Feeds

CIA used 'illegal, inaccurate code to target kill drones'

'They want to kill people with software that doesn't work'

Top 5 reasons to deploy VMware with Tegile

The CIA is implicated in a court case in which it's claimed it used an illegal, inaccurate software "hack" to direct secret assassination drones in central Asia.

The target of the court action is Netezza, the data warehousing firm that IBM bid $1.7bn for on Monday. The case raises serious questions about the conduct of Netezza executives, and the conduct of CIA's clandestine war against senior jihadis in Afganistan and Pakistan.

The dispute surrounds a location analysis software package - "Geospatial" - developed by a small company called Intelligent Integration Systems (IISi), which like Netezza is based in Massachusetts. IISi alleges that Netezza misled the CIA by saying that it could deliver the software on its new hardware, to a tight deadline.

The Predator B

When the software firm then refused to rush the job, it's claimed, Netezza illegally and hastily reverse-engineered IISi's code to deliver a version that produced locations inaccurate by up to 13 metres. Despite knowing about the miscalculations, the CIA accepted the software, court submissions indicate.

IISi is now seeking an injunction to ban Netezza and the CIA from using the software or any derivative of it, in any context.

The relationship between the two firms dates back to 2006, when IISi signed up to resell Netezza data warehousing kit combined with Geospatial.

The code allows users, for example, "to incorporate and cross-reference vast amounts of business data with geographic location within the same database, and enable events (such as... a cell phone signal moving from one tower to another) to be matched with personal characteristics in the database (such as... the identity of the person whose cell phone signal has moved from one tower to another)", according to IISi's court filings.

Such techniques - quickly combining intelligence with live mobile phone surveillance from the air - are reportedly central to the CIA's targeting of missile strikes by unmanned aircraft.

They want to kill people with my software that doesn't work

The partnership between the two firms strengthened, and in August 2008 Netezza acquired exclusive rights to distribute Geospatial, alongside its NPS hardware. By August last year, Netezza was starting to promote its next generation appliance, TwinFin. Whereas NPS was based on IBM's Power PC chip architecture, the TwinFin relies on cheaper x86 silicon. As a result, Geospatial would not run on the new gear.

Nevertheless, Netezza sales staff sold Geospatial running on TwinFin to a "US government customer", which later turned out to be the CIA. The purchase order, totalling $1.18m, via an obscure Virginia IT consultancy, came through on 11 September last year. This despite - as claimed in IISi court documents - that the software product referred to on the order "in fact did not exist".

Up to this point IISi had done little work porting Geospatial, as its engineers had not had physical access to a TwinFin. Indeed, the agreement between the two firms did not require IISi to support the new machines - a fact confirmed last month by a Boston judge - but it agreed to begin the process in September 2009.

Netezza supplied the software firm with TwinFin hardware on 1 October. Within a week, Richard Zimmerman, IISi's CTO reported that porting Geospatial was "proving fraught with difficulties" and would take at least two months.

Two days later, on 9 October, the relationship took a strange turn. Jon Shepherd, Netezza's "general manager, location-based solutions" called Zimmerman to pressure him to deliver the code quicker, court documents say.

"He basically told me the CIA... wanted to use [Geospatial] to target Predator drones in Afganistan and that, quote/unquote, it was our patriotic duty to work with them to get [Geospatial] ported to the TwinFin as fast as possible and that we need to have a phone conversation the next day to discuss that," Zimmerman said in a sworn deposition to the court.

"Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake."

During a conference call the next day, Netezza CEO Jim Baum repeated Shepherd's claims that national security demanded IISi's help, according to the deposition. Shepherd suggested the CIA would accept untested code in chunks, Zimmerman said.

"My reaction was one of stun, amazement that they want to kill people with my software that doesn't work," he said.

According to the affidavit of IISi CEO Paul Davis, who was also on the conference call, his firm did not previously know Netezza had sold the undeveloped product, let alone for deadly application by the CIA.

In an email to Baum two days later, on Columbus day 2009, Davis wrote: "Jon [Shepherd's] statement, apparently endorsed by Jim [Baum] that the customer can 'just work with whatever we give them' is not consistent with how IISi works. And we don't really believe that is how our national security agencies work. Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake."

Beginner's guide to SSL certificates

Next page: Enter Skip

More from The Register

next story
Ellison: Sparc M7 is Oracle's most important silicon EVER
'Acceleration engines' key to performance, security, Larry says
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Lenovo to finish $2.1bn IBM x86 server gobble in October
A lighter snack than expected – but what's a few $100m between friends, eh?
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Hey, what's a STORAGE company doing working on Internet-of-Cars?
Boo - it's not a terabyte car, it's just predictive maintenance and that
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.