Between 2009 and 2013, Iran compromised a CIA system used to talk to operatives in Iran by using Google to identify the websites that concealed communications, according to Yahoo News' Zach Dorfman and Jenna McLaughlin.
The big picture: We already knew a similar system was uncovered by the Chinese around the same time, possibly due to alleged double agent Jerry Lee. It's unclear if the Iranian and Chinese compromises involved any collaboration.
In 2009, Iran was roiled to find that the U.S. had discovered internal secrets about its nuclear program. According to the Yahoo News piece, the country launched a mole hunt.
- After discovering a first website used to hide messages, possibly by planting its own agent into the CIA network, Iranian intelligence Googled markers from that site to find other similar sites.
- That technique is known to hackers as "Google dorking."
- In May 2011, Iran claimed to have broken up a ring of 30 CIA spies, an apparent consequence of breaking into the communications.
Before Iran discovered the communications platform, a contractor named John Reidy may have reported these and other vulnerabilities in the communications platform to the CIA, per Yahoo.
- Reidy did not talk to Yahoo for the story; his name was mentioned by other sources.
- Reidy, who was later reassigned, asked the CIA Inspector General to look into his reassignment in 2014 as retaliation for notifying the agency of vulnerabilities in CIA systems. That was first reported by McClatchy. But a heavily redacted complaint makes it tough to tell if those vulnerabilities are linked to this case.
The CIA updated its communications to protect sources in 2013.
What they're saying: “When these types of compromises happen, it’s so dark and bad,” said one former official interviewed for the story. “They can burrow in. It never really ends."
- "You start thinking twice about people, from China to Russia to Iran to North Korea,” said another.
