CIA hacked because too many people were using an informal channel

(written by lawrence krubner, however indented passages are often quotes). You can contact lawrence at: lawrence@krubner.com, or follow me on Twitter.

The real question is, why was it easier to use the informal channel? What about the formal methods of communication were difficult?

The CIA does appear to have lucked out when it comes to Russia. The Intelligence Agency ring fences its Russian activities and the report states that intel chiefs were quick to harden up its Russian communications channel at the first sign of trouble.

But the rest of the agency had become too reliant on the system, which was originally intended to only be a temporary communications channel, and had left the relatively insecure site up far longer than intended and used it to send information that should have been reserved for more secure channels.

“It was never meant to be used long term for people to talk to sources,” the report quotes one official as saying.

“The issue was that it was working well for too long, with too many people. But it was an elementary system. Everyone was using it far beyond its intention.”

Shooting the messenger
A defense contractor for the CIA named John Reidy claims he warned the agency that it was using insecure communications systems in 2008, and again in 2010 when he started to suspect the channels had been cracked. A year later he was fired by the agency, a move he claims was retaliation for not shutting up.

“It was a recipe for disaster,” Reidy said. “We had a catastrophic failure on our hands that would ensnare a great many of our sources.”

Reidy said that he appealed to the CIA’s Inspector General and those who were supposed to be providing congressional oversight. No one did anything to sort out the issue and Reidy was sidelined and then sacked.

“This is one of the most catastrophic intelligence failures since Sept. 11,” said Irvin McCullough, a national security analyst with the Government Accountability Project. “And the CIA punished the person who brought the problem to light.

Post external references

  1. 1
    https://www.theregister.co.uk/2018/11/02/iran_cracked_cia_google/
Source