Iran War: CIA Intelligence War, a ‘Windfall for China’ as China Rebuilds Middle East Intelligence Network
A European intelligence expert has pointed out that as the Iran war becomes the ultimate intelligence battle, it presents a windfall opportunity for China to build an intelligence network in the Middle East.
Dr. Ahana Datta Parcel, a former cyber leader for the UK government and the cyber chief at the Financial Times, wrote on the 15th in Euractive under the title "<Iran Offers China Huge Intelligence Opportunities>" that "competition between great powers often stems from weaknesses in the competitive system, and Beijing will not overlook Iran's current vulnerability," stating that "Iran's current turmoil could be a windfall for China in intelligence gathering."
Dr. Parcel stated, "As Tehran's security leadership collapses and its cyber capabilities become targets for Israel, Beijing can gain operational lessons, deepen surveillance, and expand its regional influence."
He added, "Crisis situations within competitive intelligence systems create rare negotiation opportunities; China has utilized such opportunities in the past and is highly likely to do so in the future." In his contribution, he noted, “The process of Israel preparing for Operation 'Epic Fury'—hacking Tehran CCTVs, tapping the phones of political elites, and infiltrating popular prayer apps—will serve as a lesson for Beijing’s Taiwan emergency planners.”
He assessed that “while Beijing appeared to have lost diplomatic influence in the Middle East following the outbreak of the Gaza War, the destabilization of Iran now provides China with an opportunity to draw Tehran and other regional partners into its sphere of influence.”
He stated, “China can provide surveillance infrastructure, digital governance tools, and deepened intelligence cooperation without military intervention that would antagonize Washington,” adding that “by positioning itself as a mediator and trusted dialogue partner, it can expand its regional influence while maintaining strategic flexibility.”
Due to the long-standing intelligence relationship between Iran and China, malware jointly created by the United States and Israel damaged thousands of nuclear centrifuges at Iran's Natanz uranium enrichment plant in 2009; humiliated by the precision of U.S. and Israeli cyber operations in the wake of this fatal incident, Iranian authorities began compiling a list of internal informants.
The contributor stated, “What happened afterward was one of the worst counterintelligence failures in CIA history,” adding, “At the time, the CIA was relying on decrypted communications systems designed for short-term use in the hostile environments of Iran and China. Following the Natanz disaster, China’s Ministry of State Security (MSS) began arresting and detaining CIA informants, many of whom were executed. Simultaneously, the CIA network within Iran was also exposed.
The MSS of the People’s Republic of China infiltrated the communications system, and U.S. authorities suspected that one intelligence agency was leaking information to another. U.S. intelligence agencies suffered a generational setback. The collapse of both networks suggested that Beijing was not merely observing the crisis in Tehran but was profiting from it.”
On May 20, 2017, The New York Times reported, “The Chinese government has systematically dismantled the CIA’s surveillance activities within China since 2010, killing or imprisoning more than 12 informants over two years and paralyzing intelligence gathering for years to come,” and [stated] “Current Former U.S. officials described this intelligence leak as one of the most serious incidents in decades.
As a result, Washington’s intelligence and law enforcement agencies scrambled to contain the fallout, but investigators were severely divided over the cause; some were convinced that a spy within the CIA had betrayed the United States, while others believed that China had hacked the secret systems the CIA used to communicate with foreign informants. Years later, the debate remains unresolved, the report stated.
The NYT continued, “There was no disagreement regarding the damage, and according to former U.S. officials, China killed at least 12 CIA sources between late 2010 and late 2012.” It added, “According to three sources, one was shot in front of colleagues in a government building courtyard, a message intended for others who may have worked for the CIA. Others were imprisoned.” According to former senior U.S. officials, China has killed or imprisoned between 18 and 20 CIA informants within China and has effectively dismantled networks built over several years.
At Euractive, Dr. Parcel stated, "China's counterintelligence capabilities are even more powerful today," adding, "The Bolt Typhoon hacking campaign that breached U.S. Navy logistics hubs, as well as Salt Typhoon intrusions targeting U.S. telecommunications carriers and even congressional staff, demonstrate the growing scale of Beijing's cyber influence."
He noted that these operations are not merely espionage activities; as they are increasingly designed to shape political and military perceptions, the Iran crisis now presents Beijing with two strategic opportunities.
The first strategy involves increasing Iran's reliance on cyber operations to replace the weakening of Iran's conventional military capabilities in a prolonged war. Prior to the war, Iran's cyber capabilities relied on its intelligence service and the Iranian Revolutionary Guard Corps, whose leadership was killed in concentrated casualties during the first day of airstrikes.
In China's response to the Iran war, the expansion of a broad ecosystem of contract hackers—operating at a distance from direct government relations and collaborating with Iranian cyber actors— Dr. Parsell diagnosed that this is possible.
He suggested that they could exploit the confusion through "masked" attacks to conceal those responsible, viewing this as applying to Taiwan the same tactics Israel used in Operation Epic Fury: hacking Tehran CCTVs, tapping political elites' phones, and infiltrating popular prayer apps.
The Iran war is maximizing political and technological influence in information cyber warfare.
China, which had been sidelined during the long Gaza War, is now able to provide surveillance infrastructure, digital governance tools, and advanced intelligence cooperation to countries in the Middle East without military intervention that would antagonize Washington. By positioning itself as a key mediator and trusted dialogue partner in cyber warfare, it can expand its regional influence while maintaining strategic flexibility.
Dr. Parsell stated, "This dual path reflects China's broad approach to great power competition," adding, "Cyber power is not merely about destruction but about shaping perceptions of credibility and stability. This is particularly true in the unstable Gulf region, where the U.S. has not yet presented a clear definition of victory, as Israel may not align with that definition." “Therefore, this perception of trust and stability is even more important, particularly for European allies exposed to regional instability and technological influence,” he stated.
Dr. Ahana Datta Parcel, a former cyber chief at a UK government agency, is the author of the upcoming book *Full-Stack Spy: Cyber Spy in the Era of US-China Competition*.
Reuters reported on the 2010 search for a CIA informant who had infiltrated Iran under the headlines *America’s Abandoned Spy* and *The Story of the CIA’s Failure Against Iranian Informants in a Secret War with Tehran* on September 29, 2022.
Citing from Reuters’ reporting, which covered six years of investigation, the following outlines the inside story of how the CIA hired an electrical engineering expert as a secret agent to use in a surprise attack on Iranian nuclear facilities, as well as the process of the failed arrest and punishment:
The spy was arrested during airport departure procedures just before leaving Iran.
Gholamreza Hosseini was preparing for a flight to Bangkok at Tehran Imam Khomeini Airport in late 2010. There, the Iranian industrial engineer met with CIA officials. However, before paying the exit tax, the airport ATM His card was rejected as invalid. A short time later, a security officer asked to see his passport before escorting Hosseini.
Hosseini said he was escorted to an empty VIP lounge and told to sit on a sofa turned toward the wall. Left alone for a moment with no security cameras in sight, Hosseini reached into his pants pocket and pulled out a memory card filled with state secrets. This card could now be used to hang him. He put the card in his mouth, chewed it into pieces, and swallowed it.
Not long after, intelligence agents entered the room and the interrogation began, with beatings occurring intermittently, Hosseini recounted. His wife and data destruction were futile; they seemed to already know everything. But how?
"These are things I have never told anyone in the world," Hosseini told Reuters. While his mind was racing, Hosseini even suspected that the CIA itself had sold him out.
Iranian engineer Gholamreza Hosseini was nearly convicted of spying for the U.S. Central Intelligence Agency (CIA). He was imprisoned in a Tehran prison for 10 years. He told Reuters that the agency abandoned him after his arrest in 2010.
Rather than betrayal, Hosseini was a victim of CIA negligence, a conclusion reached after Reuters spent a year investigating the CIA's handling of informants. A flawed CIA secret communications system allowed Iranian intelligence agencies to easily identify and arrest him. Speaking out for the first time after nearly a decade of imprisonment, Hosseini stated that he never received contact from the agency again after his release in 2019.
The CIA declined to comment on Hosseini's statements.
Hosseini's experience of being mishandled and abandoned was not unique. In interviews with six former Iranian CIA informants, Reuters revealed that while the agency focused on intelligence gathering within Iran, it acted carelessly in other areas as well, putting these informants at risk of their lives to help the United States.
One informant stated that the CIA instructed him to drop information in Turkey, knowing that the location was under Iranian surveillance. Another The man claims that a former government employee who traveled to Abu Dhabi to obtain a U.S. visa was arrested upon his return after a CIA agent there attempted to frame him as a U.S. spy and failed.
Such aggressive actions by the CIA sometimes put ordinary Iranians at risk, with little chance of obtaining critical information. When they were arrested, the agency provided no support to the informants or their families, Iranians said years later.
Former CIA Counterintelligence Director James Olson stated that he was not aware of such specific cases. However, he noted that the agency's unnecessary compromise with sources signifies a professional and ethical failure.
"If we were infiltrated carelessly or recklessly, we should be ashamed," Olson told Reuters. "If people paid the price and were punished for trusting us and sharing information, we have failed morally."
News reports and three former U.S. national security officials told Reuters that these individuals were imprisoned as part of Iran's aggressive counter-intelligence purge that began in 2009, a campaign made possible in part by a series of CIA mistakes.
At the time, Tehran claimed in state media reports that it had eventually secured dozens of CIA informants through a search for internal spies.
To tell this story, Reuters conducted dozens of hours of interviews with six Iranians convicted of espionage by the government between 2009 and 2015.
To verify their statements, Reuters interviewed 10 former U.S. intelligence officials familiar with operations in Iran; reviewed Iranian government records and news reports; and interviewed people who knew the spies. Former or current U.S. officials interviewed by Reuters did not confirm or disclose the identity of the CIA source.
The CIA declined to comment specifically on the findings of Reuters' investigation or intelligence operations in Iran. A spokesperson stated that the CIA is doing its utmost to protect those working with it.
The Iranian Ministry of Foreign Affairs and the Permanent Mission to the United Nations in New York did not respond to requests for comment.
Hosseini was the only one of the six people interviewed by Reuters to say he was assigned vulnerable messaging tools. However, according to an analysis by two independent cybersecurity experts, the now-defunct covert online communications system used by Hosseini (discovered by Reuters in the Internet Archive) may have exposed at least 20 Iranian spies and hundreds of informants operating in other countries around the world.
This messaging platform operated until 2013 and was hidden within basic news and hobby websites that allowed spies to connect with the CIA. Reuters confirmed the existence of this group with four former U.S. officials.
These failures continue to plague the agency years later. The New York Times reported that in a series of internal cables last year, CIA leadership warned that it had lost most of its intelligence network within Iran and that poor intelligence continues to threaten the agency's mission globally.
The CIA considers Iran one of its most difficult targets. Since Iranian students occupied the U.S. embassy in Tehran in 1979, the United States has had no diplomatic presence in the country.
CIA agents are instead forced to recruit potential agents from outside Iran or through online connections. Due to a lack of a local presence, U.S. intelligence agencies are at a disadvantage in incidents such as the protests surrounding the death of a woman arrested for violating religious dress codes.
Much has been written about the decades-long shadow war between Iran and Washington; while both sides have avoided full-scale military conflict, they have engaged in sabotage, assassinations, and cyberattacks. However, six sources interviewed for the first time by Reuters have delivered unprecedented, direct testimonies about the deadly spy game from the perspective of Iranians who served as CIA infantry. These six Iranians were sentenced to prison terms ranging from five to ten years. Four of them, including Hosseini, remained in Iran after their release and are at risk of re-arrest. Two others left the country and became stateless refugees.
The six admitted that CIA officials never made a firm promise to help them if they were caught. Nevertheless, everyone believed that U.S. support would eventually come.
This crackdown on intelligence could challenge the credibility of the CIA as it attempts to rebuild its intelligence network within Iran. State-run media has reported on some instances, portraying the agencies as incompetent and incapable.
"This is a stain on the U.S. government," Hosseini told Reuters.
Hosseini's entry into espionage came after he had built a lucrative career following a steep path. Raised in Tehran as the son of a tailor, he learned lathe machining and automotive repair, during which his teachers encouraged him to study industrial engineering at the prestigious Amir Kabir Institute of Technology. Hosseini said that a professor there connected him with a former student linked to the Iranian government, and that student eventually became his business partner.
Founded in 2001, this engineering firm provided services to help companies optimize their energy consumption. Initially, the company worked primarily with food and steel plants, but over time, it secured contracts with the Iranian energy and defense industries.
Hosseini said that the company's success made his family wealthy, allowing them to buy a large house, drive imported cars, and take vacations abroad. However, his business faltered in the years following the election of President Mahmoud Ahmadinejad, who served from 2005 to 2013.
U.S. rhetoric was escalating attacks against Ahmadinejad. Washington viewed the Iranian president as a dangerous provocateur obsessed with developing nuclear weapons.
As his business wavered, Hosseini began to feel that his life was being destroyed by a corrupt regime, and he felt that the government was too unstable to allow the acquisition of nuclear weapons. His anger grew. He said that one day in 2007, he opened the CIA's public website, clicked the link, and contacted the agency: "I am an engineer who worked at the Natanz nuclear facility, and I have information," he wrote in Persian.
Natanz, located 200 miles south of Tehran, is a major uranium enrichment facility. According to web records from Hosseini's engineering company in 2007, the company was involved in a civilian power project.
A month later, to his surprise, Hosseini said he received a reply from the CIA.
Three months after that contact, Hosseini said he flew to Dubai. At the fashionable shopping market Souk Madiat Jumeirah, he found a blonde woman holding a black book. He stood outside the restaurant where they had arranged to meet, and she arrived with a man.
The restaurant manager escorted them to a quiet table in the corner. The woman introduced herself as Chris and spoke in English, with her colleague interpreting into Persian. As she sipped a glass of champagne, Chris told her that they were the people Hosseini had been messaging on a Google chat platform for the past few months. She asked about Hosseini's work.
Hosseini explained that his company had undertaken a contract a few years ago to optimize power flow at the Natanz site. This involved a complex balancing operation to spin centrifuges at the precise speeds required for uranium enrichment. Located in central Iran, Natanz was the core of the Tehran nuclear program, and the government stated that the program aimed at civilian power generation. However, Washington viewed Natanz as the key to Iran's push to acquire nuclear weapons.
Hosseini told Chris that his company was a subcontractor for Kalayeh Electric, which was sanctioned by the U.S. government in 2007 on suspicion of involvement in Iran's nuclear development program. He also added that they were seeking additional contracts at other sensitive nuclear and military facilities.
The next day, the three met again, this time in Hosseini's hotel room overlooking the Gulf. Hosseini spread out a maze-like map on his desk and showed the electricity connected to the Natanz nuclear facility. Hosseini recalled that Chris's jaw dropped when he did so.
Hosseini explained that although the map was several years old, the records of the power flowing into the facility served as a baseline for Washington to estimate the number of centrifuges currently in operation. He believed that this evidence could be used to assess the progress of processing the highly enriched uranium needed for nuclear weapons.
Hosseini stated that although he did not know it at the time, Natanz was already a target of U.S. authorities. That same year, security analysts concluded that Washington and Israel would launch cyber weapons to destroy the centrifuges and infect them with viruses, thereby paralyzing Natanz's uranium enrichment for years.
In a subsequent meeting, Hosseini said that the CIA had asked him to identify a broader U.S. target—specifically, key points within Iran's national power grid that could cause a long-term, paralyzing blackout if attacked by missiles or saboteurs.
Hosseini stated that he continued to meet with the CIA a total of seven times over three years in Thailand and Malaysia. To demonstrate his travel, Hosseini submitted photos of entry stamps on all passports except for the first two, stating that he used older, now-defunct passports for those first two trips.
As the relationship progressed, Hosseini noted that Chris was replaced by a male handler, who worked alongside technical experts capable of understanding his engineering jargon and officials described as higher-ranking in CIA operations in Iran.
The new role motivated Hosseini and instilled a sense of urgency and purpose in his work. He moved busily to secure contracts that would provide greater access to the intelligence the CIA desired. He revealed that his firm had secured a contract with a division of Setad, a large enterprise controlled by Iran's Supreme Leader Ayatollah Ali Khamenei, to assess the power demands of a massive shopping and commercial building project in northern Tehran.
When the state-owned power company Tabanir stated that it lacked sufficient power to meet the project's massive demands for the extensive development, Hosseini was asked by the company to conduct an in-depth analysis of the national power grid. Through this, he was able to access maps showing how electricity flowed to nuclear and military facilities, and how key points of the network could be destroyed.
Hosseini said that in August 2008, one year after becoming a spy, he met with an older, broad-shouldered CIA agent and others at a hotel in Dubai.
Recalling the CIA agent's words, "We must expand our commitments," Hosseini said the agent handed him a piece of paper and asked him to sign a pledge promising not to provide the information he shared to other governments. Two former CIA officials stated that this was a CIA practice intended to deepen the commitment of informants.
Another CIA agent attending the meeting showed Hosseini a basic Persian football news website called Iraniangoals.com, a secret communications system that allowed him to contact his associates. Entering a password into the search bar would open a secret message window, enabling Hosseini to send information and receive instructions from the CIA.
When Hosseini lamented missing his daughter's third birthday during a trip, a CIA agent bought him a teddy bear to give to the child.
What Hosseini was unaware of was that the world's most powerful intelligence agency had provided him with a tool that could potentially lead to his arrest.
In 2018, Yahoo News reported that a flawed web-based secret communications system resulted in the arrest and execution of dozens of CIA informants in Iran and China.
Reuters found the secret CIA communications site identified by Hosseini's Iraniangoals.com in the Internet Archive, which remains publicly available. Reuters subsequently asked two independent cyber analysts—Bill Marchak of the University of Toronto’s Citizen Lab and Jack Edwards of Victory Medium—to investigate how Iran exploited vulnerabilities in the CIA’s own technology to reveal the identities of Hosseini and other CIA informants. Both are privacy and cybersecurity experts with experience analyzing electronic intelligence operations. This effort represents the first independent technical analysis of an intelligence failure.
Marchak and Edwards quickly discovered that a secret message window hidden within Iraniangoals.com could be found simply by right-clicking the page to display the website code.
This code contained descriptions of secret functions, including the words "message" and "compose," making it easy to find clues that the site had built-in messaging capabilities. The search bar code for activating the secret messaging software was labeled "password."
The independent analysts concluded that the Iraniangoals.com site was not a custom, high-end spy technology, but rather one of hundreds of websites mass-produced by the CIA to provide to sources. These basic sites were dedicated to topics such as beauty, fitness, and entertainment, and included Star Wars fan pages and a page dedicated to the late American talk show host Johnny Carson.
Two former CIA officials told Reuters that each fake website was assigned to only a single spy, limiting the exposure of the entire network in the event that a single agent was arrested.
However, independent analysts said the CIA made these locations easy to identify.
Marczak found more than 350 websites with the same secret messaging system, all of which had been offline and archived for at least nine years.
Edwards verified his findings and methodology. According to the online records they analyzed, the hosting space for these front-end websites was often purchased in bulk by groups of 12 on the same server space from the same internet provider.
As a result, the numerical identifiers—the IP addresses—of many websites appeared sequentially, like houses on the same street. Citizen Lab researcher Marjak stated, "The CIA really failed at this," adding that this secret messaging system was a "conspicuous presence."
Furthermore, some of the sites had very similar names.
In fact, while Hosseini was communicating with the CIA via Iraniangoals.com, a site called Iraniangoalkicks.com was created for another informant.
Analysts revealed that out of the more than 350 sites produced by the CIA, at least 20 appeared to be messaging platforms for Iranian agents.
All these features allowed Iranian intelligence agencies to discover additional pages used by other CIA informants simply by finding out that a single spy was using this website.
Once those sites were identified, arresting those agents would have been simple. In reality, Iran only had to wait for who would appear. Essentially, the CIA used the same thicket of bushes for informants around the world. Analysts said that any cautious intelligence competitor would have been able to detect it.
Reuters reported that analysts stated, “This vulnerability extends far beyond Iran,” adding that “these websites, written in multiple languages, appear to serve as a channel for communicating with CIA agents in at least 20 countries, including China, Brazil, Russia, Thailand, and Ghana.”