“There have been only two kinds of CIA secret operations: the ones that are widely known to have failed—usually because of almost unbelievably crude errors—and the ones that are not yet widely known to have failed.”
“To give our compromise context, the U.S. communications infrastructure was under siege. Once we understood this compromise several of the mysteries we encountered in our operations came sharply into focus. Our operational interests were known. The damage did not stop with the identification of our humint assets. It was a recipe for disaster. We had a catastrophic failure on our hands that would ensnare a great many of our sources.”
John Reidy — Letter to the CIA Inspector General’s Office (2010)
“You could tell the Chinese weren’t guessing. The Ministry of State Security [which handles both foreign intelligence and domestic security] were always pulling in the right people. When things started going bad, they went bad fast. Information about sources is so highly compartmentalized that Lee would not have known their identities. That fact and others reinforced the theory that China had managed to eavesdrop on the communications between agents and their CIA handlers.”
Anonymous former US Intelligence Officer
January 7 2019 — We continue our review of the top 10 stories that the readers of INTEL TODAY have consulted the most in 2018. These stories have attracted more than hundred thousand visitors and reached almost every single country on earth! Most of our visitors come from the Five Eyes countries — Australia, Canada, New Zealand, the United Kingdom and the United States — Hong Kong (China), as well as Switzerland, Germany, Netherlands France, and … Belgium; surely a reminder that Brussels in now regarded as a city of spies due to its alleged highest density of spooks anywhere in the world. Follow us on Twitter: @Intel_Today
RELATED POST: CIA Whistleblowers — “I, John Reidy, Declare…”
RELATED POST: Former CIA Jerry Lee Case — Why the Disinformation?
RELATED POST: CIA Debacle in China — The Search for “PATIENT ZERO”
Several media have reported that former CIA officer Jerry Chun Shing Lee has been charged for allegedly helping the Chinese government dismantle a US spy network.
I told you that this information was simply not correct and I suggested that the real story hidden by this disinformation would be big and ugly. I was not wrong. Five former and current US intelligence officers have just confirmed my conclusions.
In May 2018, I told you that several media were incorrectly reporting that former CIA officer Jerry Chun Shing Lee has been charged for allegedly helping the Chinese government dismantle a US spy network.
“The indictment does not charge Mr Lee with such crime. The US prosecutors do not accuse Mr Lee of passing classified information to Chinese Intelligence officers.
Instead, they say he had the intention to do so. That is a big difference. In fact, the indictment does not address at all any effects of Mr Lee’s alleged espionage.
Intel Today reached a former FBI agent and a retired CIA officer. Both agree with our analysis.”
That observation led me to raise an obvious question: Why the disinformation?
“So far, the stories of former CIA officers Jeffrey Sterling and Jerry Lee have been told as if they were disconnected events.
And we do not know what is the exact content of John Reidy’s allegations against the CIA.
But the timeline and the context certainly suggest that there may be a connection between these stories.
If true, the CIA is trying to hide the biggest scandal in US history since IranGate.”
“In 2010, John Reidy submitted a complaint to the CIA’s internal watchdog, the Inspector General’s Office.
One issue involved what Reidy alleged was fraud between elements within the CIA and contractors.
Another issue involved what he called a “massive” and “catastrophic” intelligence failure due to a bungled foreign operation.
Question: What failed CIA op is Reidy alleging to?
It would seem that Reidy discovered that the covert communication system used by the CIA assets was not secured.”
In a recent post — CIA Whistleblowers — “I, John Reidy, Declare…” — I told you that:
“The conclusion is therefore straightforward. Either the CIA had two similar ‘catastrophic intelligence failures’ at about the same time, or else Reidy’s allegations explain why the Chinese CIA assets were caught.”
And now, I can report that five intelligence officials have confirmed my findings to Foreign Policy Magazine.
According to these — current and former — intelligence officials, the CIA did indeed botch the communication system it used to interact with its sources.
These officers appear to also confirm to link between the debacle in China and a similar disaster in Iran, although the country is not named explicitly.
The CIA had imported the system from its Middle East operations, where the online environment was considerably less hazardous, and apparently underestimated China’s ability to penetrate it.
“The attitude was that we’ve got this, we’re untouchable,” said one of the officials who, like the others, declined to be named discussing sensitive information.
The former official described the attitude of those in the agency who worked on China at the time as “invincible.”
The real number of CIA assets executed by China during the two-year period is much higher than previously reported, around 30 — perhaps more — rather than a dozen mentioned by the New York Times. All have been executed.
The CIA believes that China shared its findings with Russia, where some CIA assets were using a similar covert communications system (COVCOM).
Around the time the CIA’s source network in China was being eviscerated, multiple sources in Russia suddenly severed their relationship with their CIA handlers.
These officials do not rule out that the China’s alleged recruitment of former CIA officer Jerry Chun Shing Lee around the same time may have played a role.
But at this point there appear to be no evidence that Lee had a direct role in this debacle and, as I explained before, he would face death sentence if he had. (He faces life sentence.)
The CIA, FBI, and National Security Agency declined to comment.
Too bad for they have quite a bit of explaining to do. And of course, the CIA Inspector General has quit a few weeks ago. When the going gets tough, the tough get going.
What we know about the COVCOM
When CIA officers begin working with a new source, they often use an interim covert communications system—in case the person turns out to be a double agent.
The communications system used in China during this period was internet-based and accessible from laptop or desktop computers, two of the former officials said.
This interim, or “throwaway,” system, an encrypted digital program, allows for remote communication between an intelligence officer and a source, but it is also separated from the main communications system used with vetted sources, reducing the risk if an asset goes bad.
Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated.
In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected—and there would be no way to trace the communication back to the CIA.
But the CIA’s interim system contained a technical error: It connected back architecturally to the CIA’s main covert communications platform. When the compromise was suspected, the FBI and NSA both ran “penetration tests” to determine the security of the interim system.
They found that cyber experts with access to the interim system could also access the broader covert communications system the agency was using to interact with its vetted sources, according to the former officials.
In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems.
U.S. intelligence officers were also able to identify digital links between the covert communications system and the U.S. government itself, according to one former official—links the Chinese agencies almost certainly found as well.
These digital links would have made it relatively easy for China to deduce that the covert communications system was being used by the CIA. In fact, some of these links pointed back to parts of the CIA’s own website, according to the former official.
How was the system was breached?
The Ministry of State Security might have run a double agent who was given the communication platform by his CIA handler.
Another possibility is that Chinese authorities identified a U.S. agent—perhaps through information provided by Lee—and seized that person’s computer.
Alternatively, authorities might have identified the system through a pattern analysis of suspicious online activities.
China was so determined to crack the system that it had set up a special task force composed of members of the Ministry of State Security and the Chinese military’s signals directorate (roughly equivalent to the NSA).
Once one person was identified as a CIA asset, Chinese intelligence could then track the agent’s meetings with handlers and unravel the entire network.
Jerry Chun Shing Lee — Short Bio & TIMELINE
Jerry Chun Shing Lee (about 53-year-old) — also known as Zhen Cheng Li — is a US citizen (Naturalization)
1982-86 –Lee serves in the US Army
1992 — Graduation (International business management) at Hawaii Pacific University
1993 — Lee receives a master’s degree in human resource management
1994 to 2007 — Officer in the CIA. His job “was helping to recruit foreign spies to spill secrets to the United States.” Lee is trained in covert communications, surveillance detection, recruitment, and the handling and payment of assets (agents or informants). Lee is said to have left the CIA discontented after his career plateaued. At the time of his resignation, Lee was the second secretary at the US Embassy in Beijing, China.
2007 — Lee starts working on the brand integrity team at Japan Tobacco International in Hong Kong, responsible for investigating smuggling and counterfeiting of tobacco. In 2009, the company terminated his contract.
June 2010 — Lee decides to set up his own company to do investigations. That company, FTM International, was created in June 2010 and dissolved in September 2014.
2010: Information gathered by the US from sources deep inside the Chinese government bureaucracy start to dry up. CIA informants in China begin to disappear. In all, 18-20 in total are killed or imprisoned between 2010 and 2012
2011: It is not clear whether the CIA has been hacked or whether a mole has helped the Chinese to identify agents
2012: CIA and FBI begins the investigation. “How did the names of so many C.I.A. sources, among the agency’s most dearly held secrets, end up in Chinese hands?”
August 2012: Lee and his family travel from Hong Kong to Virginia and Hawaii. FBI agents search his hotel rooms and find “two small books containing handwritten notes that contained classified information, including but not limited to, true names and phone numbers of assets and covert CIA employees, operational notes from asset meetings, operational meeting locations and locations of covert facilities.” [ US DOJ release]
2013: The FBI questions Lee five times but does not arrest him. The FBI, meanwhile, continues the investigation.
Summer 2013 — Lee returns to Hong Kong with his family
June 2013 — Lee joined the cosmetics company Estée Lauder in Hong Kong, working there until September 2015.
May 2014: Five Chinese army officers are charged with stealing trade secrets and internal documents from US companies. Later that same month, China says it has been a main target for US spies
2015: CIA withdraws staff from the US embassy in Beijing, fearing data stolen from government computers could expose its agents
May 2016 — Lee is working for Christie’s auction house in Hong Kong in a security capacity
April 2017: Beijing offers hefty cash rewards for information on foreign spies
May 2017: Four former CIA officials tell the New York Times that up to 20 CIA informants were killed or imprisoned by the Chinese between 2010 and 2012
June 2017: Former US diplomatic officer Kevin Mallory is arrested and charged with giving top-secret documents to a Chinese agent
January 15 2018: Former CIA officer Jerry Chun Shing Lee is arrested
January 16 2018– Lee appears in court in New York, charged with unlawful retention of national defense information. The New York Times reports that he is the suspected mole.
May 2018 — Lee is indicted on a charge of conspiracy to commit espionage.
August 15 2018 — FP reveals that the CIA botched the communication system it used to interact with its sources, according to five current and former intelligence officials.
How a crippling intelligence loss led the CIA on a mole hunt
A massive mole hunt inside the agency has been on for years for the person who may have helped the Chinese government roll up a significant piece of the U.S. spying network in that country.
John Yang learns more from Adam Goldman of The New York Times.
UPDATE (August 21 2018) — Investigative journalist Zach Dorfman speaks to CBSN about the CIA’s worst failures in recent history.
United States of America v. Jerry Chun Shing Lee — Indictment
18 U.S. Code § 794 – Gathering or delivering defense information to aid foreign government
The True Story of the CIA Debacle in China
The True Story of the CIA Debacle in China — UPDATE
TOP INTEL TODAY 2018 STORIES — #5 : “The True Story of the CIA Debacle in China”