A London-based Internet security and risk consulting firm last week published the results of a two-day study that highlights in surprising detail the CIA's primary points of presence on the public Internet.
Using open, legal sources of information and without conducting any illegal port scanning or intrusive network probes, Matta Security Ltd. produced a detailed map of nonclassified CIA networks, including several that aren't readily available to the public. Matta's study also uncovered the names, e-mail addresses and telephone numbers of more than three dozen CIA network administrators and other officials.
A CIA spokeswoman cast doubt on the significance of the report, stating that there are many IT professionals within the agency who are "overt" employees and need to have Internet access.
However, some security experts, although vague about the specific nature of potential vulnerabilities such information could be used to exploit, noted the possible threat from determined adversaries who might be able to use the information to obtain more sensitive or secret information or for other forms of attack planning.
"The points of presence all seem to be overt CIA links, and the names are of overt employees who seem to be either system managers or points of reference for billing purposes," said Vince Cannistraro, former chief of counterintelligence at the CIA, who reviewed the report. "It doesn't tell you anything about the clandestine side of CIA networks over which classified information flows and which has no public points of presence. But perhaps these are good starting points for less-scrupulous elements to begin cyberattacks."
A Foot in the Door
Richard Hunter, an analyst at Stamford, Conn.-based Gartner Inc. and a former National Security Agency analyst, cited the report as an example of the threat that open information can pose to any organization, including intelligence agencies.
"Simply knowing the names and e-mail addresses that Matta turned up would be enough for some social engineers to get the rest of the information necessary to mount an attack," said Hunter, referring to hackers who break into networks using information obtained from legitimate users or public sources.
"The fact that this information was gathered through a search on Google.com, which is hardly considered by most people to be a hacker's tool, is especially interesting," he noted. "The network map is rudimentary, but it gives an attacker some idea of where to look first."
And that was the whole point of the study, said Chris McNab, the report's primary author.
"We wanted to draw attention to the risks of publicly available data that could be mined by determined attackers when targeting large organizations," said McNab. "Through issuing simple search engine requests, combined with [network interface card] and [Domain Name System] querying, we were able to build good pictures of the CIA's primary Internet presence, without ever port-scanning or probing their networks directly."
Steven Aftergood, a defense and intelligence analyst at the Federation of American Scientists in Washington, said he wasn't shocked by the results of the study.
"Any server that is connected to the Internet will always leave certain footprints," said Aftergood. "It would be a stretch to call them vulnerabilities. On the other hand, the CIA may be unhappy about this effort because it reveals more than the agency wants the public to know."