Feeds

CIA used 'illegal, inaccurate code to target kill drones'

'They want to kill people with software that doesn't work'

Internet Security Threat Report 2014

The CIA is implicated in a court case in which it's claimed it used an illegal, inaccurate software "hack" to direct secret assassination drones in central Asia.

The target of the court action is Netezza, the data warehousing firm that IBM bid $1.7bn for on Monday. The case raises serious questions about the conduct of Netezza executives, and the conduct of CIA's clandestine war against senior jihadis in Afganistan and Pakistan.

The dispute surrounds a location analysis software package - "Geospatial" - developed by a small company called Intelligent Integration Systems (IISi), which like Netezza is based in Massachusetts. IISi alleges that Netezza misled the CIA by saying that it could deliver the software on its new hardware, to a tight deadline.

The Predator B

When the software firm then refused to rush the job, it's claimed, Netezza illegally and hastily reverse-engineered IISi's code to deliver a version that produced locations inaccurate by up to 13 metres. Despite knowing about the miscalculations, the CIA accepted the software, court submissions indicate.

IISi is now seeking an injunction to ban Netezza and the CIA from using the software or any derivative of it, in any context.

The relationship between the two firms dates back to 2006, when IISi signed up to resell Netezza data warehousing kit combined with Geospatial.

The code allows users, for example, "to incorporate and cross-reference vast amounts of business data with geographic location within the same database, and enable events (such as... a cell phone signal moving from one tower to another) to be matched with personal characteristics in the database (such as... the identity of the person whose cell phone signal has moved from one tower to another)", according to IISi's court filings.

Such techniques - quickly combining intelligence with live mobile phone surveillance from the air - are reportedly central to the CIA's targeting of missile strikes by unmanned aircraft.

They want to kill people with my software that doesn't work

The partnership between the two firms strengthened, and in August 2008 Netezza acquired exclusive rights to distribute Geospatial, alongside its NPS hardware. By August last year, Netezza was starting to promote its next generation appliance, TwinFin. Whereas NPS was based on IBM's Power PC chip architecture, the TwinFin relies on cheaper x86 silicon. As a result, Geospatial would not run on the new gear.

Nevertheless, Netezza sales staff sold Geospatial running on TwinFin to a "US government customer", which later turned out to be the CIA. The purchase order, totalling $1.18m, via an obscure Virginia IT consultancy, came through on 11 September last year. This despite - as claimed in IISi court documents - that the software product referred to on the order "in fact did not exist".

Up to this point IISi had done little work porting Geospatial, as its engineers had not had physical access to a TwinFin. Indeed, the agreement between the two firms did not require IISi to support the new machines - a fact confirmed last month by a Boston judge - but it agreed to begin the process in September 2009.

Netezza supplied the software firm with TwinFin hardware on 1 October. Within a week, Richard Zimmerman, IISi's CTO reported that porting Geospatial was "proving fraught with difficulties" and would take at least two months.

Two days later, on 9 October, the relationship took a strange turn. Jon Shepherd, Netezza's "general manager, location-based solutions" called Zimmerman to pressure him to deliver the code quicker, court documents say.

"He basically told me the CIA... wanted to use [Geospatial] to target Predator drones in Afganistan and that, quote/unquote, it was our patriotic duty to work with them to get [Geospatial] ported to the TwinFin as fast as possible and that we need to have a phone conversation the next day to discuss that," Zimmerman said in a sworn deposition to the court.

"Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake."

During a conference call the next day, Netezza CEO Jim Baum repeated Shepherd's claims that national security demanded IISi's help, according to the deposition. Shepherd suggested the CIA would accept untested code in chunks, Zimmerman said.

"My reaction was one of stun, amazement that they want to kill people with my software that doesn't work," he said.

According to the affidavit of IISi CEO Paul Davis, who was also on the conference call, his firm did not previously know Netezza had sold the undeveloped product, let alone for deadly application by the CIA.

In an email to Baum two days later, on Columbus day 2009, Davis wrote: "Jon [Shepherd's] statement, apparently endorsed by Jim [Baum] that the customer can 'just work with whatever we give them' is not consistent with how IISi works. And we don't really believe that is how our national security agencies work. Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake."

Top 5 reasons to deploy VMware with Tegile

Next page: Enter Skip

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
SDI wars: WTF is software defined infrastructure?
This time we play for ALL the marbles
'Urika': Cray unveils new 1,500-core big data crunching monster
6TB of DRAM, 38TB of SSD flash and 120TB of disk storage
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Oracle hires former SAP exec for cloudy push
'We know Larry said cloud was gibberish, and insane, and idiotic, but...'
Symantec backs out of Backup Exec: Plans to can appliance in Jan
Will still provide support to existing customers
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.