技術手段不過關，CIA在華諜網被端，轉入地下_風聞

It was considered one of the CIA’s worst failures in decades: Over a two-year period starting in late 2010, Chinese authorities systematically dismantled the agency’s network of agents across the country, executing dozens of suspected U.S. spies. But since then, a question has loomed over the entire debacle.

2010-2012年中情局在中國的間諜很多被抓、被殺。

How were the Chinese able to roll up the network?

中國人怎麼揪出他們的？

Now, nearly eight years later, it appears that the agency botched the communication system it used to interact with its sources, according to five current and former intelligence officials. The CIA had imported the system from its Middle East operations, where the online environment was considerably less hazardous, and apparently underestimated China’s ability to penetrate it.

關鍵在於間諜用於互相聯絡的通訊網絡。中情局當時把中東那一套系統直接搬到中國來，顯然低估了中國的反情報能力。

“The attitude was that we’ve got this, we’re untouchable,” said one of the officials who, like the others, declined to be named discussing sensitive information. The former official described the attitude of those in the agency who worked on China at the time as “invincible.”

美國人當時覺得自己屌得不行。

Other factors played a role as well, including China’s alleged recruitment of former CIA officer Jerry Chun Shing Lee around the same time. Federal prosecutors indicted Lee earlier this year in connection with the affair.

美國情報網被攻破的原因之一是前中情局探員、美國華裔李振成向中國傳遞信息。

But the penetration of the communication system seems to account for the speed and accuracy with which Chinese authorities moved against the CIA’s China-based assets.

但其實更重要的是通訊網被破解，這才導致中國反間諜行動一抓一個準。

“You could tell the Chinese weren’t guessing. The Ministry of State Security [which handles both foreign intelligence and domestic security] were always pulling in the right people,” one of the officials said.

“When things started going bad, they went bad fast.”

美國人發現，中國人不是靠猜的，每次出擊都瞄的很準。

The former officials also said the real number of CIA assets and those in their orbit executed by China during the two-year period was around 30, though some sources spoke of higher figures. The New York Times, which first reported the story last year, put the number at “more than a dozen.” All the CIA assets detained by Chinese intelligence around this time were eventually killed, the former officials said.

CIA內部人員説當時中國處決了30個美國間諜，有些口徑的數字更高一些。反正被抓的間諜都被處死了。

The CIA, FBI, and National Security Agency declined to comment for this story. The Chinese Embassy in Washington did not respond to requests for comment.

中美兩國官方都不願意評論這件事。

At first, U.S. intelligence officials were “shellshocked,” said one former official. Eventually, rescue operations were mounted, and several sources managed to make their way out of China.

但這件事給美國情報機構觸動很大。美國想要救人，後來也救了一部分間諜離境。

One of the former officials said the last CIA case officer to have meetings with sources in China distributed large sums of cash to the agents who remained behind, hoping the money would help them flee.

美國給留下來的間諜發了很多錢，讓他們自謀出路。

When the intelligence breach became known, the CIA formed a special task force along with the FBI to figure out what went wrong. During the investigation, the task force identified three potential causes of the failure, the former officials said: A possible agent had provided Chinese authorities with information about the CIA asset network, some of the CIA’s spy work had been sloppy and might have been detected by Chinese authorities, and the communications system had been compromised. The investigators concluded that a “confluence and combination of events” had wiped out the spy network, according to one of the former officials.

中情局成立專案小組調查這件事，列出三種可能性：①某個特工向中國招供，暴露間諜網；②間諜工作不細緻，暴露了馬腳；③間諜之間的通訊系統被攻破。專案小組認為幾種因素都有，最後導致間諜網被一鍋端。

Eventually, U.S. counterintelligence officials identified Lee, the former CIA officer who had worked extensively in Beijing, as China’s likely informant. Court documents suggest Lee was in contact with his handlers at the Ministry of State Security through at least 2011.

美國查到了李振成。

Chinese authorities paid Lee hundreds of thousands of dollars for his efforts, according to the documents. He was indicted in May of this year on a charge of conspiracy to commit espionage.

李被美國判處密謀間諜罪。

But Lee’s alleged betrayal alone could not explain all the damage that occurred in China during 2011 and 2012, the former officials said. Information about sources is so highly compartmentalized that Lee would not have known their identities. That fact and others reinforced the theory that China had managed to eavesdrop on the communications between agents and their CIA handlers.

但李不足以解釋美國諜網被端的事。因為線人的信息是分開由不同人掌握的，李不可能直到所有間諜的身份，所以美國懷疑中國監測到了間諜和中情局官員之間的聯絡。

When CIA officers begin working with a new source, they often use an interim covert communications system—in case the person turns out to be a double agent.

實際上，為了保證安全，中情局有兩套通訊系統，一套是專門給剛收編不久的新間諜用的，防止他們是雙面間諜，一套主系統是給可靠的間諜用的。

The communications system used in China during this period was internet-based and accessible from laptop or desktop computers, two of the former officials said.

這套系統是基於網絡的。

This interim, or “throwaway,” system, an encrypted digital program, allows for remote communication between an intelligence officer and a source, but it is also separated from the main communications system used with vetted sources, reducing the risk if an asset goes bad.

反正就是兩套系統分開，最大程度保證核心探員的安全。

Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected—and there would be no way to trace the communication back to the CIA. But the CIA’s interim system contained a technical error: It connected back architecturally to the CIA’s main covert communications platform. When the compromise was suspected, the FBI and NSA both ran “penetration tests” to determine the security of the interim system. They found that cyber experts with access to the interim system could also access the broader covert communications system the agency was using to interact with its vetted sources, according to the former officials.

主副兩套系統在某些地方用了同一種代碼。按道理説，副系統被破解，中國反間諜組織也查不到主系統上來。但其實副系統存在技術漏洞，從結構上可以追溯到主系統。美國人自己破解了一遍，發現只要破了副系統就能破主系統。

In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems.

反正就是兩套系統應該沒有聯繫，但事實上有聯繫，然後聯繫被順藤摸瓜找到了。

U.S. intelligence officers were also able to identify digital links between the covert communications system and the U.S. government itself, according to one former official—links the Chinese agencies almost certainly found as well. These digital links would have made it relatively easy for China to deduce that the covert communications system was being used by the CIA. In fact, some of these links pointed back to parts of the CIA’s own website, according to the former official.

更糟糕的是，這個通訊系統上可以辨識出它與美國政府的聯繫，甚至有鏈接直接通到中情局網頁，這留下了間諜罪的證據，中國可以推測出這個系統是中情局使用的。

The covert communications system used in China was first employed by U.S. security forces in war zones in the Middle East, where the security challenges and tactical objectives are different, the sources said. “It migrated to countries with sophisticated counterintelligence operations, like China,” one of the officials said.

這套系統本來是給中情局在中東的間諜用的，那裏沒有中國這麼發達的反間諜組織。

The system was not designed to withstand the scrutiny of a place like China, where the CIA faced a highly sophisticated intelligence service and a completely different online environment.

所以這套系統在中國網絡環境中經不起監測。

As part of China’s Great Firewall, internet traffic there is watched closely, and unusual patterns are flagged. Even in 2010, online anonymity of any kind was proving increasingly difficult.

中國管控互聯網，排查可疑行為，互聯網實名制，都使美國的間諜很難在網上開展行動。

Once Chinese intelligence obtained access to the interim communications system,­ penetrating the main system would have been relatively straightforward, according to the former intelligence officials. The window between the two systems may have only been open for a few months before the gap was closed, but the Chinese broke in during this period of vulnerability.

一般來講，主副系統之間有幾個月的窗口期，用副系統的人可以升級用更隱秘的主系統。但中國反諜報組織抓住窗口期，從副系統入手順藤摸瓜找出了主系統。

Precisely how the system was breached remains unclear. The Ministry of State Security might have run a double agent who was given the communication platform by his CIA handler. Another possibility is that Chinese authorities identified a U.S. agent—perhaps through information provided by Lee—and seized that person’s computer. Alternatively, authorities might have identified the system through a pattern analysis of suspicious online activities.

具體怎麼做的很難説，可能是中情局特工被抓招供，供出部分人員，或者是繳獲了間諜的個人電腦，或者是通過排查網絡可疑行為找到了這套系統。

China was so determined to crack the system that it had set up a special task force composed of members of the Ministry of State Security and the Chinese military’s signals directorate (roughly equivalent to the NSA), one former official said.

美國人認為，國安總參三部聯合起來把中情局情報網端了。

Once one person was identified as a CIA asset, Chinese intelligence could then track the agent’s meetings with handlers and unravel the entire network. (Some CIA assets whose identities became known to the Ministry of State Security were not active users of the communications system, the sources said.)

放長線釣大魚，找到嫌疑人不馬上逮捕，讓他去接頭，然後一網打盡。這樣的方法抓到了根本沒有使用通訊網絡的隱秘間諜。

One of the former officials said the agency had “strong indications” that China shared its findings with Russia, where some CIA assets were using a similar covert communications system. Around the time the CIA’s source network in China was being eviscerated, multiple sources in Russia suddenly severed their relationship with their CIA handlers, according to an NBC News report that aired in January—and confirmed by this former official.

美國人認為中俄情報共享，在中國的間諜被抓，很多在俄羅斯的間諜切斷了與中情局的聯繫。

The failure of the communications system has reignited a debate within the intelligence community about the merits of older, lower-tech methods for covert interactions with sources, according to the former officials.

美國人開始反思，網絡技術有時候還不如線下接頭靠得住。

There is an inherent paradox to covert communications systems, one of the former officials said: The easier a system is to use, the less secure it is.

越便捷的系統越不安全。

The former officials said CIA officers operating in China since the debacle had reverted to older methods of communication, including interacting surreptitiously in person with sources. Such methods can be time-consuming and carry their own risks.

所以，中情局在中國的特工開始轉入傳統地下工作。天王蓋地虎，寶塔鎮河妖那種傳統接頭方式。

The disaster in China has led some officials to conclude that internet-based systems, even ones that employ sophisticated encryption, can never be counted on to shield assets.

複雜加密的網絡系統也有被攻破的時候，不能完全指望網絡保護特工身份。

“Will a system always stay encrypted, given the advances in technology? You’re supposed to protect people forever,” one of the former officials said.

隨着科技進步，加密解密就是魔高一尺道高一丈。