= CIA 2010 covert communication websites
{c}
{created=2023-06-10}
{scope}
{tag=Ciro Santilli's naughty projects}
{tag=Ciro Santilli's data projects}
{tag=Open-source intelligence}
{tag=Digital preservation}
{title2=Iran, China}
{updated=2025-05-30}
This article is about <cutout (espionage)>[covert agent communication channel] websites used by the <CIA> in many countries from the mid 2000s until the early 2010s, when they were uncovered by <counter intelligence> of some of the targeted countries, notably <Iran> and <China>, circa 2010-2013.
This article uses publicly available information to publicly disclose for the first time a few hundred of what we feel are extremely likely candidate sites of the network. The starting point for this research was the <Reuters article>[September 2022 Reuters article "America’s Throwaway Spies"] which for the first time gave <The Reuters websites>[nine example websites], and their https://citizenlab.ca/2022/09/statement-on-the-fatal-flaws-found-in-a-defunct-cia-covert-communications-system/[analyst from Citizenlabs claims to have found 885 websites] in total, but did not publicly disclose them. Starting from only the nine disclosed websites, we were then able to find a few hundred websites that share so many similarities with them, i.e. a common <fingerprint>, that we believe makes them beyond reasonable doubt part of the same network.
If you enjoy this article, consider dropping some <Monero> at: \b[4A1KK4uyLQX7EBgN7uFgUeGt6PPksi91e87xobNq7bT2j4V6LqZHKnkGJTUuCC7TjDNnKpxDd8b9DeNBpSxim8wpSczQvzf] so I can waste it on my <OurBigBook.com>[foolish attempts to improve higher education]. Other sponsorship methods: <sponsor>{full}.
\Image[https://raw.githubusercontent.com/cirosantilli/media/master/CIA_Star_Wars_website_promo.jpg]
{height=700}
\Video[https://www.youtube.com/watch?v=TFfuzZC5Qpc]
{title=How I found a <Star Wars> website made by the <CIA> by <Ciro Santilli>}
{description=Slightly edited VOD of the talk <Aratu Week 2024 Talk by Ciro Santilli>.}
{height=600}
The discovery of these websites by <Iranian> and <Chinese> counterintelligence led to the imprisonment and execution of several assets in those countries, and subsequent shutdown of the channel by the CIA when they noticed that things had gone wrong. This is likely a Wikipedia page that talks about the disastrous outcome of the websites being found out: https://en.wikipedia.org/wiki/2010%E2%80%932012_killing_of_CIA_sources_in_China[2010–2012 killing of CIA sources in China], although it contained no mention of websites before <Ciro Santilli> edited it in.
Of particular interest is that based on their language and content, certain of the websites seem to have <USA spying on its own allies>[targeted other democracies such as Germany, France, Spain and Brazil].
If anyone can find others websites, or has better techniques feel free to contact <Ciro Santilli> at: <contact>{full}. Contributions will be clearly attributed if desired. Some of the techniques used so far have been very heuristic, and that added to the limited amount of data makes it almost certain that some websites have been missed. Broadly speaking, there are two types of contributions that would be possible:
* finding new IP ranges: harder and more exiting, and potentially requires more intelligence
* better <data sources>[IP to domain name databases] to <Find missing hits in IP ranges>[fill in known gaps in existing IP ranges]
The fact that https://citizenlab.ca/2022/09/statement-on-the-fatal-flaws-found-in-a-defunct-cia-covert-communications-system/[citizenlabs reported exactly 885 websites being found] makes it feel like they might have found find a better fingerprint which we have not managed to find yet. We have not yet had to pay for our data. If someone wants to donate to the research, some ideas include:
* dump \$400 on <WhoisXMLAPI> to dump whois history of all known hits and search for other matches. <IP and DNS metadata>[Small discoveries were made like this in the past] and we'd expect a few more to be left. We don't expect huge breakthroughs from this, but at only \$400 it is not so bad
* dump a lot more (\$15k+? needs confirmation as opaque pricing) on <DomainTools>. We are not certain that they have any superior data since there is no free trial of any kind, but it would be interesting to test the quality of the data they acquired from <Farsight DNSDB> if you are really loaded
Disclaimers:
* the network fell in 2013, followed by fully public disclosures in 2018 and 2022, so we believe that the benefit of giving the public this broader historic understanding outweighs the risks that agents could be found so many years later by sloppy secret services
* <Ciro Santilli>'s political bias is <Ciro Santilli's campaign for freedom of speech in China>[strongly pro-democracy and anti-dictatorship], but with a good pinch of skepticism about the morality US foreign policy in the last century
May this article serve as a tribute to those who spent their days making, using, and uncovering these websites under the shadows.
Back to article page
