The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Donald Trump signed what amounts to a sweeping authorization for such activities, former US officials with direct knowledge of the matter told Yahoo News.
The secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations, it said.
The finding allows the CIA to more easily authorize its own covert cyber operations, rather than requiring the agency to get approval from the White House.
The “very aggressive” finding “gave the agency very specific authorities to really take the fight offensively to a handful of adversarial countries,” said a former US government official. These countries include Russia, China, Iran and North Korea — which are mentioned directly in the document — but the finding potentially applies to others as well, according to another former official.
The CIA has allegedly wasted no time in exercising the new freedoms won under Trump. Since the finding was signed two years ago, the agency has carried out at least a dozen operations that were on its wish list.
The CIA declined to comment or respond to an extensive list of questions from Yahoo News. The National Security Council did not respond to multiple written requests for comment.
Former officials declined to speak in detail about cyber operations the CIA has carried out as a result of the finding, but they said the agency has already conducted covert hack-and-dump actions aimed at both Iran and Russia.
For example, the CIA has dumped information online about an ostensibly independent Russian company that was “doing work for Russian intelligence services,” said a former official.
While the former official declined to be more specific, BBC Russia reported in July 2019 that hackers had breached the network of SyTech, a company that does work for the FSB, Russia’s domestic spy agency, and stolen about 7.5 terabytes of data; the data from that hack was passed to media organizations.
In another stunning hack-and-dump operation, an unknown group in March 2019 posted on the internet chat platform Telegram the names, addresses, phone numbers and photos of Iranian intelligence officers allegedly involved in hacking operations, as well as hacking tools used by Iranian intelligence operatives. That November, the details of 15 million debit cards for customers of three Iranian banks linked to Iran’s Revolutionary Guard Corps were also dumped on Telegram.
The maximum-pressure campaign on Iran includes punishing economic sanctions, but has also involved CIA cyberattacks on Iranian infrastructure, said former officials. “It was obvious that destabilization was the plan on Iran,” said one former official, and Trump administration officials were eager to have the CIA conduct destructive cyber operations against targets inside that country.
