Feeds

CIA used 'illegal, inaccurate code to target kill drones'

'They want to kill people with software that doesn't work'

High performance access to file storage

The CIA is implicated in a court case in which it's claimed it used an illegal, inaccurate software "hack" to direct secret assassination drones in central Asia.

The target of the court action is Netezza, the data warehousing firm that IBM bid $1.7bn for on Monday. The case raises serious questions about the conduct of Netezza executives, and the conduct of CIA's clandestine war against senior jihadis in Afganistan and Pakistan.

The dispute surrounds a location analysis software package - "Geospatial" - developed by a small company called Intelligent Integration Systems (IISi), which like Netezza is based in Massachusetts. IISi alleges that Netezza misled the CIA by saying that it could deliver the software on its new hardware, to a tight deadline.

The Predator B

When the software firm then refused to rush the job, it's claimed, Netezza illegally and hastily reverse-engineered IISi's code to deliver a version that produced locations inaccurate by up to 13 metres. Despite knowing about the miscalculations, the CIA accepted the software, court submissions indicate.

IISi is now seeking an injunction to ban Netezza and the CIA from using the software or any derivative of it, in any context.

The relationship between the two firms dates back to 2006, when IISi signed up to resell Netezza data warehousing kit combined with Geospatial.

The code allows users, for example, "to incorporate and cross-reference vast amounts of business data with geographic location within the same database, and enable events (such as... a cell phone signal moving from one tower to another) to be matched with personal characteristics in the database (such as... the identity of the person whose cell phone signal has moved from one tower to another)", according to IISi's court filings.

Such techniques - quickly combining intelligence with live mobile phone surveillance from the air - are reportedly central to the CIA's targeting of missile strikes by unmanned aircraft.

They want to kill people with my software that doesn't work

The partnership between the two firms strengthened, and in August 2008 Netezza acquired exclusive rights to distribute Geospatial, alongside its NPS hardware. By August last year, Netezza was starting to promote its next generation appliance, TwinFin. Whereas NPS was based on IBM's Power PC chip architecture, the TwinFin relies on cheaper x86 silicon. As a result, Geospatial would not run on the new gear.

Nevertheless, Netezza sales staff sold Geospatial running on TwinFin to a "US government customer", which later turned out to be the CIA. The purchase order, totalling $1.18m, via an obscure Virginia IT consultancy, came through on 11 September last year. This despite - as claimed in IISi court documents - that the software product referred to on the order "in fact did not exist".

Up to this point IISi had done little work porting Geospatial, as its engineers had not had physical access to a TwinFin. Indeed, the agreement between the two firms did not require IISi to support the new machines - a fact confirmed last month by a Boston judge - but it agreed to begin the process in September 2009.

Netezza supplied the software firm with TwinFin hardware on 1 October. Within a week, Richard Zimmerman, IISi's CTO reported that porting Geospatial was "proving fraught with difficulties" and would take at least two months.

Two days later, on 9 October, the relationship took a strange turn. Jon Shepherd, Netezza's "general manager, location-based solutions" called Zimmerman to pressure him to deliver the code quicker, court documents say.

"He basically told me the CIA... wanted to use [Geospatial] to target Predator drones in Afganistan and that, quote/unquote, it was our patriotic duty to work with them to get [Geospatial] ported to the TwinFin as fast as possible and that we need to have a phone conversation the next day to discuss that," Zimmerman said in a sworn deposition to the court.

"Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake."

During a conference call the next day, Netezza CEO Jim Baum repeated Shepherd's claims that national security demanded IISi's help, according to the deposition. Shepherd suggested the CIA would accept untested code in chunks, Zimmerman said.

"My reaction was one of stun, amazement that they want to kill people with my software that doesn't work," he said.

According to the affidavit of IISi CEO Paul Davis, who was also on the conference call, his firm did not previously know Netezza had sold the undeveloped product, let alone for deadly application by the CIA.

In an email to Baum two days later, on Columbus day 2009, Davis wrote: "Jon [Shepherd's] statement, apparently endorsed by Jim [Baum] that the customer can 'just work with whatever we give them' is not consistent with how IISi works. And we don't really believe that is how our national security agencies work. Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake."

High performance access to file storage

Next page: Enter Skip

More from The Register

next story
Seagate brings out 6TB HDD, did not need NO STEENKIN' SHINGLES
Or helium filling either, according to reports
European Court of Justice rips up Data Retention Directive
Rules 'interfering' measure to be 'invalid'
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.