I’ve been in Germany all week (at the George C. Marshall Center which, for those who don’t know, is a joint US-Germany military think tank and an altogether wonderful place to visit) so I missed some of the details of the recent arrest of an alleged CIA operative and his expulsion from Russia until recently.
I will leave it to others to unpack the allegations (though, honestly, they strike me as a bit trumped up — the CIA doesn’t have $100K to throw around) but one aspect of the story of his arrest struck me as having a cybersecurity connection (yes … I know … everything strikes me that way). But this aspect was sufficiently implausible that it seemed to deserve comment.
According to news reports the American spy instructed his agent to communicate with him through a purported CIA’s e-mail address: unbacggdA@gmail.com. On its face this allegation suggest one of two things: Either, the CIA is utterly unaware of how Gmail works and our tradecraft has seriously deterioriated, or this factual allegation is a fiction. I can’t think of any other option.
A word of explanation: Gmail accounts are not secure. Yes, Google, encrypts your mail from end-to-end so that the communication cannot generally be penetrated by an outsider. But Google itself keeps a copy of your email and is capable of decrypting it. This it may do for its own purposes (e.g. in order to decide what ads to push to you) or in response to a lawful court order and criminal investigation (as General Petraeus found out to his regret). I find it difficult, if not impossible, to believe that it would be affirmative US spycraft to instruct our valued covert assets to use Gmail as a means of communication. Maybe I’m wrong — after all, the Petraeus case itself suggests a blind spot. But I sure hope not and, candidly, expect that this is not the case.
And that in turn leads me to wonder about the rest of the story ….after all, the legal maxim is “false in one thing; false in all.”