WEBVTT

00:00:00.540 --> 00:00:05.580
JACK: You know about this guy Aldrich Ames? If you were watching the news in 1994,

00:00:05.580 --> 00:00:07.310
you’d certainly hear all about him.

00:00:07.310 --> 00:00:10.200
TV HOST1: I’d like to say a word about the Ames espionage

00:00:10.200 --> 00:00:13.190
case and our broader interest regarding Russia.

00:00:13.190 --> 00:00:17.760
TV HOST2: US-Russian relations were chilled early in the year when the CIA announced one

00:00:17.760 --> 00:00:21.530
of its top agents was spying for the Soviet Union and then Russia.

00:00:21.530 --> 00:00:25.200
TV HOST3: The burning questions in Washington; how could it have taken so long,

00:00:25.200 --> 00:00:30.120
so long to arrest the highest-ranking CIA officer ever accused of selling out to the

00:00:30.120 --> 00:00:34.680
Russians? Aldrich Ames and his wife Maria are still, of course, the alleged spies,

00:00:34.680 --> 00:00:39.000
but there in no doubt in Washington tonight that this is an intelligent disaster.

00:00:39.000 --> 00:00:44.580
JACK: In short, Aldrich Ames was a CIA officer working in Langley, Virginia at the

00:00:44.580 --> 00:00:49.320
CIA headquarters. He was responsible for Soviet counterintelligence which means he was trying

00:00:49.320 --> 00:00:54.600
to figure out what intelligence information Russia had on the US. As part of his work,

00:00:54.600 --> 00:00:59.880
he learned about the activity of CIA spies in Russia. At first, I think he was just trying

00:00:59.880 --> 00:01:05.220
to con Russian intelligence out of some cash. He contacted the Soviet embassy and offered

00:01:05.220 --> 00:01:11.040
them information that I think he thought was worthless. He asked for $50,000 and they paid

00:01:11.040 --> 00:01:16.920
up. I think he felt like he pulled one over on the Soviets, but this [MUSIC] crossed a

00:01:16.920 --> 00:01:25.620
line that he wasn’t able to step back from. Any good spy agency knows the most effective way to

00:01:25.620 --> 00:01:31.200
get someone to give you secrets is to give them money. Aldrich was vulnerable to this.

00:01:31.200 --> 00:01:36.060
When the Soviets reached out, offering more money just to sit and have lunch,

00:01:36.060 --> 00:01:43.380
he would agree and take the cash. This was sometimes tens of thousands of dollars.

00:01:43.380 --> 00:01:48.720
Soon enough, Aldrich started giving up more details in exchange for cash. He

00:01:48.720 --> 00:01:54.480
started giving the names of the CIA spies that were assigned to the Soviet Bloc

00:01:54.480 --> 00:02:01.560
and quickly, the spies he named were starting to disappear. Russia was capturing and killing

00:02:01.560 --> 00:02:08.100
the CIA agents that Aldrich Ames was giving them information on. Aldrich gave a lot of information

00:02:08.100 --> 00:02:16.740
to the Russians which earned him 4.6 million dollars by 1985. Well, this money changed him.

00:02:16.740 --> 00:02:21.240
He got cosmetic dentistry done to make his teeth look better, he stopped wearing cheap clothes

00:02:21.240 --> 00:02:28.620
and was wearing nice suits to work, he bought a $50,000 Jaguar and a $540,000 house all paid in

00:02:28.620 --> 00:02:35.760
cash; all of this with an annual CIA salary of $60,000 a year. This was suspicious. While the

00:02:35.760 --> 00:02:41.460
CIA and FBI were investigating the deaths of the CIA agents in Russia, they started looking into

00:02:41.460 --> 00:02:47.460
Aldrich and found enough evidence to arrest him. He was found guilty of giving information to the

00:02:47.460 --> 00:02:54.480
Russians and currently is serving the rest of his life in prison. Aldrich was a trusted CIA

00:02:54.480 --> 00:03:01.860
agent but he abused that trust. His betrayal led to the deaths of several of his fellow agents.

00:03:01.860 --> 00:03:12.960
(INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet.

00:03:12.960 --> 00:03:23.700
I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]

00:03:23.700 --> 00:03:36.060
JACK: Okay, so I read this news story once on Yahoo News and it’s one of those stories that

00:03:36.060 --> 00:03:41.340
when you read it, you’re like holy cow; what? Seriously? I haven’t been able to forget it since

00:03:41.340 --> 00:03:46.200
I read it and I want you to hear the story, too. I called up the two reporters who wrote the story.

00:03:46.200 --> 00:03:48.480
JENNA: My name is Jenna McLaughlin. I am a national

00:03:48.480 --> 00:03:51.060
security and investigations reporter for Yahoo News.

00:03:51.060 --> 00:03:58.440
ZACH: I’m Zach Dorfman. I am a senior staff writer at the Aspen Institute. I write the codebook,

00:03:58.440 --> 00:04:05.430
cyber-security newsletter for Axios, and I am a national security and intelligence journalist.

00:04:05.430 --> 00:04:10.380
JACK: Okay, so these two write about national security stuff, stuff relating to FBI, CIA,

00:04:10.380 --> 00:04:14.100
the US government, hacks against the US. Now, they’ve been doing this for a while

00:04:14.100 --> 00:04:18.960
and have established quite a lot of sources to cover stories like this, sources that you

00:04:18.960 --> 00:04:25.020
and I do not have access to. For them to cover this story, they interviewed a lot of people.

00:04:25.020 --> 00:04:30.600
JENNA: More than now at this point; eleven former US intelligence officials and defense

00:04:30.600 --> 00:04:31.920
officials who were familiar with the matter.

00:04:31.920 --> 00:04:38.120
JACK: That’s some pretty thorough investigative work. So, let’s get into it.

00:04:38.120 --> 00:04:51.060
JENNA: [MUSIC] What happened is in Iran, between 2009 and 2011, the Iranian officials were looking

00:04:51.060 --> 00:04:58.560
for a mole. They were on a mole hunt after they discovered that the Obama administration had

00:04:58.560 --> 00:05:03.540
unearthed a lot of information [00:05:00] about their ongoing enrichment efforts.

00:05:03.540 --> 00:05:07.590
They wanted to figure out who was leaking that information to American officials.

00:05:07.590 --> 00:05:12.120
JACK: Right; of course they’re looking for a mole, because remember Stuxnet? If not,

00:05:12.120 --> 00:05:16.740
I did a whole episode on it. It’s Episode 29. But Stuxnet was a cyber-attack which

00:05:16.740 --> 00:05:21.840
hit the Iranian nuclear enrichment facility in Natanz. Specifically, someone had to walk

00:05:21.840 --> 00:05:26.760
the malware into the facility to plant it or somehow get it infected on a computer that was

00:05:26.760 --> 00:05:31.260
going to go into that facility. This facility wasn’t connected to the internet and there was

00:05:31.260 --> 00:05:37.560
no way for an American to just go in there and plant it. Iran thought there was a double-agent,

00:05:37.560 --> 00:05:43.080
someone who worked for Iran and the US. This is why Iran was looking for a mole.

00:05:43.080 --> 00:05:49.140
JENNA: Yes, Iranian officials were deeply upset with a lot of the successes that had been tied

00:05:49.140 --> 00:05:56.580
to the Americans that we now know, rather more definitively, was the US and Israeli

00:05:56.580 --> 00:06:04.650
efforts to compromise Natanz. At the time, this was something Iran wanted to do to retaliate.

00:06:04.650 --> 00:06:10.080
JACK: Now, you can probably guess – the CIA and the US intelligence teams want to keep an eye on

00:06:10.080 --> 00:06:14.400
what’s going on in Iran. It’s an adversary of the US so it’s important to know what they’re

00:06:14.400 --> 00:06:19.440
up to. But since they’re such an adversary, it makes it very difficult for someone like a CIA

00:06:19.440 --> 00:06:26.220
agent to just go into Iran and start collecting intelligence. How does the CIA spy on Iran?

00:06:26.220 --> 00:06:31.020
ZACH: That’s a great question and also one that is still shrouded in a lot of mystery

00:06:31.020 --> 00:06:40.440
because obviously, CIA does not have a – there’s no American diplomatic facilities

00:06:40.440 --> 00:06:47.100
in Iran. There hasn’t been since 1979. Unlike China or Russia, there’s no such

00:06:47.100 --> 00:06:51.600
thing as official cover. You can’t show up as a state department employee and actually be CIA.

00:06:51.600 --> 00:06:55.680
JACK: Now, because there’s no diplomatic protections for Americans in Iran,

00:06:55.680 --> 00:07:00.720
this means that whatever CIA agents are in Iran are there illegally. They

00:07:00.720 --> 00:07:07.020
absolutely must be disguised, to go in under a fake name with a fake itinerary.

00:07:07.020 --> 00:07:12.180
ZACH: [MUSIC] There’s a couple things that you can do. One is you have somebody who can go in under

00:07:12.180 --> 00:07:17.040
business cover and potentially communicate with sources that way inside the country,

00:07:17.040 --> 00:07:22.800
but more realistically and from my understanding, far more frequently,

00:07:22.800 --> 00:07:30.960
what you do is you recruit and handle people outside of the country. So, Malaysia,

00:07:30.960 --> 00:07:39.660
the UAE, Turkey. These are places that in the past, CIA has had success in recruiting or meeting

00:07:39.660 --> 00:07:46.440
with Iranian sources. They were on inside lists, so it’s no great secret to them. In those cases,

00:07:46.440 --> 00:07:52.740
this is one reason why using covert communications over the internet is so valuable, because

00:07:52.740 --> 00:08:00.480
you can signal to somebody you would like to meet. Somebody says I’m slated to be in Dubai

00:08:00.480 --> 00:08:08.220
on July 4th. Then you do the preparatory work and you plan on meeting.

00:08:08.220 --> 00:08:13.680
As time went on, because in that area it’s just so difficult to operate in,

00:08:13.680 --> 00:08:18.060
having meetings in neutral ground is where things really moved.

00:08:18.060 --> 00:08:22.020
JACK: Alright, so we should probably cover a few terms for the different types of people involved

00:08:22.020 --> 00:08:27.480
in CIA spying. First you have an agent. This is someone who’s actually doing the spying or

00:08:27.480 --> 00:08:33.900
espionage. The person who manages agents is called an agent handler. Information collected by an

00:08:33.900 --> 00:08:40.140
agent is sent to the analysts. Analysts review, decode, and make sense of the information. Then

00:08:40.140 --> 00:08:46.500
there are assets. Assets are people who live in a country that’s being spied on. They’re knowingly

00:08:46.500 --> 00:08:52.440
giving information to the enemy. In this case, a asset might be an Iranian citizen who meets

00:08:52.440 --> 00:08:58.260
with a CIA agent to give them information. Then there’s also sources. A source is just a person

00:08:58.260 --> 00:09:02.940
with information that is willing to give to a spy whether they know that person is a spy or not.

00:09:02.940 --> 00:09:08.100
Oh, and there’s a targeting officer. This person will try to identify the people and

00:09:08.100 --> 00:09:13.080
organizations that have the critical data needed. There’s obviously a lot more different roles,

00:09:13.080 --> 00:09:19.800
but knowing these differences will come in handy during this story. [MUSIC]

00:09:19.800 --> 00:09:25.680
The covert communications the CIA uses fascinates me. Let’s talk about that.

00:09:25.680 --> 00:09:31.680
The CIA agents need to speak with their assets in Iran but it has to be very secretive,

00:09:31.680 --> 00:09:36.900
so what do you do? Text messaging is totally out of the question because it goes through the

00:09:36.900 --> 00:09:42.120
Iranian telecom companies, so that can easily be snooped. E-mails are no good because, what,

00:09:42.120 --> 00:09:46.560
you gonna use Gmail or something? You’re gonna trust Google for your top-secret communication?

00:09:46.560 --> 00:09:52.080
I don’t think so. A signal and wire are great end-to-end encryption messaging apps,

00:09:52.080 --> 00:09:55.260
but it requires you to download it, install it, and have it on your phone.

00:09:55.260 --> 00:10:00.540
What if the asset gets their phone taken and looked through? [00:10:00] They’ll be

00:10:00.540 --> 00:10:04.860
burned. The CIA can’t just set up some communication server back in Langley,

00:10:04.860 --> 00:10:11.520
Virginia for people in Iran to dial into because that would certainly raise suspicion, too. The

00:10:11.520 --> 00:10:17.460
CIA used something completely off the radar to communicate with their assets inside Iran.

00:10:17.460 --> 00:10:22.080
JENNA: The way that they were described to us and we understand them, is that they were websites

00:10:22.080 --> 00:10:27.840
that were disguised as something else, used as a portal to communicate with your handler.

00:10:27.840 --> 00:10:34.380
Maybe you’re a fan of yoga or you like to read certain books, it would be a website about those

00:10:34.380 --> 00:10:41.120
interests, perhaps. You’d actually be able to log in and access the communications through that.

00:10:41.120 --> 00:10:49.140
JACK: Very interesting; a super-secret website that looks like one thing but is actually a CIA

00:10:49.140 --> 00:10:54.840
back channel. This way, it looks like you’re just on a yoga website chatting with your yoga

00:10:54.840 --> 00:11:00.240
teacher and it looks totally normal if somebody were to walk in on you. You can quickly close

00:11:00.240 --> 00:11:06.660
the page when you’re done. Now, this secret comms channel was used to send all kinds of information.

00:11:06.660 --> 00:11:13.980
ZACH: Could be data uploads, it could be meets, it could be signs of life. I don’t know if this

00:11:13.980 --> 00:11:20.460
is how this system worked in particular but as we’ve known, there are ways where – there’s

00:11:20.460 --> 00:11:28.320
sites that are – that appear completely benign, but if you log into the site at a very specific

00:11:28.320 --> 00:11:35.760
time and click on a very specific pixel, for instance, all of a sudden it can open up

00:11:35.760 --> 00:11:40.260
a back door that allows for certain kinds of communication. I don’t know if that’s exactly

00:11:40.260 --> 00:11:44.460
how it worked in this case, but there’s lots of different ways that it can work and that was the

00:11:44.460 --> 00:11:48.060
way that, according to our understanding, at least some of this system functioned.

00:11:48.060 --> 00:11:52.680
JACK: The CIA wasn’t the only one using this tool. The UK was using it, too.

00:11:52.680 --> 00:11:56.160
ZACH: Yes, according to a former senior official,

00:11:56.160 --> 00:12:02.940
MI6 I believe was using it and then I believe the Defense Clandestine Services were also using it.

00:12:02.940 --> 00:12:07.380
JACK: Sounds like a pretty airtight communication system and it has to be,

00:12:07.380 --> 00:12:11.940
because lives are at stake, here. But this system wasn’t

00:12:11.940 --> 00:12:22.440
airtight. There were problems with this covert comms channel.

00:12:22.440 --> 00:12:30.000
JENNA: [MUSIC] A whistleblower from back in 2009 by the name of Reidy,

00:12:30.000 --> 00:12:37.680
he was the targeter for a contracting company. He was one of the people in charge of locating

00:12:37.680 --> 00:12:43.260
sources and setting up communications with them. His disclosure is extremely redacted but we

00:12:43.260 --> 00:12:48.780
managed to find some sources to help us with it who said that Reidy had identified these flaws.

00:12:48.780 --> 00:12:54.120
JACK: John Reidy was pointing out a few serious flaws in the

00:12:54.120 --> 00:12:58.320
communications channel that the CIA was using which he called a massive

00:12:58.320 --> 00:13:03.450
intelligence failure. He warned that this could create a nightmare scenario.

00:13:03.450 --> 00:13:10.020
JENNA: But because there’s never a perfect whistleblower; he had a business on the side,

00:13:10.020 --> 00:13:14.420
there were some other issues with his disclosures, they weren’t taken seriously at the time.

00:13:14.420 --> 00:13:20.460
JACK: We don’t know why the CIA didn’t take action when John Reidy spoke up. Could be too

00:13:20.460 --> 00:13:25.560
much bureaucracy in the way. It might have meant certain people losing their job. Also, this was

00:13:25.560 --> 00:13:31.500
a single person speaking up about this. How much effort do you put into listening to one complaint?

00:13:31.500 --> 00:13:36.180
For whatever reason, his cries to get this addressed were not sufficient.

00:13:36.180 --> 00:13:43.320
The flaws that existed in the communication channels persisted. Back to Iran. They were

00:13:43.320 --> 00:13:49.380
looking for the mole who helped sabotage Natanz. Through that investigation, they found a person.

00:13:49.380 --> 00:13:54.946
ZACH: It was somebody who the US thought worked for it but was actually a Iranian agent.

00:13:54.946 --> 00:14:01.200
JACK: [MUSIC] This double-agent knew of one secret website that was used by the CIA for covert

00:14:01.200 --> 00:14:08.580
communications and gave this information to Iran’s intelligence officers. This meant that Iranian

00:14:08.580 --> 00:14:15.960
intelligence were in the communication channels too, watching what was being said. This was a

00:14:15.960 --> 00:14:22.920
big problem, but it was a huge discovery for Iran; they just hacked into a secret CIA comms channel.

00:14:22.920 --> 00:14:27.900
JENNA: Once one of the websites was found, they were able to find others which made it so that

00:14:27.900 --> 00:14:32.220
it didn’t even really need to be hacked in the traditional sense of the word. It just needed

00:14:32.220 --> 00:14:38.400
some sort of creative Googling skills which most average open-source intelligence technicians –

00:14:38.400 --> 00:14:43.080
but, you know, even average people now, the hordes of Twitter, are certainly capable of.

00:14:43.080 --> 00:14:47.040
ZACH: Yeah, because apparently there was something in the structure of the

00:14:47.040 --> 00:14:53.280
website that connected it to other like websites. What they did was,

00:14:53.280 --> 00:15:01.380
once you pull that thread and you say well, this website has certain indicators, they were able to

00:15:01.380 --> 00:15:06.120
then find other websites with other indicators and then from there, then you’re playing ball,

00:15:06.120 --> 00:15:11.520
right? [00:15:00] Because then you can sit on those sites, see who logs in, see the traffic,

00:15:11.520 --> 00:15:16.260
check IP addresses, do all kinds of things to try to figure out who’s using it and when.

00:15:16.260 --> 00:15:23.400
JACK: Whoa, now Iran has access to multiple covert CIA communication channels? This is not good. This

00:15:23.400 --> 00:15:28.380
is really not good. This means they can listen in on whatever data the CIA is getting from Iran,

00:15:28.380 --> 00:15:34.500
what operations they’re planning, who’s moving around out there, and where people are meeting.

00:15:34.500 --> 00:15:38.640
Where people are meeting? Iran now knows where the CIA agents are

00:15:38.640 --> 00:15:41.760
gonna be because they’re listening to the communication channels for meeting places.

00:15:41.760 --> 00:15:48.720
JENNA: At that point, it really spider-webbed from there. Iranian officials used that

00:15:48.720 --> 00:15:55.320
information to uncover a vast network of sources within their country and abroad.

00:15:55.320 --> 00:15:58.440
JACK: Iran got to work. They listened in on the channels

00:15:58.440 --> 00:16:04.200
and waited for a scheduled meet between an Iranian asset and a CIA agent. Now,

00:16:04.200 --> 00:16:07.560
the meet might have been in Iran or it might have been in another country.

00:16:07.560 --> 00:16:10.980
ZACH: You can let them go to Dubai and trail them in Dubai,

00:16:10.980 --> 00:16:19.500
and surveil them. You probably want to do that, right, because guess what? If you do that,

00:16:19.500 --> 00:16:26.280
then you have a body on their handler. Then you have a photograph and then you

00:16:26.280 --> 00:16:34.500
can surveil their handler. Then if you surveil their handler, you can maybe

00:16:34.500 --> 00:16:42.840
figure out an entire network of CIA officers. Then you have somebody else keep following the CIA

00:16:42.840 --> 00:16:49.625
asset. You wait for them to get back on a plane to Tehran. They land in Tehran, you arrest them.

00:16:49.625 --> 00:16:56.160
JACK: That’s gotta be an interesting conversation. Imagine you’re an Iranian going home and the

00:16:56.160 --> 00:17:03.660
police stop you at the airport and ask, why did you go to Dubai to meet with a CIA agent? Uh. In

00:17:03.660 --> 00:17:09.900
Cuba during the Cuban Missile Crisis, CIA agents tried to recruit Cubans to help spy on Cuba. The

00:17:09.900 --> 00:17:14.940
CIA thought they had a decent network of spies in Cuba working for them. But as it turned out,

00:17:14.940 --> 00:17:20.400
Cuba knew every time when a CIA agent recruited a new Cuban spy. They would

00:17:20.400 --> 00:17:25.500
talk to this Cuban spy and get them to work for Cuba. As a result, all of the

00:17:25.500 --> 00:17:32.160
CIA’s assets in Cuba were actually working for Cuba. This means the counterintelligence that

00:17:32.160 --> 00:17:39.300
Cuba collected in this time was amazingly good. When Iran’s intelligence officers saw

00:17:39.300 --> 00:17:45.840
Iranians meeting with CIA officials, I wonder what they actually did to their own Iranians.

00:17:45.840 --> 00:17:56.400
Arrest them? Flip them to become double-agents? Or kill them? These are all possibilities.

00:17:56.400 --> 00:18:01.260
After Iran gathered enough intelligence, it was time for them to strike. Iran was

00:18:01.260 --> 00:18:07.220
setting up sting operations for these meetings and started capturing CIA assets and agents.

00:18:07.220 --> 00:18:13.500
JENNA: [MUSIC] Many people were held. They were imprisoned.

00:18:13.500 --> 00:18:22.440
JACK: Those were the lucky ones because Iran was also killing some of these people they captured.

00:18:22.440 --> 00:18:27.780
One by one, people were disappearing, never to be seen again.

00:18:27.780 --> 00:18:33.540
It’s not clear if it was CIA agents who were killed or officers or handlers or targeters

00:18:33.540 --> 00:18:40.260
or sources. Well, we do know that some sources were killed. These are people who lived in Iran

00:18:40.260 --> 00:18:45.600
and were caught giving secrets to US spies. This drastically impacted the intelligence

00:18:45.600 --> 00:18:52.320
the CIA was getting from Iran. It would have been tragic enough if CIA agents were killed

00:18:52.320 --> 00:18:57.300
because of this counterintelligence. But things got worse for the CIA.

00:18:57.300 --> 00:19:02.700
JENNA: Iran was sharing this with its allies and our adversaries. That information was

00:19:02.700 --> 00:19:07.920
passed along, we’re told, not only to Russia but also to Chinese officials.

00:19:07.920 --> 00:19:13.800
ZACH: It’s not like these countries did not share intelligence information at times,

00:19:13.800 --> 00:19:23.340
but what US officials started seeing was sharing on counterintelligence information, and

00:19:23.340 --> 00:19:26.880
that was considered notable because when you start sharing that information,

00:19:26.880 --> 00:19:31.740
it requires a greater degree of trust because you’re sharing with services that are actively

00:19:31.740 --> 00:19:36.360
spying on you. The Iranians are spying on the Chinese, the Chinese are spying on the Iranians.

00:19:36.360 --> 00:19:44.220
If I remember correctly, around that time, I believe a high-ranking Iranian

00:19:44.220 --> 00:19:51.960
counterintelligence official traveled to China or vice versa. This was seen as also a notable

00:19:51.960 --> 00:19:58.080
sign around the time that both networks in both countries were being wrapped up.

00:19:58.080 --> 00:20:02.940
There are different theories about where the origination point was and again,

00:20:02.940 --> 00:20:06.180
we’re talking about the Wilderness of Mirrors, right? We’re talking about a

00:20:06.180 --> 00:20:11.940
world where [00:20:00] even US intelligence officials come up with educated theories

00:20:11.940 --> 00:20:20.340
based on partial evidence. Take what I’m saying as a level or two down from that, but

00:20:20.340 --> 00:20:26.040
the consensus seems to be that the Iranians discovered something first via a mole or a

00:20:26.040 --> 00:20:31.560
double-agent, I should say. The Iranians ran a double-agent. The Iranians began to realize what

00:20:31.560 --> 00:20:37.860
was going on with the covert communications tools being used within their borders, and

00:20:37.860 --> 00:20:43.380
then may have passed some of that information to their Chinese counterparts who then did even more

00:20:43.380 --> 00:20:52.320
work on breaking that apart and using that to hunt down all the US intelligence assets within China.

00:20:52.320 --> 00:20:55.940
JENNA: That’s how it really got out of control.

00:20:55.940 --> 00:21:00.120
JACK: [MUSIC] At that point, China started learning the identities and

00:21:00.120 --> 00:21:04.200
locations of CIA agents who were in China, which had chilling results.

00:21:04.200 --> 00:21:07.800
JENNA: Because once the information was passed on to Chinese officials,

00:21:07.800 --> 00:21:13.860
that was one of the key reasons that such a large group of sources in China were killed.

00:21:13.860 --> 00:21:19.140
That network really has not been built up since then which obviously has loads

00:21:19.140 --> 00:21:25.080
of impact given the ongoing tensions with China and the developments happening there.

00:21:25.080 --> 00:21:31.260
JACK: Oh, this is worse than tragic. This was a catastrophe.

00:21:31.260 --> 00:21:37.740
JENNA: Our sources told us dozens of people died because of this around the world. I think that

00:21:37.740 --> 00:21:43.080
that’s certainly a fair estimate. I imagine in terms of people who were caught up in it,

00:21:43.080 --> 00:21:47.700
you could probably multiply that by a couple at least, right?

00:21:47.700 --> 00:21:51.240
It’s hard to fully estimate at this point just how far-reaching it was,

00:21:51.240 --> 00:21:57.900
but one figure I will mention is that in John Reidy’s complaint which, while it’s

00:21:57.900 --> 00:22:04.860
heavily redacted, did include this one sentence that still is there for anyone to see, that he

00:22:04.860 --> 00:22:11.480
estimated that this would impact 70% of the CIA’s global operations which is just a massive figure.

00:22:11.480 --> 00:22:18.420
JACK: I don’t even know what to say. This is all so heavy for me to comprehend. I have so

00:22:18.420 --> 00:22:24.000
many questions like why was this not an act of war? Why wasn’t this major news at the time when

00:22:24.000 --> 00:22:28.440
it happened? Why are we finding out about this five years after it happened? Why are

00:22:28.440 --> 00:22:33.540
the Iranian and Chinese governments killing their own people? Did the US cover this up?

00:22:33.540 --> 00:22:39.420
Well yeah, sorta they did, because these agents were killed while on active duty

00:22:39.420 --> 00:22:45.180
and part of a secret mission. The CIA doesn’t like talking about secret missions publicly.

00:22:45.180 --> 00:22:50.820
JENNA: There’s a wall within the CIA headquarters with a star for its officers who’ve died in the

00:22:50.820 --> 00:22:57.840
line of duty. They have periodically declassified some of those names. Some of them are known,

00:22:57.840 --> 00:23:05.700
some of them are published and that they’ve discussed, but others are not.

00:23:05.700 --> 00:23:11.520
JACK: It’s been seven years since all this happened. What has the

00:23:11.520 --> 00:23:14.940
US government done in response to this? Well,

00:23:14.940 --> 00:23:20.070
it’s hard to say since so much of what happens in the CIA is shrouded in secrecy.

00:23:20.070 --> 00:23:28.680
JENNA: If you are looking for things in the public record, there was a panel at CNAS,

00:23:28.680 --> 00:23:35.880
former House Intel Chair (HPSCI) Mike Rogers was discussing a couple intelligence failures that he

00:23:35.880 --> 00:23:41.550
had to deal with during his time as chairman. He mentioned specifically a communications failure.

00:23:41.550 --> 00:23:46.440
JACK: Okay, so, I have that clip. This is Mike Rogers speaking at CNAS which

00:23:46.440 --> 00:23:50.100
stands for the Center of New American Security. It’s a Washington-based think

00:23:50.100 --> 00:23:54.360
tank which focuses on national security. Now, Mike Rogers was the former director

00:23:54.360 --> 00:23:58.500
of the NSA, and he’s talking about investigations he did to help the CIA.

00:23:58.500 --> 00:24:02.580
MIKE: The kind of investigations we did, we did things like inside that didn’t ever make

00:24:02.580 --> 00:24:09.300
it public for how our sources and assets and agents communicate with each other.

00:24:09.300 --> 00:24:15.600
If you recall, we had a – we had some blips. So, Dutch and I sat down; said,

00:24:15.600 --> 00:24:21.240
we’re not putting up with this. We generated the resources and did our own internal investigation

00:24:21.240 --> 00:24:24.960
– try to fix this problem. It was a serious problem that we thought needed to be fixed.

00:24:24.960 --> 00:24:31.260
JACK: Hm, that’s not really specific. All he’s saying is that he investigated a communications

00:24:31.260 --> 00:24:36.600
blip in the CIA. He could be talking about the story, but his comments don’t really

00:24:36.600 --> 00:24:42.540
confirm any of the details. That’s the only time anyone in US intelligence has publicly

00:24:42.540 --> 00:24:49.740
acknowledged this situation. Regardless, I sure hope they did an investigation on this.

00:24:49.740 --> 00:24:58.800
[MUSIC] The CIA hasn’t said anything publicly about this; no press release or statement to

00:24:58.800 --> 00:25:04.500
the press, no announcements that any CIA agents were killed in this manner. Nor have there been

00:25:04.500 --> 00:25:09.120
any indictments which might accuse [00:25:00] Iranian or Chinese officials of killing agents.

00:25:09.120 --> 00:25:15.900
ZACH: You’ll never seen an indictment for any of this because the very act of validating

00:25:15.900 --> 00:25:24.240
via an indictment shows that the Iranians and the Chinese were, in fact,

00:25:24.240 --> 00:25:33.180
targeting the right people. It’s illegal to spy, right?

00:25:33.180 --> 00:25:41.820
They don’t want any further disclosure about what occurred, why it occurred, the process behind it,

00:25:41.820 --> 00:25:49.500
and they certainly do not want to open up the Pandora’s box of an American legal proceeding

00:25:49.500 --> 00:25:58.080
with discovery, by the way. A defense attorney would be able to theoretically dredge up some –

00:25:58.080 --> 00:26:03.300
‘cause they have to defend their client, right? None of that will ever see the light of day.

00:26:03.300 --> 00:26:08.400
JACK: On top of that, the CIA really likes operating in secrecy as much as possible.

00:26:08.400 --> 00:26:12.660
ZACH: Going back many, many, many decades,

00:26:12.660 --> 00:26:22.620
CIA has had a lot of tension with DOJ over any CIA information or sources being used in the –

00:26:22.620 --> 00:26:31.920
for making cases in the American justice system because of the desire to remain in the shadows.

00:26:31.920 --> 00:26:36.960
JACK: Even though the US government didn’t and probably won’t ever mention this, there were some

00:26:36.960 --> 00:26:42.300
news articles about it. One of the reasons that Zach and Jenna even know about this is because of

00:26:42.300 --> 00:26:49.680
a story in the New York Times titled Killing CIA Informants: China Crippled US Spying Operations.

00:26:49.680 --> 00:26:55.140
But there’s no mention of Iran in that story. Once Jenna and Zach saw that story, they began

00:26:55.140 --> 00:27:00.060
their own investigation to try to learn more and sure enough, they uncovered so much more. See,

00:27:00.060 --> 00:27:04.380
the New York Times story didn’t explain how the communication channels got hacked into.

00:27:04.380 --> 00:27:12.000
They suspected China had cracked some encryption or that there was a mole, a US CIA agent who was

00:27:12.000 --> 00:27:20.160
giving secrets to China. In fact, the New York Times named the mole who was suspected; Jerry Lee.

00:27:20.160 --> 00:27:25.320
HOST4: A former CIA officer was arrested this week on charges of mishandling classified

00:27:25.320 --> 00:27:31.140
information. The FBI said that Jerry Chun Shing Lee had in his possession notebooks

00:27:31.140 --> 00:27:36.660
that contained names and contact information of CIA informants and agents in China.

00:27:36.660 --> 00:27:41.580
JACK: He had this notebook of some of the names of the informants that were captured

00:27:41.580 --> 00:27:46.740
and killed. Not all of them; just a few. Jerry Lee was given this information to do

00:27:46.740 --> 00:27:52.380
a certain job within the CIA but then moved to a new position and wasn’t authorized to

00:27:52.380 --> 00:27:58.140
have access to this information anymore. He was charged with unlawful retention of

00:27:58.140 --> 00:28:04.560
classified information. He might have helped the Chinese identify some of these informants.

00:28:04.560 --> 00:28:12.480
JENNA: However, based on our source’s knowledge and how quickly many of these sources were rolled

00:28:12.480 --> 00:28:19.140
up, they believe that it had a lot more to do with this technical problem. It will be interesting and

00:28:19.140 --> 00:28:27.120
I think it’ll be continued to – studied for years to come which of these failures was more to blame,

00:28:27.120 --> 00:28:33.780
and how they interacted with each other and made it possible for so many sources to die.

00:28:33.780 --> 00:28:39.660
JACK: [MUSIC] I’m still a bit baffled that there

00:28:39.660 --> 00:28:42.780
weren’t more reports in the media about the people who were killed.

00:28:42.780 --> 00:28:52.020
ZACH: Well, I think that there were scattered reports of people being killed. There’s an

00:28:52.020 --> 00:29:00.840
anecdote that is in the New York Times story about a – somebody being dragged down to the street and

00:29:00.840 --> 00:29:14.220
shot. There is a story that I was told from a former intelligence official about a man and his

00:29:14.220 --> 00:29:24.300
pregnant wife being executed on closed-circuit television, where the people – these people’s

00:29:24.300 --> 00:29:33.900
colleagues within a state laboratory or defense facility were made to watch. That stuff has leaked

00:29:33.900 --> 00:29:38.700
out, but you also have to account for the fact that you’re talking about closed societies, right?

00:29:38.700 --> 00:29:44.940
If you’re also talking about individuals who were spying for the US government who were working high

00:29:44.940 --> 00:29:50.640
up within the Iranian and Chinese national security or foreign affairs bureaucracies,

00:29:50.640 --> 00:29:56.700
they keep a very, very tight lid of information about that. If you’re an Iranian intelligence

00:29:56.700 --> 00:30:03.900
officer working for the MLIS and they discover that you’re – you are spying for the Americans,

00:30:03.900 --> 00:30:08.520
they may or may not decide to publicize it. But if they [00:30:00] didn’t publicize it,

00:30:08.520 --> 00:30:13.620
it’ll – leaking out to the US press would be very unusual.

00:30:13.620 --> 00:30:17.520
JACK: While there haven’t been many stories about these killings in the US,

00:30:17.520 --> 00:30:21.420
Iran has published some chilling stories about this.

00:30:21.420 --> 00:30:25.380
JENNA: Oh, they have, they have. That’s mentioned in the story that’s been an

00:30:25.380 --> 00:30:32.940
interesting publication for us, is that Iran has seized upon its successes in

00:30:32.940 --> 00:30:37.200
killing and arresting CIA officers. They’ve done documentaries online, they’ve put out

00:30:37.200 --> 00:30:42.900
press releases. They have certainly not been quiet about it, that’s for sure.

00:30:42.900 --> 00:30:46.260
JACK: When Aldrich Ames was discovered to be a double-agent,

00:30:46.260 --> 00:30:52.320
this made big news. President Clinton even gave a press statement talking about this. So,

00:30:52.320 --> 00:30:56.880
I’m kinda baffled as to why Jenna and Zach’s story wasn’t a bigger deal.

00:30:56.880 --> 00:31:01.440
JENNA: Yeah, you’re telling me. We wonder the same thing. I would

00:31:01.440 --> 00:31:04.560
love to know the answer to that question, why it didn’t get more attention. I mean,

00:31:04.560 --> 00:31:09.960
Zach and I won the Gerald Ford Award for reporting on national defense for that story.

00:31:09.960 --> 00:31:14.580
It’s been recognized in certain capacities, but I really think that it deserves a much

00:31:14.580 --> 00:31:20.640
larger public exploration of the way that the intelligence community is using its technology.

00:31:20.640 --> 00:31:23.220
JACK: Huh. Whatever happened to that whistleblower, John Reidy,

00:31:23.220 --> 00:31:28.260
who tried to warn the CIA there was a communications failure? Well, he was fired.

00:31:28.260 --> 00:31:34.740
JENNA: He was fired, yes. At the time, he did lose his job largely due to his competing business,

00:31:34.740 --> 00:31:40.680
but he believes in retaliation. That’s an area that the intelligence community has

00:31:40.680 --> 00:31:45.300
a lot of issues with. There’s not enough defenses particularly for contractors in

00:31:45.300 --> 00:31:52.080
the intelligence community to be able to lodge complaints of retaliation. His

00:31:52.080 --> 00:31:55.980
family life fell apart. He lost his job, he lost his security clearance,

00:31:55.980 --> 00:32:02.460
and it’s a story that’s sadly all too familiar about people who raise concerns like this.

00:32:02.460 --> 00:32:06.960
JACK: But did all of this result in the CIA tearing down this covert way

00:32:06.960 --> 00:32:10.560
of communicating or thoroughly going through and fixing every problem?

00:32:10.560 --> 00:32:20.160
JENNA: We did a follow-up story on how the issue continues to plague the agency five years later.

00:32:20.160 --> 00:32:27.960
The explanation that I got is that it’s this complex web of interlocking technical systems and

00:32:27.960 --> 00:32:34.080
that this sort of bureaucratic differences between the office of science and technology and the

00:32:34.080 --> 00:32:39.480
directorate of operations has led to disagreements on how to handle the technology and where it can

00:32:39.480 --> 00:32:47.280
be deployed, and the excuses that are presented to us. But it really doesn’t make sense that

00:32:47.280 --> 00:32:53.460
it has not been fully fortified to this point. At a certain level, you could get to the point

00:32:53.460 --> 00:33:00.960
where you just say technology is not secure. Any instance that you use it needs to measure those

00:33:00.960 --> 00:33:08.100
risks and those benefits. But the fact that this kind of tool which is clearly not secure at all –

00:33:08.100 --> 00:33:14.820
not encrypted, over the open internet – was relied upon so heavily for contact with sources that

00:33:14.820 --> 00:33:21.360
there needs to be, if there has not been already, a significant reevaluation of that process.

00:33:21.360 --> 00:33:27.600
JACK: Hm. There’s still so many unanswered questions in this story which I think is how

00:33:27.600 --> 00:33:32.820
the CIA wants it to stay. Spies don’t like having the spotlight on them. They scurry

00:33:32.820 --> 00:33:38.160
when it shines. I’ll just leave you with this quote from Malcolm Nance who spent thirty-five

00:33:38.160 --> 00:33:44.160
years doing US intelligence. He says “for an old spy and code-breaker like myself,

00:33:44.160 --> 00:33:48.720
nothing in the world happens by coincidence.””

00:33:48.720 --> 00:33:59.700
(OUTRO): [OUTRO MUSIC] A big thank you to Zach Dorfman and Jenna McLaughlin for coming on the

00:33:59.700 --> 00:34:03.960
show and telling us this story they reported on. It’s amazing how they were able to find so

00:34:03.960 --> 00:34:08.160
many details on this story and publish it. If you like this show and it brings value to you,

00:34:08.160 --> 00:34:11.640
consider donating to it through Patreon. By directly supporting this show,

00:34:11.640 --> 00:34:15.900
it helps keep ads at a minimum. It helps us make this show and it tells me that you want

00:34:15.900 --> 00:34:21.900
more. Please visit patreon.com/darknetdiaries and consider supporting the show. Thank you.

00:34:21.900 --> 00:34:27.180
Also, I’m inviting you to come join us on Discord. It’s a chatroom with a bunch of

00:34:27.180 --> 00:34:31.200
other fans of the show. It’s a great place to hang out with other Darknet Diaries fans and

00:34:31.200 --> 00:34:37.980
sometimes there’s giveaways there, too. Come join us at discord.gg/darknetdiaries. This

00:34:37.980 --> 00:34:42.900
show is made by me, the sleeping agent, Jack Rhysider. I had some reporting assistance this

00:34:42.900 --> 00:34:47.100
episode by the super-snooper Yael Grauer. Sound design and original music created

00:34:47.100 --> 00:34:51.660
by the always-observant Andrew Meriwether; editing help this episode by the undercover

00:34:51.660 --> 00:34:57.480
Damienne. Our theme music is by the counter-beat Breakmaster Cylinder. Even though I sometimes

00:34:57.480 --> 00:35:03.300
sit and wonder what time zone are people in on the moon, this is Darknet Diaries.