CIA's 'unworthy' spies in Iran left behind, just like elsewhere
13 Min Read
An investigative report by Reuters reveals how the CIA abandoned its Iranian spies during its "secret" war with Iran.
-
CIA's "unworthy" spies (Reuters)
In an investigative report by Reuters, the piece begins with a depicted moment of the spy being a few minutes away from leaving Iran when he was taken away.
In late 2010, Gholamreza Hosseini was at Imam Khomeini Airport in Tehran, preparing for a flight to Bangkok, where the Iranian industrial engineer would be introduced to his Central Intelligence Agency handlers. The airport ATM machine rejected his card as invalid before he could pay his exit tax to leave the country.
Moments later, a security officer asked to see Hosseini’s passport before escorting him away.
Hosseini stated, according to the report, that he was taken to an empty VIP lounge and told to sit on a couch facing a wall. Hosseini reached into his trouser pocket and pulled out a memory card containing state secrets that could land him in jail. He stuffed the card into his mouth, chewed it up, and swallowed it.
Read next: Iran dismantles an Israeli cyber espionage network
Ministry of Intelligence agents entered the room, according to Reuters, and the interrogation began. His denials and the destruction of the data were worthless; they seemed to know everything already.
“These are things I never told anyone in the world,” Hosseini told Reuters. As his mind raced, Hosseini even wondered whether the CIA itself had sold him out.
Hosseini, who had been imprisoned for nearly a decade and was speaking out for the first time, said he never heard from the CIA again after his release in 2019.
CIA 'negligence' or 'indifference'?
Hosseini's experience with carelessness and abandonment was not unusual. Interviews with six Iranian former CIA informants exposed the agency's carelessness during its intense drive to gather intelligence in Iran, as reported by Reuters.
The CIA directed him to drop his information in Turkey, according to one informant, at a location known to the agency to be under Iranian surveillance. Another man, a former government employee who traveled to Abu Dhabi to apply for a US visa, claims a CIA officer there tried to persuade him to spy for the US, which led to his arrest when he returned to Iran.
Read next: Iran arrests three Israeli Mossad spies: State TV
Reuters stated that such aggressive CIA actions put Iranian spies in danger, with little chance of obtaining critical intelligence. Even years after these men were apprehended, the agency provided no assistance to the informants or their families, according to the six Iranians.
According to the report, former CIA counterintelligence chief James Olson said he was allegedly unaware of these specific cases. He argued that any unnecessary compromise of sources by the agency would be a "professional and ethical failure."
The men were imprisoned as part of an Iranian counterintelligence operation that began in 2009, according to news reports and three former US national security officials. According to state media reports, Tehran's spy hunt ended up with the capture of dozens of CIA informants.
Espionage convicts
Reuters interviewed six Iranians convicted of espionage by the Iranian government between 2009 and 2015.
The news agency interviewed 10 former US intelligence officials with knowledge of Iran operations, reviewed Iranian government records and news reports, and interviewed people who knew the spies to verify their claims.
The CIA declined to comment specifically on Reuters' findings or on the intelligence agency's operations in Iran.
An analysis by two independent cybersecurity specialists found that the now-defunct covert online communication system that Hosseini used – located by Reuters in an internet archive – may have exposed at least 20 other Iranian spies and potentially hundreds of other collaborators operating in other countries around the world.
Communication system
This messaging platform, according to Reuters, which was operational until 2013, was concealed within rudimentary news and hobby websites where spies could connect with the CIA. Four former US officials confirmed its existence to Reuters.
Years later, the agency is still haunted by these failures. CIA leadership warned in a series of internal cables last year that it had lost most of its network of spies in Iran and that sloppy tradecraft continues to jeopardize the agency's plans worldwide, according to The New York Times.
The CIA considers Iran one of its most difficult targets.
Four former intelligence officers interviewed by Reuters revealed that the agency is willing to take greater risks with sources when spying on Iran.
Washington has long used the Islamic Republic's nuclear energy as a pretext to further isolate and stifle the country, but Iran has repeatedly denied any such claims and maintained that its programs are for peaceful purposes only.
“This is a very serious, very serious intelligence goal to penetrate Iran’s nuclear weapons program. You don’t get a much higher priority than that,” said James Lawler, a former CIA officer whose focus included weapons of mass destruction - which the US never found in Iraq despite its claims of their presence to invade and occupy the country - and Iran.
“So when they do the risk-versus-gain analysis, you’ve got to consider the incredible amount of gain.”
What is the spy game?
For the first time, six informants were interviewed by Reuters and provided an unprecedented firsthand account of the deadly spy game from the perspective of Iranians who served as CIA foot soldiers.
The six Iranians served prison terms ranging from five to 10 years. Four of them, including Hosseini, stayed in Iran after their release, whereas two fled the country and have since become stateless refugees.
The six men acknowledged that their CIA handlers never made firm promises to help if they were caught.
The espionage busts may jeopardize the CIA's credibility as it attempts to rebuild its spy network in Iran. “It’s a stain on the US government,” Hosseini told Reuters.
Tammy Kupperman Thorp, a CIA spokeswoman, declined to comment on Hosseini, other captured Iranians, or any aspect of how the agency conducts operations.
She felt obligated, however, to defend the CIA's claims of protecting "the people who work with us very seriously, and we know that many do so bravely at great personal risk."
How did Hosseini become a spy?
Hussaini studied industrial engineering at the prestigious Amirkabir University of Technology. Hosseini claims that a professor there introduced him to a former student with ties to the Iranian government, who later became his business partner.
He founded an engineering firm in 2001 alongside a former student with alleged ties to the Iranian government. The company provided services to help businesses optimize their energy consumption.
Read next: Mossad spy network arrested in Iran
One day in 2007, he said he opened the CIA public website and clicked the link to contact the agency, “I’m an engineer who has worked at the nuclear site Natanz and I have information,” he wrote in Persian.
A month later, to his surprise, Hosseini said he received an email back from the CIA.
Agent I
Hosseini stated that three months after that contact, he flew to Dubai and met Chris, who was speaking in English while her colleague translated in Persian. Chris told him they were the people Hosseini had been exchanging messages with on Google's chat platform for the past few months.
When asked about his work, Hussaini said his company was a subcontractor of Kalaye Electric, a company sanctioned by the US government in 2007. He went on to say that he was looking for more contracts at other sensitive nuclear and military sites.
Hosseini also claimed that his company had several years earlier worked on contracts to optimize the flow of electricity at the Natanz site.
The three met again the next day, this time in Hosseini's hotel room overlooking the Gulf. Hosseini spread out a maze-like map across his desk, displaying the electricity connected to the Natanz nuclear facility.
Read next: Iran arrests another Swedish spy
Despite being several years old, the map's notations of the amount of power flowing into the facility provided Washington with a baseline to estimate the number of centrifuges currently active, according to Hosseini.
Hosseini claimed he had no idea Natanz was being pursued by US authorities at the time. Security analysts concluded that the same year, Washington and "Israel" launched a cyberweapon that would sabotage those very centrifuges, infecting them with a virus that would cripple uranium enrichment at Natanz for years to come.
In subsequent meetings, Hosseini said the CIA asked him to focus on a broader US goal: identifying potential critical points in Iran's national electric grid that, if hit by a missile or saboteurs, would cause long and paralyzing blackouts.
Agent II
Hosseini claims that as the relationship progressed, Chris was replaced by a male handler who was accompanied by officials described as more senior in the CIA's Iran operations, as well as technical experts who could keep up with his engineering jargon.
Hosseini was inspired by his new role. He raced to secure contracts that would give him greater access to the intelligence sought by the CIA. He claimed his firm had a contract with a unit of Setad, the sprawling business conglomerate allegedly affiliated with Iran's Supreme Leader Ayatollah Ali Khamenei, to assess the electrical needs of a massive shopping and commercial building project in Tehran's northwestern outskirts.
He was later given access to maps that showed how electricity was routed to nuclear and military sites, as well as how critical points of the network could be hacked.
Thirsty for information; the CIA wanted more
Hosseini said he met with an older CIA officer and others at a hotel in Dubai in August 2008, a year after becoming a spy.
“We need to expand the commitment,” Hosseini recounted the officer saying.
A CIA officer in the meeting then showed Hosseini a covert communications system he could use to contact his handlers: Iraniangoals.com, a rudimentary Persian-language soccer news website. Entering a password into the search bar brought up a secret messaging window, allowing Hosseini to send and receive information from the CIA.
What Hosseini didn't realize was that the world's most powerful intelligence agency had provided him with a tool that would almost certainly lead to his capture. A flaw in a web-based covert communications system led to the arrest of dozens of CIA informants in Iran and China in 2018, according to Yahoo News.
Communication web crash
Reuters discovered Iraniangoals.com, the secret CIA communications site identified by Hosseini, in an internet archive where it is still publicly accessible. The news agency then asked two independent cyber analysts – Bill Marczak of the University of Toronto’s Citizen Lab and Zach Edwards of Victory Medium – to probe how Iran may have used weaknesses in the CIA’s own technology to unmask Hosseini and other CIA informants.
Read next: CIA used covert websites an 'amateur' could have caught: Research
Marczak and Edwards quickly discovered that the secret messaging window hidden within Iraniangoals.com could be found by right-clicking on the page and bringing up the website's coding.
This code contained descriptions of secret functions, including the words "message" and "compose" - obvious hints that the site had a messaging capability. The search barcoding that activated the secret messaging software was labeled "password".
Iraniangoals.com, far from being customized, high-end spycraft, was one of the hundreds of websites mass-produced by the CIA to provide its sources with, the independent analysts concluded. These rudimentary websites were devoted to topics such as beauty, fitness, and entertainment, with one dedicated to the late American talk show host Johnny Carson.
According to two former CIA officials, each fake website was assigned to only one spy in order to limit the exposure of the entire network if any single agent was captured.
However, the CIA made identifying those sites simple, according to independent analysts. Marczak discovered over 350 websites that used the same secret messaging system and had all been archived for at least nine years. Edwards' findings and methodology were confirmed.
As a result, many of these websites' numerical identifiers, or IP addresses, were sequential, much like houses on the same street.
“The CIA really failed with this,” said Marczak, the Citizen Lab researcher. The covert messaging system, he said, “stuck out like a sore thumb.”
Furthermore, some sites had names that were strikingly similar. For example, while Hosseini was communicating with the CIA via Iraniangoals.com, another informant's website, Iraniangoalkicks.com, was created. The analysts discovered that at least two dozen of the 350-plus sites produced by the CIA appeared to be messaging platforms for Iranian operatives.
Overall, the discovery of a single spy using one of these websites allowed Iranian intelligence to discover additional pages used by other CIA informants. Once those locations were identified, apprehending the operatives who used them would have been simple.
The CIA used the same row of bushes for its informants all over the world. According to the analysts, any attentive espionage rival would have detected them all. CIA spokeswoman Thorp declined to comment on the system.
Reuters confirmed the nature of the CIA's cookie-cutter website intelligence failure with three former national security officials.
According to former US officials, the agency was not fully aware that this system had been compromised until 2013 when many of its agents went missing. They claimed that the mass-produced sites were for sources who were either not fully vetted or had limited, albeit potentially valuable, access to state secrets.
“This is for a person viewed as not worth the investment of advanced tradecraft,” one of the former CIA officials said.
