from the cybercoups-on-tap dept
Outside of the agencies desiring to participate in a cyberwar, cyberwars are generally considered to be a bad idea. At some point, the cyber is going to turn physical and we’ll just be stuck in a regular war that actually kills people. And since accurate attribution still remains elusive, the potential for picking the wrong fight remains.
There was some talk of going to cyberwar with Russia after the DNC server hacking. The CIA, in particular, was all too willing to send its keyboard warriors out to do battle. This desire to draw virtual blood found some backing in the press when NBC acted as the agency’s PR office, talking up the new bright, shiny warfare and asking viewers if they’d like to know more.
As long as officials have been claiming we’re on the cusp of a “cyber Pearl Harbor,” the CIA has been wanting to go on the offensive. The CIA already participates in plenty of cyber-attacks, but it’s mostly of the one-to-one variety, targeting individuals the agency has placed under surveillance. But the agency does know how to disrupt elections, participate in coups, and otherwise wreak havoc in “enemy” lands.
Now it can do it at the cyber level. And, as Yahoo News was the first to report, it’s been doing it for a few years now thanks to the new kid in town.
The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities, according to former U.S. officials with direct knowledge of the matter.
The secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations. The finding allows the CIA to more easily authorize its own covert cyber operations, rather than requiring the agency to get approval from the White House.
Rather than develop targets over months and years, the CIA can now rush in whenever it feels there’s a target worth attacking. It’s not just attacks targeting infrastructure or weapons development capability. It’s also disinformation campaigns and the breaching of protected servers to obtain sensitive (and potentially embarrassing) documents to leak locally. Yes, the CIA is now a self-contained Wikileaks that sources and obtains its own documents.
But there’s more to it than that. The authorization of CIA activities allows it to go after targets that were previously considered off-limits if it can find the slightest justification for doing so.
The presidential authorization makes it much easier for the CIA to target “cut-outs” believed to be working surreptitiously for hostile foreign intelligence services at media organizations, charities, religious institutions, or other non-state entities for disruptive or destructive cyber actions, said former officials. In the past, the burden of proof for targeting such entities was high; now, standards have been made far more lax, said former officials.
The administration has also given the CIA more power to attack foreign financial institutions, something previous administrations — and the Treasury Department itself — opposed due to concerns about collateral damage to international relations or the world economy itself. These concerns are now being ignored. The CIA — thanks in part to the departed John Bolton — now operates with near-impunity. The end result of the Trump Administration casting off the shackles binding this component of the Deep State is operations like the one described in the Yahoo article — one that appears to have been performed by the CIA.
In another stunning hack-and-dump operation, an unknown group in March 2019 posted on the internet chat platform Telegram the names, addresses, phone numbers and photos of Iranian intelligence officers allegedly involved in hacking operations, as well as hacking tools used by Iranian intelligence operatives. That November, the details of 15 million debit cards for customers of three Iranian banks linked to Iran’s Islamic Revolutionary Guard Corps were also dumped on Telegram.
Although sources wouldn’t say if the CIA was behind those Iran breaches, the finding’s expansion of CIA authorities to target financial institutions, such as an operation to leak bank card data, represents a significant escalation in U.S. cyber operations.
The CIA is a power player in the cyber-arena now. It has finally secured the powers it’s been seeking for three straight administrations. But, on top of concerns about potential international “incidents” the CIA may be leading us towards, there’s the more immediate concern about how the CIA secures its own stuff. If you want to wage a cyberwar, you’d better have your home front locked down tight. Recent events have shown the CIA’s approach to internal security is lax at best. If the agency is out picking fights with foreign hackers, it won’t be long before someone takes the CIA’s weapons and starts wielding them against our allies… or the United States itself.