Transcription performed by LeahTranscribes[START OF RECORDING]
JACK: You know about this guy Aldrich Ames? If you were watching the news in 1994, you’d certainly hear all about him.
TV HOST1: I’d like to say a word about the Ames espionage case and our broader interest regarding Russia.
TV HOST2: US-Russian relations were chilled early in the year when the CIA announced one of its top agents was spying for the Soviet Union and then Russia.
TV HOST3: The burning questions in Washington; how could it have taken so long, so long to arrest the highest-ranking CIA officer ever accused of selling out to the Russians? Aldrich Ames and his wife Maria are still, of course, the alleged spies, but there in no doubt in Washington tonight that this is an intelligent disaster.
JACK: In short, Aldrich Ames was a CIA officer working in Langley, Virginia at the CIA headquarters. He was responsible for Soviet counterintelligence which means he was trying to figure out what intelligence information Russia had on the US. As part of his work, he learned about the activity of CIA spies in Russia. At first, I think he was just trying to con Russian intelligence out of some cash. He contacted the Soviet embassy and offered them information that I think he thought was worthless. He asked for $50,000 and they paid up. I think he felt like he pulled one over on the Soviets, but this [MUSIC] crossed a line that he wasn’t able to step back from. Any good spy agency knows the most effective way to get someone to give you secrets is to give them money. Aldrich was vulnerable to this.
When the Soviets reached out, offering more money just to sit and have lunch, he would agree and take the cash. This was sometimes tens of thousands of dollars. Soon enough, Aldrich started giving up more details in exchange for cash. He started giving the names of the CIA spies that were assigned to the Soviet Bloc and quickly, the spies he named were starting to disappear. Russia was capturing and killing the CIA agents that Aldrich Ames was giving them information on. Aldrich gave a lot of information to the Russians which earned him 4.6 million dollars by 1985. Well, this money changed him.
He got cosmetic dentistry done to make his teeth look better, he stopped wearing cheap clothes and was wearing nice suits to work, he bought a $50,000 Jaguar and a $540,000 house all paid in cash; all of this with an annual CIA salary of $60,000 a year. This was suspicious. While the CIA and FBI were investigating the deaths of the CIA agents in Russia, they started looking into Aldrich and found enough evidence to arrest him. He was found guilty of giving information to the Russians and currently is serving the rest of his life in prison. Aldrich was a trusted CIA agent but he abused that trust. His betrayal led to the deaths of several of his fellow agents.
(INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]
JACK: Okay, so I read this news story once on Yahoo News and it’s one of those stories that when you read it, you’re like holy cow; what? Seriously? I haven’t been able to forget it since I read it and I want you to hear the story, too. I called up the two reporters who wrote the story.
JENNA: My name is Jenna McLaughlin. I am a national security and investigations reporter for Yahoo News.
ZACH: I’m Zach Dorfman. I am a senior staff writer at the Aspen Institute. I write the codebook, cyber-security newsletter for Axios, and I am a national security and intelligence journalist.
JACK: Okay, so these two write about national security stuff, stuff relating to FBI, CIA, the US government, hacks against the US. Now, they’ve been doing this for a while and have established quite a lot of sources to cover stories like this, sources that you and I do not have access to. For them to cover this story, they interviewed a lot of people.
JENNA: More than now at this point; eleven former US intelligence officials and defense officials who were familiar with the matter.
JACK: That’s some pretty thorough investigative work. So, let’s get into it.
JENNA: [MUSIC] What happened is in Iran, between 2009 and 2011, the Iranian officials were looking for a mole. They were on a mole hunt after they discovered that the Obama administration had unearthed a lot of information [00:05:00] about their ongoing enrichment efforts. They wanted to figure out who was leaking that information to American officials.
JACK: Right; of course they’re looking for a mole, because remember Stuxnet? If not, I did a whole episode on it. It’s Episode 29. But Stuxnet was a cyber-attack which hit the Iranian nuclear enrichment facility in Natanz. Specifically, someone had to walk the malware into the facility to plant it or somehow get it infected on a computer that was going to go into that facility. This facility wasn’t connected to the internet and there was no way for an American to just go in there and plant it. Iran thought there was a double-agent, someone who worked for Iran and the US. This is why Iran was looking for a mole.
JENNA: Yes, Iranian officials were deeply upset with a lot of the successes that had been tied to the Americans that we now know, rather more definitively, was the US and Israeli efforts to compromise Natanz. At the time, this was something Iran wanted to do to retaliate.
JACK: Now, you can probably guess – the CIA and the US intelligence teams want to keep an eye on what’s going on in Iran. It’s an adversary of the US so it’s important to know what they’re up to. But since they’re such an adversary, it makes it very difficult for someone like a CIA agent to just go into Iran and start collecting intelligence. How does the CIA spy on Iran?
ZACH: That’s a great question and also one that is still shrouded in a lot of mystery because obviously, CIA does not have a – there’s no American diplomatic facilities in Iran. There hasn’t been since 1979. Unlike China or Russia, there’s no such thing as official cover. You can’t show up as a state department employee and actually be CIA.
JACK: Now, because there’s no diplomatic protections for Americans in Iran, this means that whatever CIA agents are in Iran are there illegally. They absolutely must be disguised, to go in under a fake name with a fake itinerary.
ZACH: [MUSIC] There’s a couple things that you can do. One is you have somebody who can go in under business cover and potentially communicate with sources that way inside the country, but more realistically and from my understanding, far more frequently, what you do is you recruit and handle people outside of the country. So, Malaysia, the UAE, Turkey. These are places that in the past, CIA has had success in recruiting or meeting with Iranian sources. They were on inside lists, so it’s no great secret to them. In those cases, this is one reason why using covert communications over the internet is so valuable, because you can signal to somebody you would like to meet. Somebody says I’m slated to be in Dubai on July 4th. Then you do the preparatory work and you plan on meeting. As time went on, because in that area it’s just so difficult to operate in, having meetings in neutral ground is where things really moved.
JACK: Alright, so we should probably cover a few terms for the different types of people involved in CIA spying. First you have an agent. This is someone who’s actually doing the spying or espionage. The person who manages agents is called an agent handler. Information collected by an agent is sent to the analysts. Analysts review, decode, and make sense of the information. Then there are assets. Assets are people who live in a country that’s being spied on. They’re knowingly giving information to the enemy. In this case, a asset might be an Iranian citizen who meets with a CIA agent to give them information. Then there’s also sources. A source is just a person with information that is willing to give to a spy whether they know that person is a spy or not.
Oh, and there’s a targeting officer. This person will try to identify the people and organizations that have the critical data needed. There’s obviously a lot more different roles, but knowing these differences will come in handy during this story. [MUSIC] The covert communications the CIA uses fascinates me. Let’s talk about that. The CIA agents need to speak with their assets in Iran but it has to be very secretive, so what do you do? Text messaging is totally out of the question because it goes through the Iranian telecom companies, so that can easily be snooped. E-mails are no good because, what, you gonna use Gmail or something? You’re gonna trust Google for your top-secret communication?
I don’t think so. A signal and wire are great end-to-end encryption messaging apps, but it requires you to download it, install it, and have it on your phone. What if the asset gets their phone taken and looked through? [00:10:00] They’ll be burned. The CIA can’t just set up some communication server back in Langley, Virginia for people in Iran to dial into because that would certainly raise suspicion, too. The CIA used something completely off the radar to communicate with their assets inside Iran.
JENNA: The way that they were described to us and we understand them, is that they were websites that were disguised as something else, used as a portal to communicate with your handler. Maybe you’re a fan of yoga or you like to read certain books, it would be a website about those interests, perhaps. You’d actually be able to log in and access the communications through that.
JACK: Very interesting; a super-secret website that looks like one thing but is actually a CIA back channel. This way, it looks like you’re just on a yoga website chatting with your yoga teacher and it looks totally normal if somebody were to walk in on you. You can quickly close the page when you’re done. Now, this secret comms channel was used to send all kinds of information.
ZACH: Could be data uploads, it could be meets, it could be signs of life. I don’t know if this is how this system worked in particular but as we’ve known, there are ways where – there’s sites that are – that appear completely benign, but if you log into the site at a very specific time and click on a very specific pixel, for instance, all of a sudden it can open up a back door that allows for certain kinds of communication. I don’t know if that’s exactly how it worked in this case, but there’s lots of different ways that it can work and that was the way that, according to our understanding, at least some of this system functioned.
JACK: The CIA wasn’t the only one using this tool. The UK was using it, too.
ZACH: Yes, according to a former senior official, MI6 I believe was using it and then I believe the Defense Clandestine Services were also using it.
JACK: Sounds like a pretty airtight communication system and it has to be, because lives are at stake, here. But this system wasn’t airtight. There were problems with this covert comms channel.
JENNA: [MUSIC] A whistleblower from back in 2009 by the name of Reidy, he was the targeter for a contracting company. He was one of the people in charge of locating sources and setting up communications with them. His disclosure is extremely redacted but we managed to find some sources to help us with it who said that Reidy had identified these flaws.
JACK: John Reidy was pointing out a few serious flaws in the communications channel that the CIA was using which he called a massive intelligence failure. He warned that this could create a nightmare scenario.
JENNA: But because there’s never a perfect whistleblower; he had a business on the side, there were some other issues with his disclosures, they weren’t taken seriously at the time.
JACK: We don’t know why the CIA didn’t take action when John Reidy spoke up. Could be too much bureaucracy in the way. It might have meant certain people losing their job. Also, this was a single person speaking up about this. How much effort do you put into listening to one complaint? For whatever reason, his cries to get this addressed were not sufficient. The flaws that existed in the communication channels persisted. Back to Iran. They were looking for the mole who helped sabotage Natanz. Through that investigation, they found a person.
ZACH: It was somebody who the US thought worked for it but was actually a Iranian agent.
JACK: [MUSIC] This double-agent knew of one secret website that was used by the CIA for covert communications and gave this information to Iran’s intelligence officers. This meant that Iranian intelligence were in the communication channels too, watching what was being said. This was a big problem, but it was a huge discovery for Iran; they just hacked into a secret CIA comms channel.
JENNA: Once one of the websites was found, they were able to find others which made it so that it didn’t even really need to be hacked in the traditional sense of the word. It just needed some sort of creative Googling skills which most average open-source intelligence technicians – but, you know, even average people now, the hordes of Twitter, are certainly capable of.
ZACH: Yeah, because apparently there was something in the structure of the website that connected it to other like websites. What they did was, once you pull that thread and you say well, this website has certain indicators, they were able to then find other websites with other indicators and then from there, then you’re playing ball, right? [00:15:00] Because then you can sit on those sites, see who logs in, see the traffic, check IP addresses, do all kinds of things to try to figure out who’s using it and when.
JACK: Whoa, now Iran has access to multiple covert CIA communication channels? This is not good. This is really not good. This means they can listen in on whatever data the CIA is getting from Iran, what operations they’re planning, who’s moving around out there, and where people are meeting. Where people are meeting? Iran now knows where the CIA agents are gonna be because they’re listening to the communication channels for meeting places.
JENNA: At that point, it really spider-webbed from there. Iranian officials used that information to uncover a vast network of sources within their country and abroad.
JACK: Iran got to work. They listened in on the channels and waited for a scheduled meet between an Iranian asset and a CIA agent. Now, the meet might have been in Iran or it might have been in another country.
ZACH: You can let them go to Dubai and trail them in Dubai, and surveil them. You probably want to do that, right, because guess what? If you do that, then you have a body on their handler. Then you have a photograph and then you can surveil their handler. Then if you surveil their handler, you can maybe figure out an entire network of CIA officers. Then you have somebody else keep following the CIA asset. You wait for them to get back on a plane to Tehran. They land in Tehran, you arrest them.
JACK: That’s gotta be an interesting conversation. Imagine you’re an Iranian going home and the police stop you at the airport and ask, why did you go to Dubai to meet with a CIA agent? Uh. In Cuba during the Cuban Missile Crisis, CIA agents tried to recruit Cubans to help spy on Cuba. The CIA thought they had a decent network of spies in Cuba working for them. But as it turned out, Cuba knew every time when a CIA agent recruited a new Cuban spy. They would talk to this Cuban spy and get them to work for Cuba. As a result, all of the CIA’s assets in Cuba were actually working for Cuba. This means the counterintelligence that Cuba collected in this time was amazingly good. When Iran’s intelligence officers saw Iranians meeting with CIA officials, I wonder what they actually did to their own Iranians. Arrest them? Flip them to become double-agents? Or kill them? These are all possibilities. After Iran gathered enough intelligence, it was time for them to strike. Iran was setting up sting operations for these meetings and started capturing CIA assets and agents.
JENNA: [MUSIC] Many people were held. They were imprisoned.
JACK: Those were the lucky ones because Iran was also killing some of these people they captured. One by one, people were disappearing, never to be seen again. It’s not clear if it was CIA agents who were killed or officers or handlers or targeters or sources. Well, we do know that some sources were killed. These are people who lived in Iran and were caught giving secrets to US spies. This drastically impacted the intelligence the CIA was getting from Iran. It would have been tragic enough if CIA agents were killed because of this counterintelligence. But things got worse for the CIA.
JENNA: Iran was sharing this with its allies and our adversaries. That information was passed along, we’re told, not only to Russia but also to Chinese officials.
ZACH: It’s not like these countries did not share intelligence information at times, but what US officials started seeing was sharing on counterintelligence information, and that was considered notable because when you start sharing that information, it requires a greater degree of trust because you’re sharing with services that are actively spying on you. The Iranians are spying on the Chinese, the Chinese are spying on the Iranians. If I remember correctly, around that time, I believe a high-ranking Iranian counterintelligence official traveled to China or vice versa. This was seen as also a notable sign around the time that both networks in both countries were being wrapped up.
There are different theories about where the origination point was and again, we’re talking about the Wilderness of Mirrors, right? We’re talking about a world where [00:20:00] even US intelligence officials come up with educated theories based on partial evidence. Take what I’m saying as a level or two down from that, but the consensus seems to be that the Iranians discovered something first via a mole or a double-agent, I should say. The Iranians ran a double-agent. The Iranians began to realize what was going on with the covert communications tools being used within their borders, and then may have passed some of that information to their Chinese counterparts who then did even more work on breaking that apart and using that to hunt down all the US intelligence assets within China.
JENNA: That’s how it really got out of control.
JACK: [MUSIC] At that point, China started learning the identities and locations of CIA agents who were in China, which had chilling results.
JENNA: Because once the information was passed on to Chinese officials, that was one of the key reasons that such a large group of sources in China were killed. That network really has not been built up since then which obviously has loads of impact given the ongoing tensions with China and the developments happening there.
JACK: Oh, this is worse than tragic. This was a catastrophe.
JENNA: Our sources told us dozens of people died because of this around the world. I think that that’s certainly a fair estimate. I imagine in terms of people who were caught up in it, you could probably multiply that by a couple at least, right? It’s hard to fully estimate at this point just how far-reaching it was, but one figure I will mention is that in John Reidy’s complaint which, while it’s heavily redacted, did include this one sentence that still is there for anyone to see, that he estimated that this would impact 70% of the CIA’s global operations which is just a massive figure.
JACK: I don’t even know what to say. This is all so heavy for me to comprehend. I have so many questions like why was this not an act of war? Why wasn’t this major news at the time when it happened? Why are we finding out about this five years after it happened? Why are the Iranian and Chinese governments killing their own people? Did the US cover this up? Well yeah, sorta they did, because these agents were killed while on active duty and part of a secret mission. The CIA doesn’t like talking about secret missions publicly.
JENNA: There’s a wall within the CIA headquarters with a star for its officers who’ve died in the line of duty. They have periodically declassified some of those names. Some of them are known, some of them are published and that they’ve discussed, but others are not.
JACK: It’s been seven years since all this happened. What has the US government done in response to this? Well, it’s hard to say since so much of what happens in the CIA is shrouded in secrecy.
JENNA: If you are looking for things in the public record, there was a panel at CNAS, former House Intel Chair (HPSCI) Mike Rogers was discussing a couple intelligence failures that he had to deal with during his time as chairman. He mentioned specifically a communications failure.
JACK: Okay, so, I have that clip. This is Mike Rogers speaking at CNAS which stands for the Center of New American Security. It’s a Washington-based think tank which focuses on national security. Now, Mike Rogers was the former director of the NSA, and he’s talking about investigations he did to help the CIA.
MIKE: The kind of investigations we did, we did things like inside that didn’t ever make it public for how our sources and assets and agents communicate with each other. If you recall, we had a – we had some blips. So, Dutch and I sat down; said, we’re not putting up with this. We generated the resources and did our own internal investigation – try to fix this problem. It was a serious problem that we thought needed to be fixed.
JACK: Hm, that’s not really specific. All he’s saying is that he investigated a communications blip in the CIA. He could be talking about the story, but his comments don’t really confirm any of the details. That’s the only time anyone in US intelligence has publicly acknowledged this situation. Regardless, I sure hope they did an investigation on this. [MUSIC] The CIA hasn’t said anything publicly about this; no press release or statement to the press, no announcements that any CIA agents were killed in this manner. Nor have there been any indictments which might accuse [00:25:00] Iranian or Chinese officials of killing agents.
ZACH: You’ll never seen an indictment for any of this because the very act of validating via an indictment shows that the Iranians and the Chinese were, in fact, targeting the right people. It’s illegal to spy, right? They don’t want any further disclosure about what occurred, why it occurred, the process behind it, and they certainly do not want to open up the Pandora’s box of an American legal proceeding with discovery, by the way. A defense attorney would be able to theoretically dredge up some – ‘cause they have to defend their client, right? None of that will ever see the light of day.
JACK: On top of that, the CIA really likes operating in secrecy as much as possible.
ZACH: Going back many, many, many decades, CIA has had a lot of tension with DOJ over any CIA information or sources being used in the – for making cases in the American justice system because of the desire to remain in the shadows.
JACK: Even though the US government didn’t and probably won’t ever mention this, there were some news articles about it. One of the reasons that Zach and Jenna even know about this is because of a story in the New York Times titled Killing CIA Informants: China Crippled US Spying Operations. But there’s no mention of Iran in that story. Once Jenna and Zach saw that story, they began their own investigation to try to learn more and sure enough, they uncovered so much more. See, the New York Times story didn’t explain how the communication channels got hacked into. They suspected China had cracked some encryption or that there was a mole, a US CIA agent who was giving secrets to China. In fact, the New York Times named the mole who was suspected; Jerry Lee.
HOST4: A former CIA officer was arrested this week on charges of mishandling classified information. The FBI said that Jerry Chun Shing Lee had in his possession notebooks that contained names and contact information of CIA informants and agents in China.
JACK: He had this notebook of some of the names of the informants that were captured and killed. Not all of them; just a few. Jerry Lee was given this information to do a certain job within the CIA but then moved to a new position and wasn’t authorized to have access to this information anymore. He was charged with unlawful retention of classified information. He might have helped the Chinese identify some of these informants.
JENNA: However, based on our source’s knowledge and how quickly many of these sources were rolled up, they believe that it had a lot more to do with this technical problem. It will be interesting and I think it’ll be continued to – studied for years to come which of these failures was more to blame, and how they interacted with each other and made it possible for so many sources to die.
JACK: [MUSIC] I’m still a bit baffled that there weren’t more reports in the media about the people who were killed.
ZACH: Well, I think that there were scattered reports of people being killed. There’s an anecdote that is in the New York Times story about a – somebody being dragged down to the street and shot. There is a story that I was told from a former intelligence official about a man and his pregnant wife being executed on closed-circuit television, where the people – these people’s colleagues within a state laboratory or defense facility were made to watch. That stuff has leaked out, but you also have to account for the fact that you’re talking about closed societies, right?
If you’re also talking about individuals who were spying for the US government who were working high up within the Iranian and Chinese national security or foreign affairs bureaucracies, they keep a very, very tight lid of information about that. If you’re an Iranian intelligence officer working for the MLIS and they discover that you’re – you are spying for the Americans, they may or may not decide to publicize it. But if they [00:30:00] didn’t publicize it, it’ll – leaking out to the US press would be very unusual.
JACK: While there haven’t been many stories about these killings in the US, Iran has published some chilling stories about this.
JENNA: Oh, they have, they have. That’s mentioned in the story that’s been an interesting publication for us, is that Iran has seized upon its successes in killing and arresting CIA officers. They’ve done documentaries online, they’ve put out press releases. They have certainly not been quiet about it, that’s for sure.
JACK: When Aldrich Ames was discovered to be a double-agent, this made big news. President Clinton even gave a press statement talking about this. So, I’m kinda baffled as to why Jenna and Zach’s story wasn’t a bigger deal.
JENNA: Yeah, you’re telling me. We wonder the same thing. I would love to know the answer to that question, why it didn’t get more attention. I mean, Zach and I won the Gerald Ford Award for reporting on national defense for that story. It’s been recognized in certain capacities, but I really think that it deserves a much larger public exploration of the way that the intelligence community is using its technology.
JACK: Huh. Whatever happened to that whistleblower, John Reidy, who tried to warn the CIA there was a communications failure? Well, he was fired.
JENNA: He was fired, yes. At the time, he did lose his job largely due to his competing business, but he believes in retaliation. That’s an area that the intelligence community has a lot of issues with. There’s not enough defenses particularly for contractors in the intelligence community to be able to lodge complaints of retaliation. His family life fell apart. He lost his job, he lost his security clearance, and it’s a story that’s sadly all too familiar about people who raise concerns like this.
JACK: But did all of this result in the CIA tearing down this covert way of communicating or thoroughly going through and fixing every problem?
JENNA: We did a follow-up story on how the issue continues to plague the agency five years later. The explanation that I got is that it’s this complex web of interlocking technical systems and that this sort of bureaucratic differences between the office of science and technology and the directorate of operations has led to disagreements on how to handle the technology and where it can be deployed, and the excuses that are presented to us. But it really doesn’t make sense that it has not been fully fortified to this point. At a certain level, you could get to the point where you just say technology is not secure. Any instance that you use it needs to measure those risks and those benefits. But the fact that this kind of tool which is clearly not secure at all – not encrypted, over the open internet – was relied upon so heavily for contact with sources that there needs to be, if there has not been already, a significant reevaluation of that process.
JACK: Hm. There’s still so many unanswered questions in this story which I think is how the CIA wants it to stay. Spies don’t like having the spotlight on them. They scurry when it shines. I’ll just leave you with this quote from Malcolm Nance who spent thirty-five years doing US intelligence. He says “for an old spy and code-breaker like myself, nothing in the world happens by coincidence.””
(OUTRO): [OUTRO MUSIC] A big thank you to Zach Dorfman and Jenna McLaughlin for coming on the show and telling us this story they reported on. It’s amazing how they were able to find so many details on this story and publish it. If you like this show and it brings value to you, consider donating to it through Patreon. By directly supporting this show, it helps keep ads at a minimum. It helps us make this show and it tells me that you want more. Please visit patreon.com/darknetdiaries and consider supporting the show. Thank you.
Also, I’m inviting you to come join us on Discord. It’s a chatroom with a bunch of other fans of the show. It’s a great place to hang out with other Darknet Diaries fans and sometimes there’s giveaways there, too. Come join us at discord.gg/darknetdiaries. This show is made by me, the sleeping agent, Jack Rhysider. I had some reporting assistance this episode by the super-snooper Yael Grauer. Sound design and original music created by the always-observant Andrew Meriwether; editing help this episode by the undercover Damienne. Our theme music is by the counter-beat Breakmaster Cylinder. Even though I sometimes sit and wonder what time zone are people in on the moon, this is Darknet Diaries. [00:35:00]
[OUTRO MUSIC ENDS]
[END OF RECORDING]