Tuesday, March 10, 2009

Is there any way one can figure out some of the CIA's most highly guarded secrets from a corporate website?

Is there any way one can figure out some of the CIA's most highly guarded secrets from a corporate website?

Absolutely. http://www.absoluteastronomy.com/topics/Defense_Intelligence_Agency

I’ve done it. (And you can count on it that America’s friends and enemies alike have, too.)


Recently while researching a piece for the saga of the infamous White House Murder Inc, I took a break and reviewed my internet logs to see who was curious about my recent writings on the black sites... Among hundreds of hits on the page (and thousands in the logs), one in particular jumped out. It was a single page view that lasted for some fifty seconds and it came from an unmasked site, a common signature. I backtracked it and was shocked at what I found...

Typically members of the Intelligence Community have their IPs masked when they visit the blog, living no fingerprints, but not this one. The hit was from a company I had never heard of before, but with less than a minute on their site, I knew I had discovered one of the Intelligence Community's most secretive contractors, one of the A teams. The big surprise was that this corporate website leaked secrets like Zubaydah after his first thrifty-five second waterboarding.

I'm sure many are skeptical that a contractor would reveal clandestine ops on their sites, but keep in mind their sites are also marketing themselves to the corporate world and sometimes they say a little too much, believing that they have coded their information enough to protect it.

So let's see what can be deduced from an open source, available to all of America's friends and enemies on the world wide web. We’ll dissect the company's website and see just how well intelligence outsourcing is working from an operational security perspective.

(Note: Not that every Intel agency worth it's salt hasn't already scooped up this info, but out of respect for Intelligence Community sensibilities, I'll call the Dulles toll road corridor contractor "Heckle and Jeckle Gizmos" and I won't quote directly from the site.)

Now the first question when reviewing Heckle and Jackleg's site, or any contractor's for that matter, is to ask: who do these guys work for? This can help quickly zero in on what they're up to.

Heckle and Jeckle boast that most of their employees have TS/SCI clearances, many based on a particularly thorough procedure, the highest level of security clearances. There are but a handful of government agencies that require this for contractor access and really only two major intelligence agencies that do so. One of them is located in Langley, Virginia a couple of miles from the eastern entrance to the Dulles Toll Road and it has well-known, overt satellite offices stretching out west thereon at various exits. The other is located in Ft. Meade, Maryland.

For those who live as far out of the Beltway as I do, these clearances suggest that Heckle and Jackleg are doing business with the CIA and NSA.

The specific governmental entities Heckle and Jackleg provide outsourced services for can be quickly narrowed down though the geography of their corporate offices which are located near Dulles airport in northern Virginia; in Cumberland County, North Carolina; Virginia Beach, Virginia and Tampa, Florida and if we dig a little we discover they have staff co-located at an Annapolis Junction Maryland facility. To the uninitiated, that means they contract with the CIA, work extensively with Army and Navy tier-one Special Forces Teams as well as Special Operations Command (SOCOM) with a little NSA thrown in.

When it comes to who is working for whom in the Intel Community, geography doesn't lie: Location, location, location.

For purposes of our analysis, the next question then becomes , what is Heckle and Jackleg's specialty? According to their site, it's specialized communications, including nonattributable communication systems and communications devices that function in hostile environments. In fact, their employees have experience working in hostile and denied areas and have immediate availability to deploy as part of a team or alone to ply their trade abroad or in the US. (Private domestic spying, anyone?)

Go-bags packed, ready to deploy with teams raises the obvious follow up question: which teams?

Anyone know any teams in Virginia Beach or Fayettenam?

And where would they be tagging along with these Special Forces teams? Maybe to the Special Forces Club in London, but Heckle and Jeckle’s employees' background suggests foreign hostile or denied areas.

Now what could they possibly do in hostile, denied or politically sensitive areas?

Again, the contractor’s website gives us the answer: Heckle and Jackleg's comm. equipment has offensive and defensive capabilities.

Offensive communications--can you say clandestine ELINT and SIGINT collection?

In laymen's terms, setting up in a house that happens to be in the path of a highly directional signal or on top of just the right cable, but in this case the metaphorical houses are probably in such friendly spots as Iran or wherever the yellow brick road of GWOT contracting leads.

To pull the conclusions of our open-source intelligence (OSINT) together, Heckle and Jackleg teams stand ready, custom-designed high-tech gadgets in hand, for clandestine missions in enemy territory to covertly and remotely intercept foreign communications or penetrate information systems. This can be done independently or in conjunction with SEAL or Delta or other secret squirrel teams on behalf of SOCOM and the CIA.

In other words, they set up black sites albeit a different type than has been in the news lately. To put it into context, such black sites such as covert listening posts in hostile territories and even in friendlier ones where discovery could create international tensions count among the Intelligence Community's blackest secrets. And now, thanks to the About page on Heckle and Jackleg's website, we know that the CIA is outsourcing this to Heckle and Jackleg, whose identity would make it somewhat easier to uncover the black collection sites.

Now that's serious OPSEC.

(We can only hope that they outsource the cover aliases they use when establishing and serving these sites.)

Digging inside the website, particularly into its previous versions which can be found in the internet archive, we can create an even more revealing picture of what Heckle and Jackleg are up to.

From job descriptions for various types of engineers they're seeking, we learn that their main facility is near the Dulles Toll Road in northern Virginia. Since contractors tend to locate their main facilities near their contracting agencies, this suggests that the bulk of their work is for the Directorate of Science and Technology (DS&T) at the CIA, the relevant offices of which are conveniently located nearby. No surprise. DS&T provides the equipment that the National Clandestine Services uses to do its job.

In 2005 the firm began posting job openings (although it's questionable how many linguists and engineers know enough about H&J to to go directly to their site looking for a job.) These are rich with details indicating various clandestine programs, OSINT just waiting to be scooped up.

Here we learn that Heckle and Jackleg are seeking subject matter experts (SME) in Arabic to work with its customer's teams in Annapolis Junction, MD. This can only be the National Security Agency. The NSA is primarily made up of contractors and providing them with SMEs is nothing special. Let's move on.

Heckle and Jackleg also brag about a micro-electromechanical facility which becomes particularly interesting in conjunction with their job openings announcements. Reviewing the skill sets they're looking for, it quickly becomes apparent that they design and program their own computer chips, so they're clearly creating proprietary cutting-edge gadgets. It's notable how frequently they're searching for engineers with experience in one of the most miserable operating systems for mobile devices: Windows mobile. They're also regularly seeking programmers versed in another mobile device language: Symbian. Now this information taken in conjunction with their specialty and their prior claims of micro-electromechanical facilities suggests they're designing and creating a lot of mobile, hand held covert communications devices.

And here I'd venture a pure guess that these are probably designed to look like standard run-of-the-mill Treos and other smart phones, blending their “intelligent phones” into the mobile world. The largest consumer of such gizmos is, of course, the CIA's DS&T, adding to suspicions that Heckle and Jeckle is a major DS&T contractor. The primary use of such covert communications gear is for communications with nonofficial cover officers (NOCs) and agents. So the information on Heckle and Jeckle's site suggests that they are likely designing and creating the latest must-have accessories for NOCs and agents, a far cry from the clunky COVCOM gear of yesteryear. (And from the Agency's point of view, knowledge of this would be a serious security breech. Keep in mind the CIA does not even allow contractors to acknowledge their affiliation with the Agency, let alone divulge the programs they are working on, particularly such sensitivities ones.)

Not only have CIA programs been compromised, so have SOCOMs. Judging from the job postings for positions in Florida, Heckle and Jeckle are doing data mining and analytical work for SOCOM. Among other things that can be deduced, they search for relational patterns of terrorist activity and affiliations, looking at a wide array of seemingly innocuous relationships using open source and clandestinely gathered data, particularly focusing upon financial transactional data. I'm betting they have a very sophisticated quantitative model that they're constantly tweaking that underlies this process.

Again, Heckle and Jackleg job postings give us hints to other SOCOM programs. It appears that Heckle and Jackleg are involved in tracking SOCOM assets worldwide. Moving beyond Heckle and Jackleg's own website to other open sources, it's possible to learn some of the specs of related handhelds including whose low-earth orbiting satellites they use. Digging a little deeper, it's also possible to discover the code name of Heckle and Jackleg's RF geolocation program...

US national security is compromised by the Intelligence Community's heavy dependence upon corporations, corporations whose websites sometimes spill out some of the darkest government secrets to those who know how to read them. Last week's revelations by D/CIA Hayden that CIA contractors have been involved in enhanced interrogation techniques at detention facilities (i.e. waterboarding at black sites) should make it clear even to the casual observer that private corporations are integrally involved in the Intelligence Community's most sensitive and secretive clandestine and covert programs. Nothing is off-limits. Corporate involvement in clandestine programs raises operational security concerns that only exist because these companies market their services to the private sector, capitalizing upon their exotic experience with the US government.

In other words, we're taking risks with our national security, risks we don't have to take. Perhaps some of the risk can be mitigated through restrictions upon contractor marketing and better contractor policing. As a big fan of the private sector and of government outsourcing, I don’t like to think that the problem is inherent to outsourcing, but at the moment, it’s hard to imagine it otherwise. A Congressional ban on using government contracting experiences for marketing purposes may be one partial solution.

The Director of National Intelligence McConnell has been a strong proponent of increased use of open-source intelligence, OSINT. It's overdue that the Intelligence Community takes OSINT for seriously counterintelligence (CI) purposes (and it comes as no surprise that CI uses of OSINT was a notable omission in the ODNI's Open Source Conference last summer.) This needs to be immediately addressed--our national security depends upon it. Elliott, are you listening...?

I'm sure some in the Intelligence Community will be appalled that I have publicly posted this analysis, particularly since it involves a key clandestine player, but keep in mind, what I’ve done is an exercise in OSINT, an exercise the Intelligence Community should have done long ago. Whereas the contents of this article might come as a surprise to intelligence professionals in Ouagadougou and Ulaanbaatar, they won't be in Moscow, Beijing or even Tehran.

And they shouldn't be in McLean....

"Heckle and Jeckle" are the ones who posted the raw Intel on their own website and they're the ones who left their corporate electronic footprints on my blog. It's particularly ironic, since they're specialists in covert communications. It's equally ironic that I've protected their identity when they’ve hardly bothered to hide our national secrets. It is not my intent to hurt the company.

It's my sincere hope that as a result of this post, the Intelligence Community pays a little more attention to the operational security compromises of the divided intelligence contractor mission of serving the public interest while marketing those same services to the corporate world. As I wrote in the Washington Post last summer, corporations have succeeded where few foreign governments have: they've penetrated the CIA. Now it's up to the Agency and the Intelligence Community to ensure that programs are not further compromised as a result of this wide-scale industrial penetration.


(And if anyone needs assistance closing up the gaps from someone who discerns faint patterns within reams of seemingly unrelated data, I rent out for CIA2 dirty parties, just like in A. for ALGIERS....)

~~~encrypted/logs/access ====>> INTELLIGENCE Agencies Servers footprints.
Not to mention hundreds of private companies and governments........!

See Below : INTELLIGENCE Agencies , INTEL. :

Lines 10-36 of my logfiles show a lot of interest in this article: =1052
# grep sid=1052 /encrypted/logs/access_logawk '{print$1,$7}'sed-n'10,36p'.
spb-213-33-248-190.sovintel.ru /modules.php?name=News&file=article&sid=1052
Soviet/Russian Intelligence services...
ext1.shape.nato.int /modules.php?name=News&file=article&sid=1052
NATO Intel.
server1.namsa.nato.int /modules.php?name=News&file=article&sid=1052
Nato Intel.
ns1.saclantc.nato.int /modules.php?name=News&file=article&sid=1052
Strategic Air Command US Intel.
bxlproxyb.europarl.eu.int /modules.php?name=News&file=article&sid=1052
European Parliament Intel. Unit
wdcsun18.usdoj.gov /modules.php?name=News&file=article&sid=1052
USA Department of Justice...
wdcsun21.usdoj.gov /modules.php?name=News&file=article&sid=1052
USA Department of Justice...
tcs-gateway11.treas.gov /modules.php?name=News&file=article&sid=1052
USA Treasury Department
tcs-gateway13.treas.gov /modules.php?name=News&file=article&sid=1052
USA Treasury Department
relay1.ucia.gov /modules.php?name=News&file=article&sid=1052
CIA Langley
relay2.cia.gov /modules.php?name=News&file=article&sid=1052
CIA Langley
relay2.ucia.gov /modules.php?name=News&file=article&sid=1052
CIA Langley
n021.dhs.gov /modules.php?name=News&file=article&sid=1052
USA Department of Homeland security Intel.
legion.dera.gov.uk /modules.php?name=News&file=article&sid=1052
British Intel.
gateway-fincen.uscg.mil /modules.php?name=News&file=article&sid=1052
Pentagon US.
crawler2.googlebot.com /modules.php?name=News&file=article&sid=1052
crawler1.googlebot.com /modules.php?name=News&file=article&sid=1052
gateway101.gsi.gov.uk /modules.php?name=News&file=article&sid=1052
British Intel.
gate11-quantico.nmci.usmc.mil /modules.php?name=News&file=article&sid=1052
USA Marine Corps Quantico Virginia Intel.
gate13-quantico.nmci.usmc.mil /modules.php?name=News&file=article&sid=1052
USA Marine Corps Quantico Virginia Intel.
fw1-a.osis.gov /modules.php?name=News&file=article&sid=1052
US Intel SIS.
crawler13.googlebot.com /modules.php?name=News&file=article&sid=1052
fw1-b.osis.gov /modules.php?name=News&file=article&sid=1052
US Intel. OSIS.
bouncer.nics.gov.uk /modules.php?name=News&file=article&sid=1052
British Intel.
beluha.ssu.gov.ua /modules.php?name=News&file=article&sid=1052
Ukrainian Intelligence.