who wrote the story.
My name is Jenna McLaughlin.
I'm a national security and investigations reporter for Yahoo News.
I'm Zach Dorfman.
I am a senior staff writer at the Aspen Institute.
I write the codebook cybersecurity newsletter for Axios.
And I am a national security and intelligence journalist.
Okay, so these two write about national security stuff,
stuff relating to FBI, CIA, the U.S. government,
hacks against the U.S.
Now, they've been doing this for a while
and have established quite a lot of sources
to cover stories like this,
sources that you and I do not have access to.
So for them to cover this story,
they interviewed a lot of people.
More than now, at this point, 11 former
U.S. intelligence officials and defense officials who are familiar with the matter. That's some
pretty thorough investigative work. So let's get into it. So what happened is in Iran between 2009 and 2011,
the Iranian officials were looking for a mole. They were on a mole hunt after they discovered
that the Obama administration had unearthed
a lot of information about their ongoing enrichment efforts.
And they wanted to figure out
who was leaking that information to American officials.
Right. Of course, they're looking for a mole. Because remember Stuxnet? If not, I did a whole
episode on it. It's episode 29. But Stuxnet was a cyber attack which hit the Iranian nuclear
enrichment facility in Natanz. Specifically, someone had to walk the malware into the facility
to plant it or somehow get it infected on a computer that was going to go into that facility. This facility wasn't connected to the internet and there was
no way for an American to just go in there and plant it. So Iran thought there was a double agent,
someone who worked for Iran and the U.S. This is why Iran was looking for a mole.
Yes, Iranian officials were deeply upset with a lot of the successes that had been
tied to the Americans that we now know rather more definitively was the U.S. and Israeli efforts
to compromise Natanz. So at the time, this was something Iran wanted to do to retaliate.
Now, you can probably guess the CIA and the
U.S. intelligence teams want to keep an eye on what's going on in Iran. It's an adversary of
the U.S., so it's important to know what they're up to. But since there's such an adversary,
it makes it very difficult for someone like a CIA agent to just go into Iran
and start collecting intelligence. So how does the CIA spy on Iran?
That's a great question, and also one that is still shrouded in a lot of mystery, because
obviously CIA does not have a, there's no American diplomatic facilities, right, in Iran. There
hasn't been since 1979. So unlike China or Russia, there's no such thing as official cover. You know,
you can't show up as a State Department employee and actually be CIA. Now, because there's no
diplomatic protections for Americans in Iran, this means that whatever CIA agents are in Iran,
are there illegally? They absolutely must be disguised to go in under a fake name
with a fake itinerary. You know, there's a couple of things
that you can do. One is you have somebody who can go in under business cover and potentially
communicate with sources that way inside the country. But more realistically, and from my
understanding, far more frequently, what you do is you recruit and handle people outside of the country, right?
So Malaysia, the UAE, Turkey, these are places that in the past CIA has had success in recruiting
or meeting with Iranian sources and the Iranians know this. So it's no great secret to them.
In those cases, this is one reason why using
covert communications over the internet is so valuable because you can signal to somebody,
you know, would like to meet somebody says, you know, I'm slated to be in Dubai on,
you know, July 4th. And then you do the preparatory work and you plan on meeting.
So as time went on, because denied areas are so difficult to operate in, you know, having meetings in neutral ground is where things really moved.
All right. So we should probably cover a few terms for the different types of people involved in CIA spying.
First, you have an agent. This is someone who's actually doing the spying or
espionage. The person who manages agents is called an agent handler. Information collected by an
agent is sent to the analysts. Analysts review, decode, and make sense of the information.
Then there are assets. Assets are people who live in a country that's being spied on,
and they're knowingly giving information to the enemy.
So in this case, an asset might be an Iranian citizen who meets with a CIA agent to give
them information.
Then there's also sources.
And a source is just a person with information that is willing to give to a spy, whether
they know that person is a spy or not.
Oh, and there's a targeting officer.
This person will try to identify the
people and organizations that have the critical data needed. There's obviously a lot more different
roles, but knowing these differences will come in handy during this story.
The covert communications the CIA uses fascinates me. So let's talk about that. The CIA agents need to speak with their assets in Iran,
but it has to be very secretive. So what do you do? Text messaging is totally out of the question
because it goes through the Iranian telecom companies. So that can easily be snooped.
Emails are no good because what? You're going to use Gmail or something? You're going to trust
Google for your top secret communication?
I don't think so.
Signal and Wire are great end-to-end encryption messaging apps,
but it requires you to download it, install it, and have it on your phone.
What if the asset gets their phone taken and looked through?
They'll be burned.
And the CIA can't just set up some communication server back in Langley,, for people in Iran to dial into, because that would certainly raise suspicion too.
So the CIA used something completely off the radar to communicate with their assets inside Iran.
So the way that they were described to us, and we understand them, is that they were websites that were disguised as something else, used as a portal to communicate with your handler.
So maybe you're a fan of yoga or you like to read certain books.
It would be a website about those interests, perhaps.
And you'd actually be able to log in and access the communications through that.
Very interesting.
A super secret website that looks like one thing, but is actually a CIA-backed channel.
This way, it looks like you're just on a yoga website chatting with your yoga teacher, and it looks totally normal if somebody were to walk in on you.
And you can quickly close the page when you're done.
Now, this secret comms channel was used to send all kinds of information.
It could be data uploads, it could be meets, it could be signs of life.
And I don't know if this is how this system worked in particular,
but as we've known, there are ways where there are sites that appear completely benign, but if you log into the site at a very specific time and click on a very specific pixel, for instance, all of a sudden it can open up a backdoor that allows for certain kinds of
communication. I don't know if that's exactly how it worked in this case, but there's lots of
different ways that it can work. And that was the way that, according to our understanding,
at least some of this system functioned.
And the CIA wasn't the only one using this tool.
The UK was using it too.
Yes, according to a former senior official, MI6, I believe, was using it.
And then I believe the defense clandestine services were also using it.
So the CIA has this airtight communication channel.
It has to be airtight because lives are at stake here, right?
But the problem was it wasn't airtight.
There were problems with this comms channel.
And after the break, we'll hear what those problems were.
Stay with us.
This episode is sponsored by SpyCloud.
With major breaches and cyber attacks making the news daily,
taking action on your company's exposure is more important SpyCloud. With major breaches and cyber attacks making the news daily, taking action on your company's exposure
is more important than ever.
I recently visited spycloud.com
to check my darknet exposure
and was surprised by just how much
stolen identity data criminals have
at their disposal.
From credentials to cookies to PII.
Knowing what's putting you
and your organization at risk
and what to remediate
is critical for protecting you
and your users from account takeover,
session hijacking, and ransomware.
SpyCloud exists to disrupt cybercrime
with a mission to end criminals' ability
to profit from stolen data.
With SpyCloud, a leader in identity threat protection,
you're never in the dark about your company's exposure
from third-party breaches, successful phishes,
or info-stealer infections. get your free Darknet Exposure Report at spycloud.com
slash darknetdiaries. The website is spycloud.com slash darknetdiaries.
These secret CIA comms channels had a problem.
A whistleblower from back in 2009 by the name of Reedy, he was a targeter for a contracting company.
And he was one of the people in charge of locating sources and setting up communications with them.
And his disclosure is extremely redacted, but we managed to find some sources to help us with it, who said that Reedy had identified these flaws.
John Reedy was pointing out a few serious flaws in the communications channel that the CIA was using, which he called a massive intelligence failure.
He warned that this could create a nightmare scenario. But because he, you know,
there's never a perfect whistleblower, he had a business on the side, you know, there were some other issues with his disclosures. They weren't taken seriously at the time. We don't know why
the CIA didn't take action when John Reedy spoke up. Could be too much bureaucracy in the way.
It might have meant certain people losing their job.
And also, this was a single person speaking up about this.
How much effort do you put into listening to one complaint?
For whatever reason, his cries to get this addressed were not sufficient.
And the flaws that existed in the communication channels persisted.
So, back to Iran.
They were looking for the mole who helped sabotage Natanz. And through that investigation, they found a person.
It was somebody who the U.S. thought worked for it, but was actually an Iranian agent.
This double agent knew of one secret website that was used by the CIA for covert communications and gave this information to Iran's intelligence officers.
This meant that Iranian intelligence were in the communication channels too,
watching what was being said. This was a big problem, but it was a huge discovery for Iran.
They just hacked into a secret CIA comms channel.
Once one of the websites was found,
they were able to find others, which made it so that it didn't even really need to be hacked in
the traditional sense of the word. It just needed some sort of creative Googling skills, which
most average open source intelligence technicians, but, you know, even average people now that the
hordes of Twitter are certainly capable of. Yeah, because apparently there was something in the structure of the website that connected
it to other like websites. And so what they did was once you pull that thread and you say, well,
you know, this website has certain indicators, they were able to then find other websites,
other indicators. And then from
there, right, then you're playing ball, right? Because then you can sit on those sites, see who
logs in, see the traffic, check IP addresses, do all kinds of things to try to figure out who's
using it and when. Whoa, now Iran has access to multiple covert CIA communication channels.
This is not good. This is really not good.
This means they can listen in on whatever data the CIA is getting from Iran,
what operations they're planning,
who's moving around out there,
and where people are meeting.
Where people are meeting,
Iran now knows where the CIA agents are going to be
because they're listening to the communication channels for meeting places.
So at that point, it really spiderwebbed from there.
So the Iranian officials used that information to uncover a vast network of sources within their country and abroad.
So Iran got to work.
They listened in on the channels and waited for a scheduled meet between an Iranian asset and a CIA agent.
Now, the meet might have been in Iran, or it might have been in another country.
You can let them go to Dubai and trail them in Dubai and surveil them.
And you probably want to do that, right?
Because guess what?
If you do that, then you have a body on their handler right then you have you have a photograph and then you
can then you can you can uh uh surveil their handler and then if you surveil their handler
you can maybe figure out an entire network of cia officers right and then you have somebody else
keep following the cia asset you wait for them to get back on a plane to Tehran.
They land in Tehran.
You're arrested.
That's got to be an interesting conversation.
Imagine you're an Iranian going home and the police stop you at the airport
and ask, why did you go to Dubai to meet with a CIA agent?
In Cuba, during the Cuban Missile Crisis,
CIA agents tried to recruit Cubans
to help spy on Cuba.
And the CIA thought they had a decent network of spies
in Cuba working for them.
But as it turned out, Cuba knew every time
when a CIA agent recruited a new Cuban spy.
And they would talk to this Cuban spy
and get them to work for Cuba.
As a result, all of the CIA's
assets in Cuba were actually working for Cuba. This means the counterintelligence that Cuba
collected in this time was amazingly good. So when Iran's intelligence officers saw Iranians
meeting with CIA officials, wonder what they actually did to their own Iranians.
Arrest them?
Flip them to become double agents?
Or kill them?
These are all possibilities.
So after Iran gathered enough intelligence,
it was time for them to strike.
Iran was setting up sting operations for these meetings
and started capturing
CIA assets and agents. So many people were held. They were imprisoned. Those were the lucky ones
because Iran was also killing some of these people they captured. One by one, people were disappearing, never to be seen again.
It's not clear if it was CIA agents who were killed, or officers, or handlers, or targetters,
or sources. Well, we do know that some sources were killed, and these are people who lived in
Iran and were caught giving secrets to U.S. spies. And this drastically impacted the intelligence the CIA was getting from Iran.
And it would have been tragic enough if CIA agents were killed
because of this counterintelligence.
But things got worse for the CIA.
Iran was sharing this with its allies and our adversaries.
So that information was passed along, we're told,
not only to Russia,
but also to Chinese officials. And it's not like these countries did not share intelligence information at times. But what U.S. officials started seeing was sharing on counterintelligence
information. And that was considered notable because when you start sharing that
information, it requires a greater degree of trust because you're sharing with services that
are actively spying on you. The Iranians are spying on the Chinese, the Chinese are spying
on the Iranians. And if I remember correctly, around that time, I believe a high-ranking Iranian counterintelligence official traveled to China
or vice versa. And this was seen as also a notable sign around the time that networks in both
countries were being wrapped up. So there are different theories about where the origination
point was. And again, we're talking about the wilderness of mirrors, right?
We're talking about a world where
even U.S. intelligence officials come up with,
you know, with educated theories based on partial evidence.
So, you know, take what I'm saying
as a level or two down from that.
But the consensus seems to be that
the Iranians discovered something first via a mole, or a double agent, I should say.
The Iranians ran a double agent. of that information to their Chinese counterparts, who then did even more work on breaking that
apart and using that to hunt down all the U.S. intelligence assets within China.
And that's how it really got out of control.
So at that point, China started learning the identities and locations of CIA agents who
were in China, which had chilling results.
Because once the information was passed on to Chinese officials,
that was one of the key reasons that such a large group of sources in China were killed.
And that network really has not been built up since then,
which obviously has loads of impact,
given the ongoing tensions with China and the developments happening there.
This is worse than tragic. This was a catastrophe.
So our sources told us dozens of people died because of this around the world. And I think
that that's certainly a fair estimate. I imagine in terms of people who were caught up in it, you could probably multiply that
by a couple at least, right? It's hard to fully estimate at this point just how far reaching it
was. But one figure I will mention is that in John Reedy's complaint, which while it's heavily
redacted, did include this one sentence that still is there for anyone to see, that he estimated that this would impact 70% of the CIA's global operations,
which is just a massive figure.
I don't even know what to say.
This is all so heavy for me to comprehend.
I have so many questions, like, why was this not an act of war?
Why wasn't this major news at the time when it happened?
Why are we finding out about this five years after it happened?
Why are the Iranian and Chinese governments killing their own people?
Did the U.S. cover this up?
Well, yeah, sorta, they did.
Because these agents were killed while on active duty and part of a secret mission.
And the CIA doesn't like talking about secret missions publicly.
There's a wall within the CIA headquarters with a star for its officers who've died in the line
of duty. And they have periodically declassified some of those names. Some of them are known,
some of them are published and that they've discussed, but others are not.
So it's been seven years since all this happened. What has the U.S. government done in response to this? Well, it's hard to say, since so much of what happens in the CIA is shrouded in secrecy. If you are looking for things in the public record, there was a panel
at CNOS. Former HIPC chair Mike Rogers was discussing a couple intelligence failures
that he had to deal with during his time as chairman. And he mentioned specifically
a communications failure. Okay, so I have that clip. This is Mike Rogers
speaking at CNAS, which stands for the Center of New American Security. It's a Washington-based
think tank which focuses on national security. Now, Mike Rogers was the former director of the
NSA, and he's talking about investigations he did to help the CIA. The kind of investigations we did,
we did things like Inside that didn't ever make it public for how our
sources and assets and agents communicate with each other. If you recall, we had some blips.
And so Dutch and I sat down and said, we're not putting up with this. We generated the resources
and did our own internal investigation to try to fix this problem. It was a serious problem that we thought needed to be fixed.
Hmm. That's not really specific.
All he's saying is that he investigated a communications blip in the CIA.
He could be talking about the story,
but his comments don't really confirm any of the details.
And that's the only time anyone in U.S. intelligence
has publicly acknowledged the situation. Regardless, I sure
hope they did an investigation on this. The CIA hasn't said anything publicly about this. No press
release or statement to the press. No announcements that any CIA agents were killed in this manner.
Nor have there been any indictments which might accuse Iranian or Chinese officials of killing agents.
You'll never see an indictment for any of this because the very act of validating via an indictment
shows that the Iranians and the Chinese were in fact targeting the right people.
You know, it's not, it's illegal to spy, right?
So they don't want, they don't want any further disclosure about what occurred,
why it occurred, the process behind it.
And they certainly do not want to open up
the Pandora's box of an American legal proceeding
with discovery, by the way.
I mean, so, you know, a defense attorney
would be able to theoretically dredge up some,
you know, because they have to defend their client, right?
None of that will ever see the light of day.
On top of that, the CIA really likes operating in secrecy as much as possible.
Going back many, many, many decades, CIA has had a lot of tension with DOJ over any CIA
information or sources being used for making cases in the American justice system because of the desire
to remain in the shadows. Even though the U.S. government didn't and probably won't ever mention
this, there were some news articles about it. One of the reasons that Zach and Jenna even know
about this is because of a story in the New York Times titled
Killing CIA Informants, China Crippled US Spying Operations. But there's no mention of Iran in that
story. Once Jenna and Zach saw that story, they began their own investigation to try to learn
more. And sure enough, they uncovered so much more. See, the New York Times story didn't explain
how the communication channels got hacked into.
They suspected China had cracked some encryption or that there was a mole, a U.S. CIA agent who
was giving secrets to China. And in fact, the New York Times named the mole who was suspected,
Jerry Lee. A former CIA officer was arrested this week on charges of mishandling classified
information. The FBI said that Jerry Chun-Shing Lee had in his possession notebooks that contain
names and contact information of CIA informants and agents in China. So he had this notebook of
some of the names of the informants that were captured and killed. Not all of them, just a few. Jerry Lee
was given this information to do a certain job within the CIA, but then moved to a new position
and wasn't authorized to have access to this information anymore. So he was charged with
unlawful retention of classified information. So he might have helped the Chinese identify some of these informants.
However, based on our sources' knowledge and how quickly many of these sources were rolled up,
they believe that it had a lot more to do with this technical problem. So it will be interesting,
and I think it'll be continued to study for years to come which of these failures was more to blame and how they interacted with each other and made it possible for so many sources to die.
I'm still a bit baffled that there weren't more reports in the media about the people who were killed. Well, I think that there were scattered reports
of people being killed.
There's an anecdote that is in the New York Times story
about somebody being dragged down onto the street and shot.
There is a story that I was told
from a former intelligence official
about a man and his pregnant wife
being executed on closed-circuit television
where these people's colleagues within a state laboratory or defense facility were made to watch.
That stuff has leaked out, but you have to also account for the fact that you're talking about closed societies, right?
And if you're also talking about individuals who were spying for the U.S. government who were working high up within the Iranian and Chinese national security or foreign affairs bureaucracies.
They keep a very, very tight lid of information about that, right? and they discover that you are spying for the Americans, they may or may not decide to publicize it.
But if they didn't publicize it,
it leaking out to the U.S. press would be very unusual.
While there haven't been many stories about these killings in the U.S.,
Iran has published some chilling stories about this.
Oh, they have. They have.
And that's mentioned in the story,
and that's been an interesting complication for us,
is that Iran has seized upon its successes
in killing and arresting CIA officers,
and they've done documentaries online,
they've put out press releases.
They have certainly not been quiet about it.
That's for sure.
When Aldrich Ames was discovered to be a double agent, this made big news.
President Clinton even gave a press statement talking about this.
And so I'm kind of baffled as to why Jenna and Zach's story wasn't a bigger deal.
Yeah, you're telling me.
So we wonder the same thing.
I would love to know the answer to that question, why it didn't get more attention.
I mean, Zach and I won the Gerald Ford Award for reporting on national defense for that story. We wonder the same thing. I would love to know the answer to that question, why it didn't get more attention.
I mean, Zach and I won the Gerald Ford Award for reporting on national defense for that story.
So it's been recognized in certain capacities. But I really think that it deserves a much larger public exploration of the way that the intelligence community is using its technology.
So whatever happened to that whistleblower, John Reedy, who tried to warn the CIA there was a communications of issues, but there's not enough defenses, particularly for contractors in the intelligence community, to be able to lodge complaints of
retaliation. So, I mean, his family life fell apart. He lost his job. He lost his security
clearance. And it's a story that's sadly all too familiar about people who raise concerns like this.
But did all of this result in the CIA tearing down this covert way of communicating or thoroughly
going through and fixing every problem?
We did a follow-up story on how the issue continues to plague the agency five years
later.
And the explanation that I got is that it's this complex web of interlocking technical systems and that, you know,
the sort of bureaucratic differences between the Office of Science and Technology and the Directorate of Operations has led to disagreements on how to handle the technology and where it can be deployed. And, you know, those are the kind of excuses that are presented to us,
but it really doesn't make sense that it has not been, you know, fully fortified to this point.
And I mean, at a certain level, you could get to the point where you just say,
technology is not secure. And, you know, any instance that you use, it needs to measure those
risks and those benefits. But the fact that this
kind of tool, which is clearly not secure at all, not encrypted, you know, over the open internet
was relied upon so heavily for contact with sources that, you know, there needs to be,
if there has not been already, a significant reevaluation of that process.
There's still so many unanswered questions in the story, which I think is how the CIA
wants it to stay. Spies don't like having the spotlight on them. They scurry when it shines.
So I'll just leave you with this quote from Malcolm Nance, who spent 35 years doing U.S.
intelligence. He says, for an old spy and codebreaker like myself,
nothing in the world happens by coincidence.
A big thank you to Zach Dorfman and Jenna McLaughlin for coming on the show and telling
us the story they reported on. It's amazing how they were able to find so many details on this story and publish it.
If you like this show and it brings value to you,
consider donating to it through Patreon.
By directly supporting the show, it helps keep ads at a minimum.
It helps us make the show, and it tells me that you want more.
Please visit patreon.com slash darknetdiaries and consider supporting the show.
Thank you.
Also, I'm inviting you to come join us on Discord.
It's a chat room with a bunch of other fans of the show.
It's a great place to hang out with other Darknet Diaries fans.
And sometimes there's giveaways there too.
Come join us at discord.gg slash darknetdiaries.
The show is made by me, the sleeping agent, Jack Recider.
I had some reporting assistance this episode by the super snooper, Yael Grauer.
Sound design and original music created by the always observant,
Andrew Merriweather.
Editing helped this episode by the undercover, Damien.
And our theme music is by the counterbeat,
Breakmaster Cylinder.
And even though I sometimes sit and wonder,
what time zone are people in on the moon?
This is Darknet Diaries.