It was considered one of the CIA’s worst failures in decades: Over a two-year period starting in late 2010, Chinese authorities systematically dismantled the agency’s network of agents across the country, executing dozens of suspected U.S. spies. But since then, a question has loomed over the entire debacle.
How were the Chinese able to roll up the network?
Now, nearly eight years later, it appears that the agency botched the communication system it used to interact with its sources, according to five current and former intelligence officials. The CIA had imported the system from its Middle East operations, where the online environment was considerably less hazardous, and apparently underestimated China’s ability to penetrate it.
“The attitude was that we’ve got this, we’re untouchable,” said one of the officials who, like the others, declined to be named discussing sensitive information. The former official described the attitude of those in the agency who worked on China at the time as “invincible.”
Other factors played a role as well, including China’s alleged recruitment of former CIA officer Jerry Chun Shing Lee around the same time. Federal prosecutors indicted Lee earlier this year in connection with the affair.
But the penetration of the communication system seems to account for the speed and accuracy with which Chinese authorities moved against the CIA’s China-based assets.
“You could tell the Chinese weren’t guessing. The Ministry of State Security [which handles both foreign intelligence and domestic security] were always pulling in the right people,” one of the officials said.
“When things started going bad, they went bad fast.”
The former officials also said the real number of CIA assets and those in their orbit executed by China during the two-year period was around 30, though some sources spoke of higher figures. The
New York Times, which first
the story last year, put the number at “more than a dozen.” All the CIA assets detained by Chinese intelligence around this time were eventually killed, the former officials said.
The CIA, FBI, and National Security Agency declined to comment for this story. The Chinese Embassy in Washington did not respond to requests for comment.
At first, U.S. intelligence officials were “shellshocked,” said one former official. Eventually, rescue operations were mounted, and several sources managed to make their way out of China.
One of the former officials said the last CIA case officer to have meetings with sources in China distributed large sums of cash to the agents who remained behind, hoping the money would help them flee.
When the intelligence breach became known, the CIA formed a special task force along with the FBI to figure out what went wrong. During the investigation, the task force identified three potential causes of the failure, the former officials said: A possible agent had provided Chinese authorities with information about the CIA asset network, some of the CIA’s spy work had been sloppy and might have been detected by Chinese authorities, and the communications system had been compromised. The investigators concluded that a “confluence and combination of events” had wiped out the spy network, according to one of the former officials.
Eventually, U.S. counterintelligence officials identified Lee, the former CIA officer who had worked extensively in Beijing, as China’s likely informant. Court documents suggest Lee was in contact with his handlers at the Ministry of State Security through at least 2011.
Chinese authorities paid Lee hundreds of thousands of dollars for his efforts, according to the documents. He was indicted in May of this year on a charge of conspiracy to commit espionage.
But Lee’s alleged betrayal alone could not explain all the damage that occurred in China during 2011 and 2012, the former officials said. Information about sources is so highly compartmentalized that Lee would not have known their identities. That fact and others reinforced the theory that China had managed to eavesdrop on the communications between agents and their CIA handlers.
When CIA officers begin working with a new source, they often use an interim covert communications system—in case the person turns out to be a double agent.
The communications system used in China during this period was internet-based and accessible from laptop or desktop computers, two of the former officials said.
This interim, or “throwaway,” system, an encrypted digital program, allows for remote communication between an intelligence officer and a source, but it is also separated from the main communications system used with vetted sources, reducing the risk if an asset goes bad.
Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected—and there would be no way to trace the communication back to the CIA. But the CIA’s interim system contained a technical error: It connected back architecturally to the CIA’s main covert communications platform. When the compromise was suspected, the FBI and NSA both ran “penetration tests” to determine the security of the interim system. They found that cyber experts with access to the interim system could also access the broader covert communications system the agency was using to interact with its vetted sources, according to the former officials.
In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems.
U.S. intelligence officers were also able to identify digital links between the covert communications system and the U.S. government itself, according to one former official—links the Chinese agencies almost certainly found as well. These digital links would have made it relatively easy for China to deduce that the covert communications system was being used by the CIA. In fact, some of these links pointed back to parts of the CIA’s own website, according to the former official.
The covert communications system used in China was first employed by U.S. security forces in war zones in the Middle East, where the security challenges and tactical objectives are different, the sources said. “It migrated to countries with sophisticated counterintelligence operations, like China,” one of the officials said.
...
