CIA 2010 covert communication websites / Oleg Shakirov's findings Updated 2025-07-16
View more
Starting at twitter.com/shakirov2036/status/1746729471778988499, Russian expat Oleg Shakirov comments "Let me know if you are still looking for the Carson website".
He then proceeded to give Carson and 5 other domains in private communication. His name is given here with his consent. His advances besides not being blind were Yandexing for some of the known hits which led to pages that contained other hits:
Unfortunately, these methods are not very generalizable, and didn't lead to a large number of other hits. But every domain counts!
Read the full article
CIA 2010 covert communication websites / Reuters article Updated 2025-07-16
View more
This is our primary data source, the first article that pointed out a few specific CIA websites which then served as the basis for all of our research.
We take the truth of this article as an axiom. And then all we claim is that all other websites found were made by the same people due to strong shared design principles of the such websites.
Read the full article
CIA 2010 covert communication websites / Reverse engineering Updated 2025-07-16
View more
In this section we document the outcomes of more detailed inspection of both the communication mechanisms (JavaScript, JAR, swf) and HTML that might help to better fingerprint the websites.
Read the full article
CIA 2010 covert communication websites / Searching for Carson Updated 2025-07-16
View more
Edit: Carson was found Oleg Shakirov's findingsby Oleg Shakirov: alljohnny.com, communicated at: twitter.com/shakirov2036/status/1746729471778988499, earliest archive from 2004 (!): web.archive.org/web/20040113025122/http://alljohnny.com/, The domain was hidden in plain sight, it was present in a not very visible watermark visible in the Reuters article screenshot! The watermark was added to the CIA to the background image, it is actually present on the website. In retrospect, it was actually present at on the expired domain trackers dataset, but the mega discrete all second word made Ciro Santilli miss it: github.com/cirosantilli/expired-domain-names-by-day-2015/blob/9d504f3b85364a64f7db93311e70011344cff788/07/05/02#L1572
Figure 1.
2004 Wayback Machine archive of alljohnny.com
.
What follows is the previous
The fact that the Reuters article has a screenshot of it, and therefore a Wayback Machine link, plus the specificity of the website topic, will likely keep Ciro awake at night for a while until someone finds that domain.
Some text visible on the Reuters screenshot:
It is unclear however if this text is plaintext or part of a an image.
Some failed attempts, either dry guesses or from DNS grepping dataset searches:
Searching the Wayback Machine proved fruitless. There is no full text search: Wayback Machine full text search, and a heuristic web.archive.org/web/20230000000000*/Johnny%20Carson search has relevant hits but not the one we want.
Another attempt was to search for "carson" on webmasterhome.cn which lists expired domains in bulk by expiration day, and it search engine friendly. It contains most of the domains we've found so far. Google either doesn't support partial word search or requires you to be a God to find it
so we settle for DuckDuckGo which supports it: duckduckgo.com/?q=site%3Awebmasterhome.cn+%22carson%22&t=h_&ia=web Adding years also helps: duckduckgo.com/?q=site%3Awebmasterhome.cn+%22carson%22+2011&ia=web with this we might be getting all possible results. Ciro went through all in 2011, 2012 and 2013 but no luck. Also fuck en.wikipedia.org/wiki/Carson_City,_Nevada and en.wikipedia.org/wiki/Carson,_California :-)
Let's search tools.whoisxmlapi.com/reverse-whois-search for "carson" contained in any historic domain name. 10,001 lines. Grepping those, no good Wayback machine hits for those that also contain "johnny" or "show". Data at: raw.githubusercontent.com/cirosantilli/media/master/cia-2010-covert-communication-websites/tools.whoisxmlapi.com_reverse-whois-search_carson.csv in case anyone want to try and dig...
Let's also search the fortuitously timed 2013 DNS Census.
Read the full article
CIA 2010 covert communication websites / secure subdomain search on 2013 DNS Census Updated 2025-07-16
View more
Grepping the 2013 DNS Census first by overused CGI comms subdomains secure. and ssl. leaves 200k lines. Grepping for the overused "news" led to hits:
  • secure.worldnewsandent.com,2012-02-13T21:28:15,208.254.40.117
  • ssl.beyondnetworknews.com,2012-02-13T20:10:13,66.104.175.40
Also tried but failed:
OK, after the initial successes in secure., we went a bit more data intensive:
New results: only one...
  • 208.254.42.205 secure.driversinternationalgolf.com,2012-02-13T10:42:20,
After 2013 DNS Census virtual host cleanup heuristic keyword searches we later understood why there were so few hits here: the 2013 DNS Census didn't capture the secure. subdomains of many domains it had for some reason. Shame, because if it had, this method would have yielded many more results.
Read the full article
CIA 2010 covert communication websites / securitytrails.com Updated 2025-07-16
View more
They appear to piece together data from various sources. This is the most complete historical domain -> IP database we have so far. They don't have hugely more data than viewdns.info, but many times do offer something new. It feels like the key difference is that their data goes further back in the critical time period a bit.
TODO do they have historical reverse IP? The fact that they don't seem to have it suggests that they are just making historical reverse IP requests to a third party via some API?
E.g. searching thefilmcentre.com under historical data at securitytrails.com/domain/thefilmcentre.com/history/al gives the correct IP 62.22.60.55.
But searching the IP 62.22.60.55 is empty and there's no historical data option?
Account creation blacklists common email providers such as gmail to force users to use a "corporate" email address. But using random domains like ciro@cirosantilli.com works fine.
Their data seems to date back to 2008 for our searches.
Read the full article
CIA 2010 covert communication websites / Wayback Machine crawl date search Updated 2025-07-16
View more
Many hits appear to happen on the same days, and per-day data does exist: archive.org/details/widecrawl but apparently cannot be publicly downloaded unfortunately. But maybe there's another way? TODO select candidates.
Read the full article
CIA 2010 covert communication websites / SSL certificate Updated 2025-07-16
View more
The CGI comms websites contain the only occurrence of HTTPS, so it might open up the door for a certificate fingerprint as proposed by user joelcollinsdc at: news.ycombinator.com/item?id=36280801!
crt.sh appears to be a good way to look into this:
They all appear to use either of:
Let's try another one for secure.altworldnews.com: search.censys.io/certificates/e88f8db87414401fd00728db39a7698d874dbe1ae9d88b01c675105fabf69b94. Nope, no direct mega hits here either.
Read the full article
CIA 2010 covert communication websites / tb0hdan/domains Updated 2025-07-16
View more
Domain list only, no IPs and no dates. We haven't been able to extract anything of interest from this source so far.
Domain hit count when we were at 69 hits: only 9, some of which had been since reused. Likely their data collection did not cover the dates of interest.
Read the full article
CIA 2010 covert communication websites / The Reuters websites Updated 2025-07-16
View more
But by looking at the URLs of the screenshots they provided from other websites we can easily uncover all others that had screenshots, except for the Johnny Carson one, which is just generically named. E.g. the image for the Chinese one is www.reuters.com/investigates/special-report/assets/usa-spies-iran/screencap-activegaminginfo.com.jpg?v=192516290922 which leads us to domain activegaminginfo.com.
Oleg Shakirov later discovered that the Carson one had its domain written right on the screenshot, as part of a watermark present on the original website itself. Therefore the URLs of all the websites were in one way or another essentially given on the article.
The full list of domains from screenshots is:
Read the full article
CIA 2010 covert communication websites / USA spying on its own allies Updated 2025-08-08
View more
Being Brazilian, Ciro Santilli was particularly curious about the existence of a Brazil-focused mentioned in the Reuters article, as well as in other democracies.
WTF the CIA was doing in Brazil in the early 2010s! Wasn't helping to install the Military dictatorship in Brazil enough!
It is worth noting that democracies represent just a small minority of the websites found. The Middle East, and Spanish language sites (presumably for Venezuela + war on drugs countries?) were the huge majority. But Americans have to understand that democracies have to work together and build mutual trust, and not spy on one another. Even some of the enlightened people from Hacker News seem to not grasp this point. The USA cannot single handedly maintain world order as it once could. Collaboration based on trust is the only way.
Snowden's 2013 revelations particularly shocked USA "allies" with the fact that they were being spied upon, and as of the 2020's, everybody knows this and has "stopped caring", and or moved to end-to-end encryption by default. This is beautifully illustrated in the 2016 film "Snowden" when Snowden talks about his time in Japan working for Dell as an undercover NSA operative:
NSA wanted to impress the Japanese. Show them our reach. They loved the live video from drones. This is Pakistan right now [video shows American agents demonstrating drone footage to Japanese officials]. They were not as excited about that we wanted their help to spy on the Japanese population. They said it was against their laws.
Of course we tapped the entire country anyway.
And we did not stop there. Once we owned their communications systems, we started going after the physical infrastructure.
We'd slip these little sleeper programs into power grids, dams, hospitals. The idea was that if the day came when Japan was no longer an ally, it would be "lights out".
And it wasn't just the Japanese. We were planting malware in Mexico, Germany, Brazil, Austria.
I mean, China, I can understand. Russia. Iran. Venezuela, okay.
But Austria?!
[shows footage of cow on an idyllic Alpine mountain grazing field, suggesting that there is nothing in Austria to spy on]
Video 1.
But Austria?! scene from Snowden (2016)
. Source.
Another noteworthy scene from that movie is Video 2. "Aptitude test on communication networks scene from the 2016 Snowden film", where a bunch of new CIA recruits are told that:
Each of you is going to build a covert communications network in your home city [i.e. their fictitious foreign target location written on each person's desk such as Berlin, Istanbul and Bangkok, not necessarily where they were actually born], you're going to deploy it, backup your site, destroy it, and restore it again.
thus somewhat mirroring what actually happened with these real world websites.
Video 2.
Aptitude test on communication networks scene from the 2016 Snowden film
. Source.
Read the full article
CIA 2010 covert communication websites / viewdns.info Updated 2025-07-16
View more
Accounts used so far: 6 (1500 reverse IP checks).
Their historic DNS and reverse DNS info was very valuable, and served as Ciro's the initial entry point to finding hits in the IP ranges given by Reuters.
Generic information about the website not specific on this project will be stored at: Section "viewdns.info".
Since this source is so scarce and valuable, we have been quite careful to note down all the domain and IP ranges that have been explored.
At news.ycombinator.com/item?id=38496244, the creator of the viewdns.info, "Hughesey", also stated that he'd able to give some free credits for public research projects such as this one. This would have saved up going to quite a few Cafes to get those sweet extra IPs! But it was more fun in hardmode, no doubt.
We do API access to IP ranges with this simple helper: ../cia-2010-covert-communication-websites/viewdns-info.sh, usage:
./viewdns-info.sh <apikey> <start-ipv-address> <end-ipv-address>
e.g.:
./viewdns-info.sh 8b890b00b17ed2d66bbed878d51200b58d43d014 66.45.179.187 66.45.179.210
For domain to IP queries from the API you should use "iphistory" viewdns.info/api/docs/ip-history.php:
curl 'https://api.viewdns.info/iphistory/?domain=todaysengineering.com&apikey=$APIKEY&output=json'
Just beware of the viewdns.info reverse IP bug, that really sucks and led to us missing a ton of domains.
Read the full article
CIA 2010 covert communication websites / Wayback Machine Updated 2025-07-16
View more
D'oh.
But to be serious. The Wayback Machine contains a very large proportion of all sites. It does happen sometime that a Wayback Machine archive is missing or broken and cqcounter has the screenshot. But the Wayback Machine is still the most complete database we have found so far. Some archives are very broken. But those are rare.
The only problem with the Wayback Machine is that there is no known efficient way to query its archives across domains. You have to have a domain in hand for CDX queries: Wayback Machine CDX scanning.
The Common Crawl project attempts in part to address this lack of querriability, but we haven't managed to extract any hits from it.
CDX + 2013 DNS Census + heuristics however has been fruitful however.
We have dumped all Wayback Machine archives of known websites to: github.com/cirosantilli/cia-2010-websites-dump using ../cia-2010-covert-communication-websites/download-websites.sh. This allows for better grepping and serves as a backup in case they ever go down.
Read the full article
Classical Indian musical instrument Updated 2025-07-16
Read the full article
CIFAR-10 Updated 2025-07-16
View more
60,000 tiny 32x32 color images in 10 different classes: airplanes, cars, birds, cats, deer, dogs, frogs, horses, ships, and trucks.
TODO release date.
This dataset can be thought of as an intermediate between the simplicity of MNIST, and a more full blown ImageNet.
https://web.archive.org/web/20250517192041im_/https://www.cs.toronto.edu/~kriz/cifar-10-sample/airplane1.png
https://web.archive.org/web/20250517192041im_/https://www.cs.toronto.edu/~kriz/cifar-10-sample/automobile1.png
https://web.archive.org/web/20250517192041im_/https://www.cs.toronto.edu/~kriz/cifar-10-sample/bird1.png
https://web.archive.org/web/20250517192041im_/https://www.cs.toronto.edu/~kriz/cifar-10-sample/cat1.png
Read the full article
Circuit-based quantum computer Updated 2025-07-16
View more
Read the full article
Circuit board Updated 2025-07-16
Read the full article
Circulatory system Updated 2025-07-16
Read the full article
Cirocoin Updated 2025-07-16
View more
Good pious Cirists earn Cirocoins.
Cirocoins are the most valuable form of currency that exists at any point.
Cirocoins can only be issued by Ciro Santilli.
Cirocoins are strictly nominal, and cannot be traded by recipients with anyone but Ciro, i.e. they are extremely illiquid.
Cirocoins can be removed from recipients at any point if they commit non-Cirist acts.
It is not possible to give a precise number to how many Cirocoins anyone owns. This is decided on a transaction by transaction basis. Ciro can therefore only inform you if your Cirocoin balance increased or decreased, but any attached number has no value, and thus are equivalent to expressions of type "you gained/lost a Cirocoin".
The following inferior currencies come to mind:
Read the full article
Ciro Duran Santilli Updated 2025-07-16
View more
Ciro Santilli's full birth name is "Ciro Duran Santilli", with mother's last name "Duran" in the middle as per Brazilian tradition.
But Ciro's usage of "Duran" got gradually dropped to "Ciro Santilli", Ciro's official Italian name, as Ciro moved more and more definitively to Europe.
It can still however be seen in certain online places where Ciro didn't have the patience or power to change it e.g. some old École Polytechnique stuff: gitlab.binets.fr/ciro.duran-santilli/china-dictatorship
Also, don't have multiple names if you can avoid it, it is confusing!
Read the full article

There are unlisted articles, also show them or only show them.