> Singapore was one example, recall three former intelligence officials. By the early 2000s, the agency ceased running certain types of operations in the Southeast Asian city-state, because of the sweeping digital surveillance there. The Singaporeans had developed a database that incorporated real-time flight, customs, hotel and taxicab data. If it took too long for a traveler to get from the airport to a hotel in a taxi, the anomaly would trigger an alert in Singaporean security systems. “If there was a gap, they’d go to the hotel, they could flip on the TVs and phones and monitor what was going on” in the room of the suspicious traveler, says the same former senior intelligence official. “They had everything so wired.”<p>Tbf Singapore is a city state and integrating surveillance infrastructure on a smaller scale is easier, but that's still pretty impressive.
> stole data on nearly 22 million former and current American civil servants<p>I see this time and again. All the data in a single database where one compromised access can get it all. Data should be compartmentalized, and rate limited.
FTA:<p>><i>Even a switch of employer, or an unexplained gap in one’s résumé, can be a giveaway to a foreign intelligence service, say former officials. In response, the agency has also shifted to recruiting individuals within the companies they already work at, and, with the approval of corporate leadership, secretly transitioning those persons onto the CIA payroll, and training them intermittently and clandestinely, far from any known CIA facility. </i><p>...<p>><i>“There is a serious legal and policy process” in place at the CIA to manage these relationships, says a former official. Otherwise, “you could break industries.”</i><p>This is going to be the end of multinational companies. Once a company starts providing cover to CIA officers, those companies will be blacklisted from many countries around the world. This policy will also raise suspicion of pretty much every US company operating abroad.
Facebook and Instagram have guaranteed that spies can be identified before they even decide to become spies. There will be decades of facial recognition data and social media presence as adolescents and adults before the thought of becoming a spy crosses their minds. If you don’t think that governments have already mined this data or have agents in all of the major companies and extracting data that would be extremely naive.
its not just the digital age, its the growing technological incompetence of our spy agencies in general. China executed nearly 30 agents and informants in the country in 2010 as they easily sidestepped the CIA's mediocre communications system<p><a href="https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/" rel="nofollow">https://foreignpolicy.com/2018/08/15/botched-cia-communicati...</a>
> Those clues, they surmised, could have come from access to the OPM data, possibly shared by the Chinese, or some other way, say former officials.<p>Why would the Chinese do that? Here is this treasure trove of information why share it with anyone. But I do see the Chinese being hacked by the Russians scenario after they figured out the Chinese had that kind of info.
Imagine your life rests in the balance with the correct S3 bucket permissions.<p>Also! I would also hate to be the person that copies iranian_secret_spy_ssns.json over to the wrong bucket.
The "other guys" are all generating the same information though. And everyone is generating potentially actionable information even when they aren't on an operation, actively practicing tradecraft or in-country on assignment. Eventually intelligence is going to be akin to high frequency trading where small differences in timing, degree of automation and insider information/insights will be deciding factors.
This reminds me of the instance where data from a sports app used by US soldiers revealed army bases world wide, including secret ones. The main reason why this was found out is because it was available to everyone. But how many apps used by soldiers today have similar abilities to determine their location?<p>In general, it's getting harder to smuggle humans into different countries, but the vast deployment of hardware with questionable security properties world wide has led to major opportunities for intelligence agencies. The Internet of Things is the newest opportunity to collect data in large quantities.
It just sounds like the undercover spying in its old classical form falls victim to the paradigm shift and has to adapt and evolve ("digital transformation") like many other professions.
The US Govt. cannot keep <i>information about their own SPIES sent to FOREIGN SOIL</i> safe.<p>We’re supposed to trust them with encryption skeleton-keys that can open any phone or web traffic in the world and trust them to keep it safe.<p>Do they know that we live in a world where Nations burglarise from individuals?<p>North Korea for example funded their missile program from criminal activity on the internet. Can you imagine what will happen when they steal the skeleton key to intercept credit card traffic worldwide??<p>Sigh.
This ignores a bit of history, at least in the Cold War for Russia and China. Assets were basically use once and burn. Agents could realistically last maybe 12 months in either place and could never return. The youngest would get deployed because they had the cleanest records. Russia mostly knew who the experienced spooks in the consulate were, even using cover.
How infuriating. The intelligence agencies have done almost nothing to defend the privacy and security of US citizens and systems, and now the constant leaks and incredible frailty is hurting them just like they hurt everyone else who wants privacy and anonymity. What a lack of foresight.
I am still convinced that creating social networks aka gigantic databases of our own population was a mistake on an unheard level of idiocy. Foreign intelligence must be shaking their heads in disbelief what we handed to them voluntarily. What took months if not years to generate for foreign intelligence can now be gathered, tested on confirmed in a plethora of public, leaked or infiltrated systems.
I don't see any solution to this type of problem ever, aside from creating a paradigm where countries can trust each other and their citizens. At the rate we are currently going we might actually be more likely to have some kind of human extinction event before that happens.<p>It's strange that no one even mentions the possibility of a paradigm like that though.
This is a very good article but it misses a few things.<p>-One of the techniques these days is to borrow an already existing identity for a period of time. If person A has lived a normal life, their story exists but if they haven't gone through biometrics in country B before then it's easier to get person C in (but obviously it's still harder than before). The identify is then returned<p>-People with potential for dual nationality have gone up in importance. Especially if they are legally allowed also to change their name.<p>-Equipment and database owners are key. Watch how popular 3M systems are in the world for example
It is probably a good thing if it is getting harder to send your spies in foreign country. Should not this be considered a win win scenario for everyone ?
Why would an American government database ever need access from outside the US? Under what circumstances couldn't a simple IP rule prevent such a silly transfer of data?<p>I could never wrap my head around government databases (that need to be secured) using using AWS or other cloud with default security.
I'm not a spook myself, but ISTM this should always have been disqualifying:<p><i>Now you show up at the border of Russia, they’ve got your high school yearbook out there where you wrote about your lifelong ambitions to work for the CIA.</i>
I mean, shouldn't we assume that our phones, TVs, laptops, bedrooms, and bathrooms are bugged and monitored by every major government? Isn't this what governments have always wanted? It's for our safety, I thought.