The following is from http://www.salon.com/2015/09/26/how_to_explain_the_kgbs_amaz... and describes the way the Russians implemented SELECT * WHERE CIA FROM EMBASSY_EMPLOYEES: "differences in the way agency officers undercover as diplomats were treated from genuine foreign service officers (FSOs). The pay scale at entry was much higher for a CIA officer; after three to four years abroad a genuine FSO could return home, whereas an agency employee could not; real FSOs had to be recruited between the ages of 21 and 31, whereas this did not apply to an agency officer; only real FSOs had to attend the Institute of Foreign Service for three months before entering the service; naturalized Americans could not become FSOs for at least nine years but they could become agency employees; when agency officers returned home, they did not normally appear in State Department listings; should they appear they were classified as research and planning, research and intelligence, consular or chancery for security affairs; unlike FSOs, agency officers could change their place of work for no apparent reason; their published biographies contained obvious gaps; agency officers could be relocated within the country to which they were posted, FSOs were not; agency officers usually had more than one working foreign language; their cover was usually as a “political” or “consular” official (often vice-consul); internal embassy reorganizations usually left agency personnel untouched, whether their rank, their office space or their telephones; their offices were located in restricted zones within the embassy; they would appear on the streets during the working day using public telephone boxes; they would arrange meetings for the evening, out of town, usually around 7.30 p.m. or 8.00 p.m.; and whereas FSOs had to observe strict rules about attending dinner, agency officers could come and go as they pleased." I read the book. When a CIA agent's cover was blown, the CIA had a spare care and apartment and the agent's replacement needed just that, so they tended to reuse the car and apartment. And wondered why the replacement was then identified so quickly.
So. After that long digression, here comes a hypothesis: Organisations that can keep their mistakes secret, can make themselves seem much more capable than other, similarly large organisations.
At the University of Maryland, our network access was through the NSA's "secret" MILNET IMP 57 at Fort Mead. It was pretty obvious that UMD got their network access via NSA, because mimsy.umd.edu had a similar "*.57" IP address as dockmaster, tycho and coins.
Whenever the network went down (which was often), we had to call up a machine room at Fort Mead and ask them to please press the reset button on the box labeled "IMP 57". Sometimes the helpful person who answered the phone had no idea which box I meant, so I had describe to him which box to reset over the phone. ("Nope, that didn't work. Try the other one!" ;) They were even generous enough to issue us (CS department systems staff and undergrad students) our own MILNET TACACS card.
On mimsy, you could get a list of NSA employees by typing "grep contact /etc/passwd", because each of their courtesy accounts had "network contact" in the gecos field.
Before they rolled out TACACS cards, anyone could dial up an IMP and log in without a password, and connect to any host they wanted to, without even having to murder anyone like on TV:
Holy shit. I can't believe some of what I just read. Although it appears this was in the late 80's, so I suppose it makes more sense factoring that in.
In the book “The Cuckoos Egg”, the author describes how the hacker penetrating his networks was using it to access military networks. That was in the 80’s as well I believe.
I found this handy how-to tutorial guide for "Talking to the Milnet NOC" and resetting the LH/DH, which was useful for guiding the NSA employee on the other end of the phone through fixing their end of the problem. What it doesn't mention is that the key box with the chase key was extremely easy to pick with a paperclip.
Who would answer the Milnet NOC's 24-hour phone was hit or miss: Some were more helpful and knowledgeable than others, others were quite uptight.
Once I told the guy who answered, "Hi, this is the University of Maryland. Our connection to the NSA IMP seems to be down." He barked back: "You can't say that on the telephone! Are you calling on a blue phone?" (I can't remember the exact color, except that it wasn't red: that I would have remembered). I said, "You can't say NSA??! This is a green phone, but there's a black phone in the other room that I could call you back on, but then I couldn't see the hardware." And he said "No, I mean a voice secure line!" I replied, "You do know that this is a university, don't you? We only have black and green phones."
Date: Thu, 11 Sep 86 13:53:45 EDT
From: Steve D. Miller <steve@brillig.umd.edu>
To: staff@mimsy.umd.edu
Subject: Talking to the Milnet NOC
This message is intended to be a brief tutorial/compendium of
information you probably want to know if you need to see about
getting the LH/DH thingy (and us) talking to the world.
First, you need the following numbers:
(1) Our IMP number (57),
(2) Mimsy's milnet host address (26.2.0.57),
(3) The circuit number for our link to the NSA
(DSEP07500-057)
(4) The NOC number itself (692-5726).
Second, you need to know something about the hardware. There
are three pieces of hardware that make up our side of the link:
the LH/DH itself, the ECU, and the modem. The LH/DH and the
ECU are the things in the vax lab by brillig; the ECU is the
thing on top (with the switches), and the LH/DH is the thing
on the bottom. The normal state is to have the four red LEDs
on the ECU on and the Host Master Ready, HRY, Imp Master Ready,
and IRY lights on at the LH/DH. If these lights are not on,
something is wrong. If mimsy is down, then we'll only have some
of the lights on, but that should fix itself when mimsy comes up.
Some interesting buttons or switches on the ECU are:
reset - resets something or another
stop - stops something or another
start - restarts something or another
local loopback -- two switches and two leds; you may need
to throw one or the other of these if the NOC asks
you to. These loopback switches should be distinguished
from those on the modem itself.
remote loopback -- like local loopback, but does something else.
The modem is in the phone room beside the terminal room (rm.
4322, if memory serves). It can be opened with the chase key from
the key box...but if someone official and outside of staff asks
you that, you probably shouldn't admit to it. It has a switch on
it, too; it seems that switch normally rests in the middle, and
there's a "LL" setting to the left which I assume puts the modem in
local loopback mode.
Now that you have some idea of where things are, call the NOC.
Identify yourself as from the University of Maryland, and say that
we're not talking to the outside world. They will probably ask for
our Milnet address or the number of the IMP we're connected to,
and will then poke about and see what's happening. They will ask
you to do various things; ask if you're not sure what they mean,
but the background info above should help in puzzling it out.
Hopefully, this will make it easier to find people to fix
our net problems in the future; it's still hard to do 'cause
we have so little info (no hardware manual, for example),
but this should give us a fighting chance.
-Steve
To: fair@ucbarpa.berkeley.edu (Erik E. Fair)
Cc: ucdavis!ccohesh@ucbvax.berkeley.edu, Hackers_Guild@ucbvax.berkeley.edu
Subject: Re: a question of definition
Date: Thu, 29 Jan 87 12:29:36 PST
From: Milo S. Medin (NASA ARC Code ED) <medin@orion.arpa>
Actually its:
SCINET -- Secret Compartmented Information Net (if you don't know what
compartmented means, you don't need to ask)
DODIIS -- DoD Intelligence Information Net
The other stuff I think is right, at least without me looking things
up. I probably shouldn't have brought this subject of the secure part
of the DDN up. People like being low key about such things...
Erik, all the BBN gateways on MILNET and ARPANET currently comprise
the core, not just mailbridges. Some are used as site gateways, others
as EGP neighbors, etc... And just because you are dual homed doesn't mean
you get a mailbridge. And the IETF doesn't deal with low level stuff
like that; DCA does all that. In fact, the reason we are getting an
ARPANET PSN is because when DCA came out to do a site survey, they
liked our site so much they asked if they could put one here! It's
amazing how many sites have tried to get ARPANET PSN's the right
way and have had to wait much longer than us... BTW, since we are
dual homed (probably a gateway with 2 1822 interfaces in it), we
are taking steps to be sure that people on ARPANET or MILNET can't
use our gateway to bypass the mailbridges. The code will be hacked
to drop all packets that aren't going to a locally reachable network.
BARRNet, even though its locally reachable, will be excluded
from this however, since the current procedural limitations call for
not allowing any BARRNet traffic to flow out of BARRNet to MILNET
and the reverse. NASA traffic of course can traffic through BARRNet,
and even use ARPANET that way (though that's not a big deal when
we get our own ARPANET PSN). That's because only NASA is authorized
to directly connect to MILNET, not UCB or Stanford, etc...
DCA must have the ability to partition the ARPANET and MILNET in
case of an "emergency", and having non-DCA controlled paths between
the nets prevents that. There was talk some time ago about putting
explosive bolts in the mailbridges that would be triggered by
destruct packets... That idea didn't get far though...
The DDN only includes MILNET,ARPANET,SCINET,etc... Not the attached
networks. If it did, you'd need to file a TSR to add a PC to your
local cable. A TSR is a monstrous piece of paperwork that needs to
be done anytime anything is changed on the DDN... Rick knows all
about them don't you Rick?
The whole network game is filled with acronyms! I gave up trying
to write documents with full explainations in terms long ago...
I have yet to see a short and concise (and correct) way of describing
DDN X.25 Standard Service for example... That's probably one of the
harder things about getting into networking these days. We won't
even talk about Etherbunnies and Martians and other Millspeak...
Milo '1822' Medin
There were rumored to be "explosive bolts" on the ARPA/MILNET gateways (whether they were metaphorical or not, I don't know).
Here's something interesting that Milo Medin wrote about dual homed sites like NSA and NASA, that were on both the ARPANET and MILNET:
To: fair@ucbarpa.berkeley.edu (Erik E. Fair)
Cc: Hackers_Guild@ucbvax.berkeley.edu, ucdavis!ccohesh@ucbvax.berkeley.edu
Subject: Re: a question of definition
Date: Thu, 29 Jan 87 15:33:35 PST
From: Milo S. Medin (NASA ARC Code ED) <medin@orion.arpa>
Right, the core has many gateways on it now, maybe 20-30. All the LSI's will
be stubbed off the core however, and only buttergates will be left after
the mailbridges and EGP peers are all converted. Actually, I think DARPA is
paying for it all...
Ames is *not* getting a mailbridge. You are right of course, that we could
use 2 gateways, not just 1 (actually, there will be a prime and backup anyways),
and then push routing info appropriately. But that's anything but simple.
Firstly, the hosts have to know which gateway to send a packet to a given
network, and thus have to pick between the 2. That's a bad idea.
It also means that I have to pass all EGP learned info around on the
local cable, and if I do that, then I can't have routing info from
the local cable pass out via EGP. At least not without violating
the current EGP spec. Think about it. It'd be really simple to
create a loop that way. Thus, in order to maximize the use of both
PSN's, you really need one gateway wired to both PSN's, and just
have it advertise a default route inside. Or use a reasonble IGP,
of which RIP (aka /etc/routed stuff) is not. I'm hoping to get
an RFC out of BBN at this IETF meeting which may go a long way in
reducing the use of RIP as an IGP.
BTW, NSA is an example of a site on both MILNET and ARPANET but without
a mailbridge...
There is no restriction that a network can only be on ARPANET or MILNET.
That goes against the Internet model of doing things. Our local
NASA gatewayed nets will be advertised on both sides. The restriction
on BARRNet is that the constituent elements of BARRNet do not all
have access to MILNET. NSF has an understanding with DARPA and
DCA that NSFnet'd sites can use ARPANET. That does not extend to
the MILNET. Thus, Davis can use UCB's or Stanford's, our even NASA's
ARPANET gateways, with the approval of the site of course, but
not MILNET, even though NASA has MILNET coverage. Thus we are required
to restrict BARRNet routing through our MILNET PSN. If we were willing
to sponsor UCB's MILNET access, for some requirement which NASA
had to implement, then we would turn that on. But BARRNet itself will
but cutoff to MILNET (and probably ARPANET too) at Ames, but not
cut off to other NASA centers or sites that NASA connects. There is
no technical reason that prevents this, in fact, we have to take
special measures to prevent it. But those are the rules. Anyways,
mailbridge performance should improve after the conversion, so
UCB should be in better shape. And you'll certainly be able to
talk to us via BARRNnet... I have noticed recently that MILNET<->
ARPANET performance has been particularly poor... Sigh.
The DCA folks feel that in case of an emergency they may be
forced to use an unsecure network to pass certain info around. The
DDN brochure mentions SIOP related data for example. Who knows,
if the balloon goes up, the launch order might pass through Evans
Hall on its way out to SAC... :-)
Milo
My understanding is that official cover is more a matter of politeness than secrecy. An embassy employee is obviously a foreign agent in some capacity. The real game is preventing the host country from discovering links between official-cover and non-official-cover agents, since the latter group’s affiliation is actually secret.
> The CIA does appear to have lucked out when it comes to Russia. The Intelligence Agency ring fences its Russian activities and the report states that intel chiefs were quick to harden up its Russian communications channel at the first sign of trouble.
Your post makes a lot of sense for that above line in the article. Maybe Russia would rather keep tabs on them as known-people rather than murder them. China seemed to have taken it personally, which is ironic given their vast purported corporate espionage spy networks.
Those described in the above comment were US nationals in Russia operating under diplomatic cover, and are not subject to Russian law. They would be deported. Russian nationals working for the CIA would not be found by that search.
The agents in the story were Chinese/Iranian/etc. nationals working for the CIA. They had no diplomatic protection, which is why they were killed.
Do you mean that the people who were careless with one group would be careful with the other? That the people who issued one car model to the real cultural attachés and another model to the CIA agents would be very careful about the agents who risk their lives?
Also possible corrupt, Aldrich Ames was living way beyond his means for a decade before he got caught. And the CIA knew it. My assumption has been the CIA turns a blind eye when it's high level agents pass information to 'friendly' governments and corporations, and so were gobsmacked when they found Ames was selling critical information to the Soviets. Which is itself deranged and stupid.
Totally true. That Fogle guy was standing out like a white crow among the rest of the "geriatric ward" that US embassy in Russia was.
Moreover, to a Russia person, it would be totally unbelievable that such pipsqueak could get to the position of a "third secretary" of anything in his short, only 5 years long career.
Software projects that can keep the implementation details (and bugs) of their security secret, can make themselves seem much more secure than other, similarly large projects.
There's a book already, https://isbn.nu/0374536279. It's dreadful. Well, the book is good, even great. What's dreadful is the mistakes one can commit when the consequences are secret.
The CIA would send a 35-year-old spy out with a cover job that only accepted applicants up to the age of 28, and then send a polite letter to the Russians informing them of his arrival. Meanwhile there was a giant search for the mole at CIA HQ, because there had to be one, how else would the Russians unmask so many agents so quickly?
Although I personally don't find this type of humour funny
I can understand why beginners use it. However, if you are going to use it, please make an effort and get it right. In your attempt to showing off, you're just showing you don't know basic SQL.
The question is, why did they need an informal communication channel? What made this easy, and why was using a correct channel considered too difficult? Maybe Edward Tufte will write about this someday, as this might be another example where user interface design ended up having a big impact on world history (Tufte has written about John Snow using a clever map to end the cholera epidemic in London in 1853 and the Challenger shuttle disaster of 1986, the launch being allowed partly because the engineers from Thiokol were not able to present their information in a comprehensible way).
The article says:
"But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels. "It was never meant to be used long term for people to talk to sources," the report quotes one official as saying."
So why did it last so long? What did it offer that the more official channels did not? What kept the agency from developing technology that might have allowed better protected communication channels that might have also been easy to use?
Protected communication is not a sideline for the CIA, it is the core competency. This is something the CIA is supposed to be good at.
I always fight temporary solutions because there is a perception that one does not need to be as rigorous with temporary solutions. Then there is no sense of urgency for a replacement because this one works, it becomes a "technical debt", a "nice to have", and never gets fixed. In some cases, lack of rigour is the one functionality everybody loves that cannot be removed (security vs convenience).
> The question is, why did they need an informal communication channel? What made this easy, and why was using a correct channel considered too difficult?
My understanding is that this channel was used for "un-vetted" sources, which I take to mean sources the CIA didn't yet fully trust with their main communications systems. I'm sure they're constantly approached by double-agents looking for information about how they communicate with their sources, so they need more "throwaway" systems for people who potentially could be double agents to use.
A Greek saying goes: Ουδέν μονιμότερον του προσωρινού. (There is nothing more permanent than the temporary)
I keep thinking about it when building out information system architectures, especially ones that interface with end users. Bad design is metastatic and unbelievably hard to get out of. Whatever the cost of reversing a bad design decision you have in mind, 10x it and you still might not be truly there.
>So why did it last so long? What did it offer that the more official channels did not? What kept the agency from developing technology that might have allowed better protected communication channels that might have also been easy to use?
It hadn't been broken, so why bother? Sure one of our employees is telling us that it's dangerously insecure, but if its so bad why hasn't it been compromised?
And this is eight years after the largest HIPAA violation ever (at the time) at NY Presbyterian suffered because a physician programmer was allowed to take down a firewall and Google started indexing patient records.
https://www.businessinsider.com/new-york-presbyterian-columb...
I always like to think of the counter case, but note, this is pure speculation. Could the CIA have planted a fake insecure communications system in order to execute key players in Iran's nuclear program? It would be a force-amplifying move. Instead of having 15 spies, you could have 1 (the double agent in this case) who reveals the fake communications network, that in turn takes numerous other players off the board.
This is a pretty absurd connection that has zero evidence to back it up. It's an extraordinary claim so where's the actual evidence of it? Your NY Times story simply talks about the Chinese spies and doesn't actually prove what you said.
So from the FWIW... what is it worth? It doesn't really seem like it's worth anything so why mention it?
You want proof that’s what happened or that’s what Q said? I can provide proof that Q said something but not that it’s true LOL. I thought was just an interesting corollary. It’s not hard to find what Q has said. It’s all in one place https://qmap.pub
I'd like proof of the connection to which you are implying happened in your original statement. And I don't think corollary means what you think it means. A corollary is something that is a natural progression from one thing to another. Two things that go hand in hand and what you said does not in any way match that. It couldn't be farther from a corollary. What you said is an absurd conspiracy theory that invents a connection out of whole-cloth and discussing it without calling it out as such (as you did in your first comment, and as you appear to be ignoring in this comment with a laugh) is extremely dangerous.
It's the same as saying 'Lot's of people are saying X' where X is a crazy thing and then just going on about your way. You are basically stating the X and giving it credence but pretending not to with a 'FWIW.'
It's really not worth engaging in a discussion and answering disingenuous questions from someone who believes and traffics in conspiracy theories, especially those as ridiculous as the ones you believe and parrot.
You replied to an earnest request for proof of your extraordinary, outrageous, and false claims with a derailing question instead of any proof.
So don't expect an answer to your question, because you don't deserve one. You've thoroughly disqualified yourself from participating in a legitimate discussion with adults.
And "I don't actually believe conspiracy theories myself, I just spread them" is an even worse excuse for your dangerous, intellectually dishonest misbehavior.
It’s easy to target poor security as the culprit, but it seems another root cause is such bad UX of official, secure communication channels that drove these agents to chat in this alternative, vulnerable system.
Just as a river follows the path of least resistance, so too will users follow the best UX software. Bad UX kills.
UX can't provide security. It can only provide better UX.
Security is a spectrum from convienent/useful to secure. They are mutually exclusive characteristics.
Perfect UX won't remove inconvience of having to preaarange deliver of one time pads, biometric twofactor auth, waiting out of band confirmation of your identity, etc.
All of those can have horrible UX on top of the inconvienence. But even with perfect UX they will never be frtionless as being able to use any device, on any network, using any app/OS, to post on a useless/passwordless site.
As an example. Having the internet searchable is useful, us convienent. But it reduces security because of its convienence.
This breach would not have happened without that convienence.
UX could have made it easier to remember to robots file. So could process, or review or other security practices. But no UX is gonna solve fact that internet is insecure due to its convienence.
The internet can never be secure. At best you can get lower levels of insecurity.
So, security is intrinsically difficult for an organization to get right, because the learning landscape is not continuous. You don't have gradually increasing costs from going in a particular direction; you have apparently zero costs, maybe even rewards, from going in that direction until suddenly OMFG WE HAVE A PROBLEM! This is hard for any machine learning algorithm to deal with, and it is hard for individuals to deal with, and so no surprise that it is hard for organizations to deal with. Lax security, in most cases, yields zero apparent costs until suddenly it is very expensive.
All of which is outweighed by the fact that dealing with this kind of thing is the CIA's reason for existence as a separate intelligence agency, outside of the military (since Pearl Harbor). I am not at all convinced that we would be doing worse to fold intelligence back into the military as it was pre-WWII, because having a culture that understands this kind of problem is the CIA's whole purpose for being separate, and it doesn't seem to have worked.
This incident is now used to as part of a collective PR case for military action in Iran.
Earlier articles [0] on this CIA failure points to China breaking the network. Which is odd now that it’s used to make the case against Iran.
Bit of a mis-leading headline considering the article states:
"After a double agent showed Iran's government one of the sites, they were then able to use Google to identify other sites the intel agency was using and began to intercept communications."
One of my favorite pastime activities: googling for certain unsecured automation systems and messing around with them. They can be found with zero false positive rate thanks to an obvious misspelling on the login page. There's no need to resort to inurl, intitle and similar modifiers that trigger the captcha almost every time.
Basically, an internal mole leaked the network, which the Chinese then exploited to roll up the agents. It's not like China just stumbled upon it, they were tipped off. While the nature of the platform didn't help, the roll up was caused by a double agent.
I've always thought that the CIA was completely incompetent, but I've never seen more conclusive evidence than this. I've never worked with anyone so flippant about security, but no one should ever expose secrets without proper auth. I won't even expose user address without cert or password auth. It just goes to show you that the old adage is true: if you are a completent programmer you don't end up in government.
> But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels.
there are couple things come to mind in that context - that story of Iran MITM-ing HTTPS using a small CA they either hacked and/or acquired and Siemens spying software/hardware at Iran's telcos.
> A defense contractor for the CIA named John Reidy claims he warned the agency that it was using insecure communications systems in 2008, and again in 2010 when he started to suspect the channels had been cracked. A year later he was fired by the agency, a move he claims was retaliation for not shutting up.
strongbox.gov is needed to protect people with brains from being strong-armed by management without brains:
They made websites for fake companies offering job and visa opportunities. People would reply and end up recruited. I'm not sure how exactly they used it for further communication though.
"But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels."
It seems like these issues are rarely solely due to unilateral technical incompetence; there's often at least one person who sees the true risk, tries to communicate the risk, and gets completely ignored. The Challenger disaster had several Thiokol engineers express major concerns in vain; this disaster had John Reidy (supposedly):
>A defense contractor for the CIA named John Reidy claims he warned the agency that it was using insecure communications systems in 2008, and again in 2010 when he started to suspect the channels had been cracked. A year later he was fired by the agency, a move he claims was retaliation for not shutting up.
>“It was a recipe for disaster,” Reidy said. “We had a catastrophic failure on our hands that would ensnare a great many of our sources.”
The person who could actually save the day and prevent the catastrophe gets ignored, marginalized, and/or fired. The people who were involved in the original disastrous decision keep moving up in the organization and usually keep their jobs after the catastrophe. So it's not like these organizations are lacking smart people: their institutional and bureaucratic incompetence just prevents those people from doing their job properly.
Maybe (much) spy work isn't quite the serious business the national security apparatus would have us believe?
I mean, it's obviously serious business to the people taking risks and doing the work on the ground, I'm talking about it actually being useful to the nation.
Totally agree. While they do get a few wins, I wonder what's the ROI when you take all the failures and waste of resources into account. My guesstimate is not much but like other useless government programs, it hires a lot of people so nobody dares questioning it.
> Totally agree. While they do get a few wins, I wonder what's the ROI when you take all the failures and waste of resources into account.
Very far into positive territory, I'd imagine. Most day-to-day intelligence work probably doesn't have much effect, but every once in awhile they probably get a big win that's so massive that it justifies all the effort.
I have an working theory that as an organization the CIA thinks it can 'win' via various cunning skulduggery. But the world doesn't really work that way.
Like this, France in 1700 wasn't powerful because it's king and ministers were geniuses, it's military competent. It was powerful because it's agriculture could support 20 million peasants.
>Maybe (much) spy work isn't quite the serious business the national security apparatus would have us believe?
Well,... the saying is "Allen Dulles was much of a clown first, politician second, and serviceman the third."
Regarding US foreign intel service: when something the size and budget of CIA does recon, something useful will come out of it regardless of how lame is their tradecraft.
My experience in the military was: Momentum, or as we called it in the Army “violence of action”. We may make a mess of everything we (the government) touch but we’re big and we still move really fast (comparatively). I saw first hand how many nations militaries (I assume their intelligence services are similar) are way more fucked up and incapable of moving to action. It’s not that we’re so good, it’s just that we have a, relative, bias for action. In battle at least, momentum makes up for a lot, including terrible plans.
The answer’s pretty simple. For the most part, no matter what their field, most people aren’t outstanding at their jobs. They do enough to get by but they’re not exceptional.
This is true throughout the world. America has average spies and Russia has average people trying to catch them.
My comment was that no matter the job, most people are average at the work they do, not exceptional. Not anything about difficulty in getting those jobs.
I agree that each position may require different attitudes but I think it’s interesting to think how this situation might have been avoided if more people who were digitally Inclinded (fang applicants ) equally were applying to these positions
I look at it more if you're smart enough to do either, which one pays way more, has better perks, doesn't require full lifestyle polygraph with a 10 year background investigation, or drug testing?
There wasn't too much technology that allowed you to blow off your entire CIA agency leg that long ago. Someone's inevitably going to screw up if you put this much valuable intel into a single system where the users and even the operators don't fully understand it. Technology can definitely amplify the damage from incompetence.
Why kill spies? I would think turning local spy in to double agent would be far more beneficial. Or at least feed them wrong information you want. Killing spies simply replaces them.
The second you go after anyone using the communication channel it's fairly likely the entire channel will shut down or change so you're much better off moving quickly on everyone you identify than leaving them out where they might disappear. This is especially true since the information China used was provided by Iran - so was very likely to leak sooner or later. Once you've rounded up all the spies it's up to the government what to do, but either they can trade them, imprison them or kill them and I guess this time they decided it was best to just send a message.
Or it was intentionally left vulnerable with names of people the CIA wanted dead in Iran?
If I were the CIA and I wanted a few of Iran's top nuclear scientists killed, I'd just make it seem like they were working for the CIA and let Iran's counterintelligence do the work for me.
That would still be a pretty dumb move in itself - nobody would want to work with anyone who claims to have CIA connections not even for vast amounts of bribery.
I know that countries with less than stellar records of civil rights don't care too much about due process but the not a violent complete moron thing to do would be to ask questions before shooting - namely being sure that they actually are spies or traitors and investigate the claims. For one it could point out peripheral connections down the chain and you know make sure that you aren't getting 'spies lists' of anyone who is close to finding the actual spy.
Granted in that sector it seems that there isn't a scarcity of violent immoral morons even in the west given a love for torture among the CIA. Given the known effects pushing torture is really saying a few things: They want to be able to fool themselves by hearing exactly what they want to hear. They want their foes to fight to the death like a cornered rattlesnake - putting their last breaths in killing as many as possible in the face of insurmountable odds. Finally they want no mercy shown to them if captured.
There are no words for that except evil and stupid - their deaths will not be mourned no matter how horrific because they deserve it and the world will be better off with their passing. I guess that means that the CIA really may be that stupid which isn't a surprise given their real goal with Castro appears to have been to make him as assassination resistant as possible.
The following is from http://www.salon.com/2015/09/26/how_to_explain_the_kgbs_amaz... and describes the way the Russians implemented SELECT * WHERE CIA FROM EMBASSY_EMPLOYEES: "differences in the way agency officers undercover as diplomats were treated from genuine foreign service officers (FSOs). The pay scale at entry was much higher for a CIA officer; after three to four years abroad a genuine FSO could return home, whereas an agency employee could not; real FSOs had to be recruited between the ages of 21 and 31, whereas this did not apply to an agency officer; only real FSOs had to attend the Institute of Foreign Service for three months before entering the service; naturalized Americans could not become FSOs for at least nine years but they could become agency employees; when agency officers returned home, they did not normally appear in State Department listings; should they appear they were classified as research and planning, research and intelligence, consular or chancery for security affairs; unlike FSOs, agency officers could change their place of work for no apparent reason; their published biographies contained obvious gaps; agency officers could be relocated within the country to which they were posted, FSOs were not; agency officers usually had more than one working foreign language; their cover was usually as a “political” or “consular” official (often vice-consul); internal embassy reorganizations usually left agency personnel untouched, whether their rank, their office space or their telephones; their offices were located in restricted zones within the embassy; they would appear on the streets during the working day using public telephone boxes; they would arrange meetings for the evening, out of town, usually around 7.30 p.m. or 8.00 p.m.; and whereas FSOs had to observe strict rules about attending dinner, agency officers could come and go as they pleased." I read the book. When a CIA agent's cover was blown, the CIA had a spare care and apartment and the agent's replacement needed just that, so they tended to reuse the car and apartment. And wondered why the replacement was then identified so quickly.
So. After that long digression, here comes a hypothesis: Organisations that can keep their mistakes secret, can make themselves seem much more capable than other, similarly large organisations.