recommended reading

The CIA Might Have Your Password After All

Carlos Amarillo/

The CIA has been earning rave reviews for the pitch-perfect comedy of its newly created Twitter account.

But while facetious tweets like "No, we don't know where Tupac is" or "We can neither confirm nor deny that this is our first tweet" have lent a little levity to an intelligence community buried by Edward Snowden's airing of its spy-program laundry, the comedy has not dissuaded journalists from fact-checking at least one of the account's claims.

In a lengthy article Friday, Washington Post journalist Barton Gellman attempted to answer some questions that have surfaced since he reported last week on a new Snowden leak. Buried deep in the report is a two-paragraph gem that says the CIA's Twitter, while funny, is also propagating misinformation.

The CIA opened a Twitter account last month and has used cheeky humor to win a large following in a short time. On Monday, the account sent out this announcement: "No, we don't know your password, so we can't send it to you." It went viral, with more than 12,000 retweets.

As it happens, the [National Security Agency] files we examined included 1,152 "minimized U.S. passwords," meaning passwords to American e-mail and chat accounts intercepted from U.S. data links. Don't expect tech support from Langley, but the CIA does have access to that raw traffic.

Those numbers come from a batch of 160,000 intercepted communications provided by Snowden, a tiny sample of the Internet data the NSA routinely collects. U.S. communications that are incidentally collected during surveillance of a foreign target are required to be "minimized," meaning there are limits to how they can be searched. But such searches are not forbidden, and, Gellman notes, agencies can distribute U.S. identities in reports to one another.

Gellman's big NSA exposé last week claimed that the vast majority of Internet accounts monitored by U.S. intelligence agencies do not belong to overseas targets, but instead to ordinary Internet users who communicate directly with those targets.

The implications of Gellman's story are profound and serious, and partially refute some findings in a report from the president's independent privacy-watchdog panel, which declared the NSA's foreign surveillance techniques legal and effective.

The CIA Twitter account's may be attempting to leverage levity for flexibility with the facts, but that's unlikely to quell the horde of anti-surveillance activists who claim the intelligence community has persistently been misleading and dishonest about the true magnitude of its spy programs.

(Image via Carlos Amarillo/

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.