By mkeeter - 11 hours ago
Showing first level comment(s)
>In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems.
If you read between the lines, this raises the suspicion that there's a common underlying infrastructure which handles the communications, with management front-ends for different users which are firewalled off from each other, and the security of the system relied upon the firewall between the different front-ends to prevent users from finding out about each other. However, an attacker who compromised the "less secure" front end, could use that as a launching pad to attack the underlying communication infrastructure, and if the attacker pwned the infrastructure, then he'd have a back entrance to the "more secure" front end.
If that's the case, then somebody was grossly incompetent, depending on the age of the system: if the system is old enough, then somebody running ops in the CIA is incompetent, for continuing to operate a system whose security model ("all you need is a strong enough firewall!") was obsolete; if the system is young enough, then either the original architects, or the security engineers who certified the architecture (if there were any), for proposing an architecture with an obsolete security model.
Arguably, that incompetence amounts to criminal negligence, since it resulted in the deaths of US agents, and somebody should be tried for it.
solatic - 7 hours ago
I don't believe the US lacks in technical skill at the operational level. These failures are management and organizational failures.
yborg - 6 hours ago
nyolfen - 11 hours ago
matt_s - 10 minutes ago
(The title refers to a quote by Eisenhower, who left the Presidency disappointed at the “legacy of ashes” which was all he felt the CIA accomplished during his tenure.)
_iyig - 3 hours ago
jmnicolas - 5 hours ago
In a separate note, I'm not sure technically what the right solution is, but I imagine an encrypted stenographic message on a popular peer to peer internet service would be the best way to avoid detection. ... When the entire web is being monitored.
anonu - an hour ago
I also fail to see how a decision like this could be made:
To China? The degree of technical differences between those two regions is so intuitively disparate, that without having been to either, I’d still never estimate that a game plan for one would work in the other.
The CIA had imported the system from its Middle East operations...
Cell phones make sense in desert territories with good satellite coverage, and attacking, as much as operating those same cell phones makes sense too, in a volatile atmosphere.
Meanwhile, in China, with world class supercomputing facilities operated at scientific research institutions, one can only safely assume that no amount of cryptography or electronic transmission is safe. Not even one-time pads.
Each seems like it’s own game, with it’s own rules. What a mistake to not approach them differently. It’s like trying to steal cars from a suburban driveway at dinner time, versus a city parking garage during rush hour. A car is not simply a thing with wheels, that rolls away as soon as you can hop inside.
evntllyCnsistnt - 2 hours ago
I treat any media 'story' about spooks with great suspicion, because it almost almost invariably winds up over time that there are far more layers to the onion than are revealed in these types of exposes.
I wonder what 'The disaster in China has led some officials to conclude that internet-based systems, even ones that employ sophisticated encryption, can never be counted on to shield assets' is going to lead to? Some sort of new infrastructure may even already be in use...
olivermarks - 5 hours ago
Yes I say this partly in jest and also partly as a ‘why didn’t they’. BBM Enterprise over a VPN service popular with movie streamers would have actually helped them blend in... digitally speaking.
jarym - 5 hours ago