Has anyone decompiled the .jar files used for covert communication? Would be quite interesting to see how they work.
On another note it is easy to shame the CIA for making such a basic mistake as using subsequent IP numbers/same file layouts on sites. Of course they should be, but funnily enough mistakes such as these happen in every intelligence service.
As example would be the Russian military intelligence (GRU/GU) who have for years sent agents abroad with fake/cleaned Russian passports. Only problem being of course that the passport numbers were sequential and as in the case of the CIA websites, if you identified one agent and his passport, you could look up the next ones in line on databases and identify all the other active agents as well.
The US government had its own issues faking Soviet passports — Soviet staples were made of regular steel but US staples were made of stainless steel, so a genuine Soviet passport would have rust stains in it while a fake passport made by the US would not.
> Has anyone decompiled the .jar files used for covert communication? Would be quite interesting to see how they work.
I took a very cursory look, since they are obfuscated and reading obfuscated code sucks. I see swing (gui) drawing code, a few references to flash and activex, as well as code to load rsa and look for a program do to encryption/decryption: PGP, OpenPGP, CFB, OFB, SIC, GTCR. And a bit of url loading. So, probably nothing one didn't expect: It receives message over a network connection and uses these programs to decypher them, then shows it .. I don't know? directly in the gui probably. And the other way around.
But that's really just me looking for ten minutes. I could also be wildly off the mark here.
People seem to have been killed by this CIA mistake. If it wasn't actually a mistake, but purposefully putting people in danger to protect others, I don't know who would ever agree to be a mole for them in the future
As history has shown over and over (and thats just cases which surfaced, most did not and will not), its a stupid idea in all situations.
The cases where people walk away unscathed and achieve some proper good instead of long bad prisons, torture or outright execution are miniscule. You can be sacrificed by some bureaucrat which has lower intelligence than you, doesnt care a bit, is corrupt or just treats you as a pawn in some bigger game.
Greater good my ass, its almost never the case, its rather one of above.
Thats why they always go for desperate people, who they manipulate, extort, threaten to harm families etc. Normal balanced well off folks have no business with such, you can only lose.
Lots of operations put small amount people in danger in order to protect a larger group, that's essentially the whole idea behind police, military, special forces and related groups.
People become moles for the greater good, usually, or protection. Sometimes it works out, sometimes not.
It's the opposite, the folks willing to become moles for the US are usually the most corrupt and least scrupulous of their cohort. Or at least that's the common sentiment in the bureaucracy of every Asian country I've heard of.
For example, rumours in the grapevine suggest that by 2013 all the efforts of the various agencies combined managed to plant a grand total of 1 mole into the State Council of China.
That's after 40 years of trying since the CIA office in Beijing was established, and likely hundreds of billions spent trying to secure promotions, favours, pay bribes, etc. Allegedly, the CIA had kept index cards on every prospective career official in China, and the filing cabinets took up a football pitch of floorspace.
This amounted to nothing pretty soon after, which would explain the geopolitical movements since.
We have no element to let us think that the actual active capabilities are any better than that. Do you know any elite who goes working for agencies? How can they remain elite if they don’t write on their work, share it with others, recoup best practices during conferences, etc.?
I've no idea how to interpret your comment in way that isn't bizarre. You seem to state you think competitive advantage in intelligence activity - and in military activity for that matter, as they are deeply intertwined - doesn't exist.
And that the reason it doesn't is because everyone involved has to constantly leak and brag all their confidential secrets out in the open so they will be considered hireable by other agencies tasked with secret-keeping?
Elites that stay elite do so by remaining understated, basing the majority of their reputation on the results of their work, and only sharing their techniques when they know they are in the right crowd.
If the internet knew, it wouldn’t be an elite op anymore.
Even more silly to me is that certain Russian operatives had accounts on Russian social media under their real name, with profile pic and everything. So once under suspicion it was embarassingly easy to confirm who they were.
One of them was arrested this year here in Norway.
To be clear, in the period in question, Brazil was (and is) a democracy. The military dictatorship mentioned is the 1964 _Golpe_ or coup, which may have been partially instigated by US intelligence services.
The resulting military dictatorship was immediately recognised by the US and was responsible for innumerable human rights abuses until it fell in 1985.
This dictatorship and the US support for it is one of the main reasons that Brazil remains suspicious of the US and a primary driver behind it's continuing courtship of Russia and China.
Why "most expect"? Certainly there would have been greater focus on dictatorships/war zones? The target of websites found so far support this.
I can understand the desire to gather intelligence from every other nation, even allies. But I do believe it's a bad idea. E.g. Brazil seems to be aligning with China more and more... largely economic driven. But no need to also give it political backing.
> I can understand the desire to gather intelligence from every other nation, even allies. But I do believe it's a bad idea.
Intelligence agencies primarily spy on 'allies'. The biggest spy rings in the US are our "allies" - british, canadian, israeli, japanese, korean, etc. The biggest spy rings the soviet union had were in poland, ukraine, hungary, etc - aka their "allies". We have an infinitely larger spy ring in south korea than in north korea because holding onto an "ally" like south korea is far more important than converting an "enemy" like north korea.
It's why we demanded all our "allies" stop using huwaei tech because it would prevent us from spying on our allies. It wasn't about china spying on our "allies". Who cares about that? It's about our ability to spy on them.
The naive watch silly hollywood movies and think that's reality. Most of the spying during the cold war wasn't between the US and Soviet Union. It was mostly between warsaw pact "allies" and between NATO "allies".
> Brazil seems to be aligning with China more and more...
They should. Brazil's enemy is the US, not China. Might want to read up on the Monroe Doctrine. Think about it. The country that wants to keep brazil in check isn't china. It's the US. If Brazil has ambitions of being a major power, then it makes them our enemy and vice versa.
These seems to be related to intelligence gathering. The CIA like all other intelligence services in the world gather intelligence on any country of interest. Including on most european allies.
This article was hard to follow, if you want to see what the actual website looked like, and how the informant would communicate back to the CIA, scroll about halfway down this Reuters article:
Sure, the point of my article is to build upon the Reuters article to provide some concrete domains/archives links, add new sites to the existing Reuters list, and explain the technical details used to obtain them.
With a bit of reverse engineering, I'm sure we'd be able to get a mockup of the JavaScript ones running however: https://cirosantilli.com/cia-2010-covert-communication-websi... But in the end, it's just going to be some kind of "click something, a box opens, you type, it encrypts and sends a POST request.".
The main interest of reverse engineering to me would be to possibly find some searchable fingerprint that we could use to find more of the websites.
It's interesting to consider "how would you build it better" - especially when you realize that half of the equation is trained, educated, and safely in America, the other half is potentially anyone in the world anywhere.
If both sides are educated and trained, you can do things like hiding messages in quasi-randomly selected posts on Hacker News; but that quickly breaks down if one side doesn't have the skillset needed to hide their actions that way.
Things like TOR can help, but that can be difficult to completely hide, and so on.
> Things like TOR can help, but that can be difficult to completely hide, and so on.
I think stuff like TOR are actively harmful to a site like the CIA is trying to run.
Accessing TOR would make you light up like a Christmas tree, it's a much harder problem to solve without TOR (as the CIA tried).
> It's interesting to consider "how would you build it better" - especially when you realize that half of the equation is trained, educated, and safely in America, the other half is potentially anyone in the world anywhere.
Randomising the structure and sanitising the element names (not having password in them) would probably go a long way. It seems like it wasn't designed with a large amount of OPSEC in mind to be honest.
Which is why there are (some) attempts to disguise Tor traffic, but at some point the bits have to escape and that can be monitored.
I wonder what the "bandwidth breakdown" of various traffic types is, and which ones average Tor usage would be comparable to. Could you encapsulate a Tor session in a Youtube video (with cooperation from Google)? Or would that be noticeable because Youtube is 99/1 and Tor is 80/20?
Just run a Tor advocacy program in the area to increase the local userbase.
But I tend to agree, for single agent TOR is probably a bad tradeoff, I suspect the intended use case of TOR is likely more about larger groups like opposition movements or rebel groups
> It's interesting to consider "how would you build it better"
Creating these one-off websites was easy but also pretty easy to track once detected, since virtually no one visited the fake sites (and they re-used unique components). Since the NSA and their "Five Eyes" partners tap into the global internet at so many points for "full take" feeds, it seems like it should be possible to devise a passive approach that monitors seemingly normal interactions with legit high-traffic sites. Just combining commercial browser fingerprinting and broad geolocation with certain patterns of behavior, like visiting a few particular sites in sequence, should be enough to identify the asset trying to make contact. Then the asset's subsequent connection to a different unrelated (and equally legit) site could be taken over by a MITM-style interception.
I'm assuming here the NSA can gain sufficient certificate access for some major sites either surreptitiously or by gaining certain corporate employee's cooperation. Once the NSA has stepped into the online transaction with the legit site, it serves up slightly modified pass-through data from the real site to the asset. While more work to set up, it seems something along those lines would be virtually impossible to detect via bulk monitoring, especially if, at the end of each communication session, the asset is given a different ID behavior sequence to use for the next contact. Thus, there's no repeating behavior pattern statistically different enough to stand out.
I think it is pretty safe to assume that essentially all opponents are capable. In particular, intelligence is one of the first things dictatorships will invest in, partly to spy on their own people, which the leaders fear above all else.
The ideal communication mechanism is one that blends in with a huge number of other "legitimate" users. E.g. for Tor, it only works if many people are also using Tor for other non-spy things. I wonder why not just email.
I'm honestly a bit surprised that they haven't really been pushing "using Tor for piracy" to create additional cover traffic.
Email has many problems but may be better than most, but you need to use something like gmail which everyone is using, and even that may be noticeable.
Once they suspect you, you're pretty much done for unless you find out that you're on the list and you stop communicating outbound. It's much harder to track one-way broadcast communications (many still think that there are/were communications to spies hidden in BBC shortwave broadcasts, and numbers stations are still a thing).
so —in principle— the minutes field could be used to provide a very low bandwidth covert channel on top of innocuous commentary. Wouldn't it be pretty difficult to pick up even an outbound one-if-by-land two-if-by-sea style communication from the general noise floor?
> democracies have to work together and build mutual trust, and not spy on one another.
The first part seems true, but the second part doesn’t follow. Spying on allies seems an entirely reasonable, possibly even necessary, part of effective diplomacy.
I trust what you are saying more when I can verify congruence with things I can observe.
The problem is if these things are found and become public, it makes the targeted country really dislike the spying country. This creates a political pressure against aligning with the spying country.
Many Brazilians are deeply distrustful of the USA, and are even willing to align themselves with dictatorships. Personally, I'll never support a dictatorship. But many people will just to have an alternative world power pole.
Alliances are like friendships. If you spy one your friends, of course they are going to get mad and push you away. We have instead to make opt-in intelligence sharing programs with our allies.
A key part here is "democracies". Between dictatorships, mutual spying to establish trust can be a reasonable policy. But a democracy has to factor in the opinion of their citizens. People tend to dislike foreign countries spying on them, and will create incentives for their government to distance themselves from such countries.
Even if you try to keep it on the down-low, it makes it really easy for a third country to drive a wedge in the relationship.
Spying seems indistinguishable from the investigative work that undercover detectives do regularly. I think there’s a proper non-zero place for that in society as well. (There’s also improper possible applications, but the proper is not the null set.)
What you're describing is illegal under the conditions you've outlined. There is no reasonable suspicion or ethical justification for bugging Angela Merkel's phone -- comparing it to regular detective work is ridiculous. It's just one part of the unethical anarchy at the heart of the supposed international "order", where most countries are just trying to get ahead of the other guys -- but the US is the most pompous in pretending its actions are uniquely principled and those of others are uniquely nefarious. It's ironic on a scale not seen before in all human history.
Free countries have the greatest need to properly "educate" the population that it's all just prudent and good, actually -- and the US has done an excellent job at that.
Sąd, but true. The sad part is that it can give "unfair" advantages to the party that is better at spying abroad and/or counterintelligence at home. After all every alliance has some points of conflict (see the Inflation Reduction Act vs Europe, as an example).
I don't really see how so many of these ended up in the wayback machine. My understanding is that they were supposed to seem like fairly unremarkable websites, but were built for basically one person. So it seems surprising that so many were visited by unrelated people.
Is there a log of who instigated a wayback archive? Could they have been a different group doing what this person was?
>Given that we cannot rule out ongoing risks to CIA employees or assets, we are not publishing full technical details regarding our process of mapping out the network at this time
I guess it's a hard thing to rule out, but I certainly hope the CIA isn't still using a communication method broken more than a decade ago.
> Is there a log of who instigated a wayback archive? Could they have been a different group doing what this person was?
Yes, IA now has a "About this capture" popdown at the far right of the injected toolbar. The first ever capture and some of the subsequent captures for one of the sites was from Alexa Crawls, provided by Alexa Internet; some later captures were from a "Survey Crawl" based on "a list of every host in the wayback machine". So this is basically automated, long-tail vacuum cleaning work.
I apparently misunderstood how the wayback machine worked. I thought it only archived pages that a user requested, and most pages end up archived due to people with the browser add-on installed to archive every page they visit.
Thanks to both people that cleared up my mistake, it has always seemed they had much stronger coverage than they should for my mistaken view of how it worked.
The Wakatime.com domain was registered in 2013 around the same time these covert websites were all being replaced. Also the creator of wakatime is an American living in Vienna, known to be the city of spies.
When I saw on LinkedIn that he worked for a web security contractor until September 2013, I almost flipped. But appears unrelated however unfortunately except for his general interst in WEBSEC, so another dead end.
Yeah it seems a bit odd, as if the author is intentionally trolling in some areas, or is easily susceptible to being trolled by random folks, and thus displaying some kind of compensation dynamic.
Anyone written a de-cringe browser plugin? Maybe there is interesting content here but the third person, exclamation point ridden, conspiracy thinking on display is too much.
If anyone has any more precise information on this, do let me know. I do suspect there's some kind of "protocol legel" fingerprint, as I can't find anything in the content that would be searchable so far.
On another note it is easy to shame the CIA for making such a basic mistake as using subsequent IP numbers/same file layouts on sites. Of course they should be, but funnily enough mistakes such as these happen in every intelligence service. As example would be the Russian military intelligence (GRU/GU) who have for years sent agents abroad with fake/cleaned Russian passports. Only problem being of course that the passport numbers were sequential and as in the case of the CIA websites, if you identified one agent and his passport, you could look up the next ones in line on databases and identify all the other active agents as well.
Reference for GRU passports: https://www.voanews.com/a/russia-gru-operatives-unmasked/460...