23 July 2020

The CIA under Trump – more freedom to conduct offensive cyber operations

Liviu Ioniţă

According to the 1991 Intelligence Authorization Act, the American president established, through what is called “presidential finding”, the necessity of an undercover operation to support the US’s foreign policy objectives, a document which must be issued 48 hours after the political decision which approves that operation.The CIA director and the chiefs of all governmental departments, agencies and entities involved in an undercover operation are informing the intelligence committees of the Congress.When the president establishes that extraordinary circumstances require the access to information related to the undercover situation, the “presidential finding” can be communicated to the so-called “Gang of Eight”, the eight leaders within the United States Congress, which are informed about the classified information issues.According to a material recently published by Yahoo News, Donald Trump gave the CIA, in 2018, more powers to develop undercover offensive cyber operations, which lead to more hacks and data downloads from Iranian and Russian espionage agencies.

Image source: Profimedia

What is and what lead to “presidential finding”?

Journalists Zach Dorfman, Kim Zetter, Jenna McLaughlin and Sean D. Naylor have published on the Yahoo News website the article called Exclusive: Secret Trump order gives CIA more powers to launch cyberattacks”. According to the article, the Central Intelligence Centre has developed a series of undercover cyber operations against Iran and other targets, starting with 2018, when the president signed an authorization for such activities.

Zach Dorfman is a Senior Staff Writer at the Aspen Institute’s Cyber and Technology program and a Senior Fellow at the Carnegie Council for Ethics in International Affairs. His stories on national security, espionage, and U.S. foreign policy have appeared in Politico Magazinethe AtlanticForeign PolicyYahoo News, and the Wall Street Journal, among other publications. 

Zach Dorfman writes the material on axios.com, where he states that he is the main author of the Yahoo News story, wherein it is important that the 2018 “presidential finding” gives the CIA more power to develop undercover cyber operations without the pre-approval of the National Security Council.

Kim Zetter is a journalist who has been covering privacy, computer security and national security for more than a decade. She is also author of the book Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon.

Jenna McLaughlin is a reporter and blogger covering surveillance and national security.

Sean D. Naylor is the Yahoo News correspondent for national security.

The “presidential finding” gives the CIA the possibility to easily deploy undercover cyber operations and, unlike previous similar authorizations, which have focused on a specific result or objective of foreign policy – like stopping Iran from becoming a nuclear power – this directive focuses on a certain capability: the undercover operation in the cyber space.

In the material published by Yahoo News, some former US officials are quoted as “people who know the issue”. According to them, the 2018 “very aggressive” presidential document offered the intelligence agency specific responsibilities aimed at deploying offensive actions against some “enemy countries”, among them being named Russia, China, Iran and North Korea – which are exclusively mentioned in the document – “which does not exclude the possibility for the presidential finding to be available for other countries as well”.

These attributions do not refer to hacking dedicated to intelligence collection, but to actions which can generate disruptions or destructions in the real, not virtual plan, like the interruption of the electric energy provision, or compromising an intelligence operation by leaking online documents. An example to that end is the cyber attack with the virus Stuxnet, from 2009, which affected the centrifuges used by Iran in the uranium enrichment program.

The 2018 presidential authorization has helped the CIA to deteriorate the enemies’ critical infrastructure (petrochemical installations, for example), the execution of disruptive operations against banks and financial institutions, as well as the involvement in hack-and-dump operations, where stolen data or documents are leaked by journalists or posted on the internet.

And the CIA “did not lose time with executing the new achieved liberties” and during the two years since the presidential document was issued, the agency executed “at least a dozen operations which were on their wish list” that were “a combination of disruptive things and the public dissemination of data: data leaks or things which seemed to be data leaks”.

The green light the agency got was applauded by some of its officials, however the critics thought it was all about a “possibly dangerous” decrease of information surveillance, which could lead to unprecedented consequences, like endangering some lives.

“The government is basically turning into WikiLeaks”, said the officials who talked to Yahoo News journalists and who think that appointing John Bolton as national security counselor, in 2018, gave “another impulse to those who wanted to ease the restrictions over the intelligence operations”.

In fact, in 2018, the US Cyber Command status, a structure which is, since 2009, controlled by the US Strategic Command, became a fight task force, which gave, at that time, its commander, General Paul Nakasone, the possibility to directly report to the Defence Secretary.

Also in 2018, through the new Cyber Security Strategy, adopted after 15 years, it was introduced the concept defend forward – an action which precedes the disruption or cessation of a damaging cyber activity, and when the strategic document was presented, the national security counselor, John Bolton, announced that the offensive cyber operations were authorized.

Other two documents, issued shortly before the strategy, were also proving that a new policy looming over the White House, which eases the rules on the use of digital weapons, according to which hands are not tied anymore, as they were during the Obama Administration (John Bolton).

We are talking about the Strategic Vision of the US Cyber Command and a classified directive, the National Security Presidential Memorandum 13, which allow the development of offensive and defensive cyber operations, without president’s approval.

Is the CIA executing cyber operations?

Former officials have refused to talk with Yahoo News about the cyber operations the CIA has developed under the “presidential finding” authorization, but the Yahoo News editors thinks that the new attributions, as a modus operandi, are related to a series of hack-and-dump incidents, which mostly took place in 2019, such as:

-posting data in the online space about an independent Russian campaign, which was “working for the Russian intelligence services”. BBC Russia has talked, in July 2019, that hackers have attacked SyTech, which was connected to FSB, and has collected around 7, 5 data terabytes, which were, then, sent to the media;

- publishing hacking tools (malware) from APT34, a hacking unit of the Iranian government, on Telegram (an instant messaging service and VoIP, developed by Telegram Messenger LLP, a company enlisted in London and founded by the Russian entrepreneur Pavel Durov);

-doxing (a private intelligence or data identification collection process about a person or organization and their public distribution) on Telegram, related to the intelligence agencies of the Revolutionary Guards, revealing their complete names, their residence addresses, phone numbers and social media profiles;

-the disclosure of around 15 million credit cards from three Iranian banks, which are connected to Iran’s Revolutionary Guardians;

-hacking over two contractors which are providing cyber weapons and surveillance solutions for FSB and the online data distribution through a group of hackers called Digital Revolution.

Iran, the preferred target of the CIA operations

According to officials “who directly know the issue”, the authorization the American president gave has encouraged the CIA operations against Iran, which already had the endorsement of some members of the Administrations to “aggressively interpret the orders related to Iran”, to support the “maximum pressures” campaign against Tehran. Therefore, “Trump’s high national security officials have believed that Iran’s destabilization within its borders will force the regime to stop their adventures abroad and, maybe, collapse”.

Aiming at combating the Iran’s nuclear progresses, the Administration has adopted “an even more aggressive approach, which started to look like a changing strategy of the regime”.

However, the same officials think that although the new CIA powers are enlarging the agency’s action capacity over Iran and other enemies, they can also be “possible traps”, like the coordination between CIA and Pentagon.

And such operations would have never been approved by previous administrations, which were always cautious when they attacked foreign enemies, fearing the countermeasures, and president Trump’s decision has antagonized the top American intelligence officials.

The new cyber powers could become a “long-term inheritance of the Trump administration”. CIA, just like the National Security Council, has refused to comment on the information appeared in the media or to respond to a long list of questions issued by Yahoo News.

The Yahoo News material is all the more drawing the attention as is emerging in a period when Iran faces many events – fires and explosions at nuclear installations, oil refineries, power plants and enterprises from Iran – whose origins started to raise questions, the incidents being seen as unusual, deliberated, the possible author aiming at changing the events in the Middle East.

So, only one day after the journalists were writing the Yahoo News articles, the media agency IRNA was stating that at least 7 ships were under fire in a port in Bushehr, where the main Iranian nuclear power plant is placed, without being identified the cause of the accident.

Translated by Andreea Soare