Wednesday 22 October 2014

CIA Apparently 'Impersonated' Senate Staffers To Gain Access To Documents On Shared Drives


The CIA is still fighting for creative control of its most anticipated 21st century work: theTorture Report. Long before it got involved in the ongoing redaction battle, it was spying on those putting the report together, namely Senators and Senate staffers. Hands were wrung, apologies were made and it was medically determined that Sen. Dianne Feinsteindoesn't have an ironic bone in her body.

The Torture Report's final cut now seemingly lies in the hands of White House Chief of Staff Denis McDonough -- a rather strange place for it to be considering the administration has no shortage of officials willing to offer their input on national security issues. But McDonough's ill-fitting position as go-between to the Senate and the CIA isn't the most interesting part of the story, although it appears he's trying to keep the "hanging" of CIA director John Brennan from being a foregone conclusion. Neither he nor the White House have suggested a replacement scapegoat, so Brennan may end up paying the price despite having the administration's full support. You can't just drop something as damaging as the Torture Report on the American public and simply walk away from it. A symbolic sacrifice still needs to be made, even if the underlying problems continue to be ignored.

No, the most interesting part of the latest Torture Report details almost falls off the end of the page over at The Huffington Post. It's more hints of CIA spying, ones that go a bit further than previously covered.

According to sources familiar with the CIA inspector general report that details the alleged abuses by agency officials, CIA agents impersonated Senate staffers in order to gain access to Senate communications and drafts of the Intelligence Committee investigation. These sources requested anonymity because the details of the agency's inspector general report remain classified.

"If people knew the details of what they actually did to hack into the Senate computers to go search for the torture document, jaws would drop. It's straight out of a movie," said one Senate source familiar with the document.
Impersonating staff to gain access to Senate Torture Report work material would be straight-up espionage. Before we get to the response that mitigates the severity of this allegation, let's look at what we do know.

The CIA accessed the Senate's private network to (presumably) gain access to works-in-progress. This was denied (badly) by CIA director John Brennan. The CIA also claimed Senate staffers had improperly accessed classified documents and reported them to the DOJ, even though they knew the charges were false. Then, after Brennan told his agency to stop spying on the Senate, agents took it upon themselves to improperly access Senate email accounts. This is all gleaned from a few public statements and a one-page summary of an Inspector General's report -- the same unreleased report EPIC is currently suing the agency over.

Now, there's this: accusations that the CIA impersonated Senate staffers in hopes of accessing Torture Report documents. Certainly a believable accusation, considering the tactics it's deployed in the very recent past. This is being denied -- or, at least, talked around.
A person familiar with the events surrounding the dispute between the CIA and Intelligence Committee said the suggestion that the agency posed as staff to access drafts of the study is untrue.

“CIA simply attempted to determine if its side of the firewall could have been accessed through the Google search tool. CIA did not use administrator access to examine [Intelligence Committee] work product,” the source said.
So, it was a just an innocuous firewall test. And according to this explanation, it wasn't done to examine the Senate's in-progress Torture Report. But this narrative meshes with previous accusations, including those detailed in the Inspector General's report.

Logging on to the shared drives with Senate credentials would allow agents to check the firewall for holes. But it alsowould allow them to see other Senate documents, presumably only accessible from that "side" of the firewall. While there's been no mention of "impersonation" up to this point, the first violation highlighted by the IG's report seems to be the most likely explanation of what happened here.
Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet
Accessing another part of the shared network/drive by using someone else's credentials is low-level hackery, but not the first thing that springs to mind when someone says "impersonation." A supposed firewall test would be the perfect cover for sniffing around previously off-limits areas. Much of what has come to light about the agency's actions hints at low-level espionage. There's still more buried in the IG report that the agency is actively trying to keep from being made public. Just because these activities didn't specifically "target" Senate work material, it was all there and able to accessed. It doesn't really matter what the CIA says it was looking for. The fact that it was done at all, and done with such carefree audacity, is the problem. There are presumably ways to perform these checks that don't involve Inspector Generals, damning reports and multiple hacking accusations.

SOURCE: TECH DIRT

No comments:

Post a Comment