Follow us on social

Shutterstock_1330708832-scaled

The CIA's hypocrisy on 'sources and methods'

The Agency’s carelessness in protecting its own agents reveals the cynicism of the US government’s treatment of whistleblowers.

Analysis | North America

Reuters recently published new reporting on the story of one of the worst U.S. intelligence failures in decades. From approximately 2010 to 2013, dozens of CIA informants in China, Iran, and elsewhere were rounded up and executed, jailed, or flipped to double agents. In Iran and China, almost the entirety of the CIA’s network in two of its top-priority countries are reported to have been exposed.

Some in the U.S. government seemed to try to pin much of the blame on a betrayal by CIA officer Jerry Lee, who was later prosecuted and pleaded guilty to spying on behalf of the Chinese government. But Lee’s alleged espionage could not account for all the sources blown.

In a series of articles published by the New York Times, Foreign Policy, and Yahoo! News, another explanation emerged: an astonishing laxity of source protection at the CIA itself. The reporting outlined several lapses in basic tradecraft (which included sending new recruits to meet at locations known to be under close foreign surveillance), but most catastrophic was the (not so) secret communications system the CIA used with these sources. Even if there had not been a mole, it seems hard to believe that the slapdash system could have long evaded the sophisticated counter-intelligence capabilities of the Chinese and Iranian governments.

Essentially, the CIA had set up a system to embed a messaging function hidden in the search box of hundreds of cheaply produced fake websites. The word “hidden” should be used loosely here — the new Reuters reporting found more than three hundred of the sites and showed that a cursory look at their publicly available HTML source code revealed labels such as “message,” “compose,” and “password.” And because the agency purchased the domain names in bulk, the websites were assigned sequential IP addresses — making it almost trivially easy to identify the whole network once a few were discovered.

In other words, simply entering the correct operators into a Google search might have led to dozens of informants rounded up and executed. This level of sloppiness is deeply shocking and inexcusable for a spy service with the resources and expertise available to the CIA. But there are additional layers of hypocrisy and bitter irony that have been less discussed.

This episode coincided with the Department of Justice ramping up its war on whistleblowers. The government used “sources and methods” as a cudgel in these unprecedented Espionage Act prosecutions: they claimed to assign the gravest weight to the protection of sources — so much so that no concern of public interest, no matter how great, could ever be weighed against the secrecy. But those sources were treated as utterly disposable: the agency couldn’t even be bothered to obscure the HTML on its communications system.

In a pattern common to the intelligence community’s most catastrophic self-owns, no one seems to have yet been held accountable. Well, except one person. As you may have guessed, there was a whistleblower. In 2008, a CIA contractor named John Reidy started sounding the alarm through internal channels that these grave flaws in the system were a ticking time bomb. Reidy was fired in retaliation, and his complaint to the Inspector General went uninvestigated until well after dozens of informants had already been jailed or killed. As Reidy tried to fight the retaliation, the government even prohibited him from telling his own attorney anything about the nature of his disclosures.

At the same time when the CIA’s carelessness was burning its own assets, it became fashionable for the critics of whistleblowers who went public to condemn them for not sticking to “internal channels.” Those channels didn’t do much for John Reidy, or for the scores of intelligence sources he tried to save.

The cruel irony would surely not be lost on former CIA officer John Kiriakou, who became a whistleblower when he discussed the CIA’s torture program in a media interview at a time when the CIA was still denying it. Kiriakou was sentenced to 30 months in prison after pleading guilty to inadvertently confirming the name of one CIA officer to a journalist — even though the journalist never published the name.

Again, it’s worth stating clearly: it was not the leaks of conscientious whistleblowers that caused the sky to fall, but the intelligence community’s own chronic mismanagement, virtually guaranteed by the very secrecy it always claims to need to protect those sources.


Image: PabloLagarto via shutterstock.com
Analysis | North America
Kim Jong Un
Top photo credit: North Korean leader Kim Jong Un visits the construction site of the Ragwon County Offshore Farm, North Korea July 13, 2025. KCNA via REUTERS

Kim Jong Un is nuking up and playing hard to get

Asia-Pacific

President Donald Trump’s second term has so far been a series of “shock and awe” campaigns both at home and abroad. But so far has left North Korea untouched even as it arms for the future.

The president dramatically broke with precedent during his first term, holding two summits as well as a brief meeting at the Demilitarized Zone with the North’s Supreme Leader Kim Jong-un. Unfortunately, engagement crashed and burned in Hanoi. The DPRK then pulled back, essentially severing contact with both the U.S. and South Korea.

keep readingShow less
Why new CENTCOM chief Brad Cooper is as wrong as the old one
Top photo credit: U.S. Navy Vice Admiral Brad Cooper speaks to guests at the IISS Manama Dialogue in Manama, Bahrain, November 17, 2023. REUTERS/Hamad I Mohammed

Why new CENTCOM chief Brad Cooper is as wrong as the old one

Middle East

If accounts of President Donald Trump’s decision to strike Iranian nuclear facilities this past month are to be believed, the president’s initial impulse to stay out of the Israel-Iran conflict failed to survive the prodding of hawkish advisers, chiefly U.S. Central Command (CENTCOM) chief Michael Kurilla.

With Kurilla, an Iran hawk and staunch ally of both the Israeli government and erstwhile national security adviser Mike Waltz, set to leave office this summer, advocates of a more restrained foreign policy may understandably feel like they are out of the woods.

keep readingShow less
Putin Trump
Top photo credit: Vladimir Putin (Office of the President of the Russian Federation) and Donald Trump (US Southern Command photo)

How Trump's 50-day deadline threat against Putin will backfire

Europe

In the first six months of his second term, President Donald Trump has demonstrated his love for three things: deals, tariffs, and ultimatums.

He got to combine these passions during his Oval Office meeting with NATO Secretary General Mark Rutte on Monday. Only moments after the two leaders announced a new plan to get military aid to Ukraine, Trump issued an ominous 50-day deadline for Russian President Vladimir Putin to agree to a ceasefire. “We're going to be doing secondary tariffs if we don't have a deal within 50 days,” Trump told the assembled reporters.

keep readingShow less

LATEST

QIOSK

Newsletter

Subscribe now to our weekly round-up and don't miss a beat with your favorite RS contributors and reporters, as well as staff analysis, opinion, and news promoting a positive, non-partisan vision of U.S. foreign policy.