= CIA 2010 covert communication websites
{c}
{scope}
{tag=Ciro Santilli's naughty projects}
{tag=Ciro Santilli's data projects}
{tag=Open-source intelligence}
{tag=Digital preservation}
{title2=Iran, China}
This article is about <cutout (espionage)>[covert agent communication channel] websites used by the <CIA> in many countries from the late 2000s until the early 2010s, when they were uncovered by <counter intelligence> of the targeted countries circa 2010-2013.
This article uses publicly available information to publicly disclose for the first time a few hundred of what we feel are extremely likely candidate sites of the network. The starting point for this research was the <Reuters article>[September 2022 Reuters article "America’s Throwaway Spies"] for the first time gave <The Reuters websites>[nine example websites], and their https://citizenlab.ca/2022/09/statement-on-the-fatal-flaws-found-in-a-defunct-cia-covert-communications-system/[analyst from Citizenlabs claims to have found 885 websites] in total, but did not publicly disclose them. Starting from only the nine disclosed websites, we were then able to find a few hundred websites that share os many similarities with them, i.e. a common <fingerprint>, that we believe makes them beyond reasonable doubt part of the same network.
\Image[https://raw.githubusercontent.com/cirosantilli/media/master/CIA_Star_Wars_website_promo.jpg]
{height=700}
\Video[https://www.youtube.com/watch?v=TFfuzZC5Qpc]
{title=How I found a <Star Wars> website made by the <CIA> by <Ciro Santilli>}
{description=Slightly edited VOD of the talk <Aratu Week 2024 Talk by Ciro Santilli>.}
{height=600}
The discovery of these websites by <Iranian> and <Chinese> counterintelligence led to the imprisonment and execution of several assets in those countries, and subsequent shutdown of the channel by the CIA when they noticed that things had gone wrong. This is likely a Wikipedia page that talks about the disastrous outcome of the websites being found out: https://en.wikipedia.org/wiki/2010%E2%80%932012_killing_of_CIA_sources_in_China[2010–2012 killing of CIA sources in China], although it contained no mention of websites before <Ciro Santilli> edited it in.
Of particular interest is that based on their language and content, certain of the websites seem to have <USA spying on its own allies>[targeted other democracies such as Germany, France, Spain and Brazil].
If anyone can find others websites, or has better techniques feel free to contact <Ciro Santilli> at: <contact>{full}. Contributions will be clearly attributed if desired. Some of the techniques used so far have been very heuristic, and that added to the limited amount of data makes it almost certain that some websites have been missed. Broadly speaking, there are two types of contributions that would be possible:
* finding new IP ranges: harder and more exiting, and potentially requires more intelligence
* better IP to domain name databases to <Find missing hits in IP ranges>[fill in known gaps in existing IP ranges]
The fact that https://citizenlab.ca/2022/09/statement-on-the-fatal-flaws-found-in-a-defunct-cia-covert-communications-system/[citizenlabs reported exactly 885 websites being found] makes it feel like they might have found find a better fingerprint which we have not managed to find yet. We have not yet had to pay for our data.
Disclaimers:
* the network fell in 2013, followed by fully public disclosures in 2018 and 2022, so we believe it is now more than safe for the public to know what can still be uncovered about the events that took place
* <Ciro Santilli>'s political bias is <Ciro Santilli's campaign for freedom of speech in China>[strongly pro-democracy and anti-dictatorship], but with a good pinch of skepticism about the morality US foreign policy in the last century
May this article serve as a tribute to those who spent their days making, using, and uncovering these websites under the shadows.
Back to article page