CIA 2010 covert communication websites / Selected screenshots by Ciro Santilli 37 Updated 2025-07-26
View more
This section contains some of the most interesting and a few representative screenshots of the websites found.
We intentionally omit the screenshots already reported by the Reuters article.
Figure 1.
2010 Wayback Machine archive of starwarsweb.net
.
The Star Wars one. Clearly branded websites like this are rare, which makes finding them all the much more fun. The Reuters article had two of them (Carson and rastadirect.net), so these were probably manually selected from the full hit dataset, and did not serve specifically as entry points. Most of the websites are quite boring and forgetful as you'd expect.
The subtitle "Beyond The Unknown" may be a reference to the Unknown Regions, an unexplored area of the galaxy in the Star Wars fictional universe.
Figure 2.
Stock photo of a Jedi boy from Getty Images used on starwarsweb.net
. Source.
Marked as Uploaded 10 October, 2008.
The photo can still be licensed today as of 2025: www.gettyimages.co.uk/detail/photo/little-jedi-royalty-free-image/172984439. We found it by searching for "jedi boy" on gettyimages.co.uk. The photo is credited to a madisonwi, presumably an alias based on the location Madison, Wisconsin. Here's a random website about adoption that uses it: www.adoptionadvocates.net/star-wars-adoption-language/ and where it can be seen without the watermarks.
It later ocurred to Ciro Santilli that perhaps Reuters chose not to showcase this website because it features the photograph of a minor. But Ciro is sure that that minor is now a handsome young man in his 20's and would find the entire story very amusing if he ever finds out about it!
The images of the droids can be seen e.g. at: www.amazon.co.uk/04-Kampf-Droiden-Superheftig-Jedi/dp/B004TINSW6, a promotional material for a 2008 The Clone Wars television series audio CD and available as transparent PNGs without background in several sources. The Yoda art also seems to come from that show: rpggamer.org/page.php?page=4229.
One can almost picture the contractor who made that site seeing his children watching that show or playing the video game one evening, when a lightbulb popped over their head: tomorrow I'm going to have some fun at work.
In retrospect however, this website was likely a bad idea, since the massive pop culture appeal of Star Wars meant that when The CIA Secretly Ran a Star Wars Fan Site by Joseph Cox was published in 2025 the combination of "CIA" and "Star Wars" on a single sentence produced an irresistible clickbait that amplified knowledge of the fiasco to general public in a way that poor Johnny Carson and Bob Marley could never do. That's why you just can't have fun while working for the secret services anymore.
Figure 3.
2011 Wayback Machine archive of alljohnny.com
. Source. Although alljohnny.com is one of the original Reuters examples, we are highlighting this screenshot here because the Reuters provided screenshot is from the extremely early 2004 version of the site, and it is interesting to see how this unique example was later updated in this 2011 version, the only known such case so far. The lack of OPSEC awareness is mind blowing, them reusing a domain like that after so many years in a completely new threat environment and possibly for a new asset.
Figure 4.
2011 Wayback Machine archive of webofcheer.com scrolled to show Johnny Carson
. Source. This website is a fansite for various comedians. It is the second known reference to Johnny Carson after alljohnny.com, which was one of the original screenshots given in the Reuters article. There must have been some massive Johnny Carson fan among the CIA contractors a that time!
Figure 5.
2011 Wayback Machine archive of iranfootballsource.com
.
The third Iranian football on top of the two other published by Reuters: iraniangoalkicks.com and iraniangoals.com! Admittedly, this one is the most generic and less well designed one. But still. They pushed the theme too far!
The goalkeeper can be seen at: www.pixtastock.com/illustration/7323632.
Figure 6.
2010 Wayback Machine archive of dedrickonline.com
.
The German one.
The CIA has had a few Germany espionage scandals in the 2010s:
Figure 7.
2010 Wayback Machine archive of lesummumdelafinance.com
.
A French one. Because it mentions VTT (Mountain Biking in French), it must focus France.
The arrow graph is very popular can be seen at: www.financialexpress.com/money/top-4-global-market-risks-for-2024-that-may-impact-your-finances-3346284/ and many other sites. Source unknown.
Figure 8.
2011 Wayback Machine archive of attivitaestremi.com
. An Italian one about extreme sports.
Figure 9.
2010 Wayback Machine archive of noticiasmusica.net
.
The Brazilian one.
Figure 10.
2011 Wayback Machine archive of economicnewsbuzz.com
. The Korean one. Love the kawaii style!
Figure 11.
2011 Wayback Machine archive of snapnewsfront.net
.
The Japanese one.
Figure 12.
2010 Wayback Machine archive of philippinenewsonline.net
. The Philippine one one.
Figure 13.
2011 Wayback Machine archive of feedsdemexicoyelmundo.com
. The Mexican one.
Figure 14.
2012 Wayback Machine archive of easytraveleurope.com
.
Figure 15.
2011 Wayback Machine archive of tee-shot.net
. One of the many golf-themed sites. Golf appears to be quite popular over in Langley. It's exactly what you'd expect for a mid-level spook to do in their free time!
Figure 16.
2011 Wayback Machine archive of nouvellesetdesrapports.com
.
Figure 17.
2011 Wayback Machine archive of pangawana.com
.
Figure 18.
2011 Wayback Machine archive of recuerdosdeviajeonline.com
.
Figure 19.
2011 Wayback Machine archive of theworld-news.net
.
Figure 20.
2011 Wayback Machine archive of kessingerssportsnews.com
.
Figure 21.
2011 Wayback Machine archive of negativeaperture.com
.
Read the full article
CIA 2010 covert communication websites / Methodology by Ciro Santilli 37 Updated 2025-07-16
View more
This section tries to explain how the discoveries were made in more detail.
Some of the subsections are quite readable, while others are mostly data dumps and work logs, so bear with us.
Read the full article
CIA 2010 covert communication websites / Breakthroughs by Ciro Santilli 37 Updated 2025-07-16
View more
Some less-trivial breakthroughs:
Read the full article
CIA 2010 covert communication websites / Work log by Ciro Santilli 37 Updated 2025-07-16
View more
Scrapped justdropped data, patched:
+++ b/cia-2010-covert-communication-websites/cdx-post.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 # Post process the output of cdx.sh to enrich IDs even further, and reconstruct easier to Web Archive inspect domain names.
-grep -P -e '([^,)]+)\)\/\1\.swf|\)/[^/]+.jar|([^,)]+),([^,)]+),([^,)]+)\)/cgi-bin/[^/]+\.cgi' "$1" |
-  sed -r 's/\).*//' | awk -F, '{ printf("%s.%s\n", $2, $1) }' | uniq -c | awk '$1 == 1{ print $2 }' | tee $1.post
+grep -P -e '([^,)]+)\)\/\1\.swf|\)/[^/]+.jar|([^,)]+),([^,)]+),([^,)]+)\)/cgi-bin/[^/]+\.cgi' "$1"|
+  sed -r 's/\).*//' | awk -F, '{ printf("%s.%s\n", $2, $1) }' | uniq -c | awk '{ print $2 }' | tee $1.post
and then:
./hupo-cdx-tor.sh out 'news|headline|internationali|mondo|mundo|mondi|iran|today' 2006 2022
web.archive.org/web/20110203041325/http://financecentraltoday.com/
web.archive.org/web/20110202221328/http://thenewsofpakistan.com/
web.archive.org/web/20050424123432/http://www.pokernewsweb.com/ likely legit in the intended emulated style
web.archive.org/web/20100923090646/http://mideasttoday.net/
web.archive.org/web/20100206221718/http://euronewsonline.net/
web.archive.org/web/20110208063146/http://news-and-sports.com/ Hit.
web.archive.org/web/20110202054628/http://intoworldnews.com/ hit.
web.archive.org/web/20110207171340/http://mydailynewsreport.com/ hit
web.archive.org/web/20050508220858/http://www.asianewsupdate.com/ this looks like the exact format of legitimate site the CIA was emulating. Copyright 2005, a CGI link to as: www.asianewsupdate.com:80/cgi-sys/FormMail.cgi There's a phone there 01 647-0910 so seems less likely?
2010. JAR unarchived. rss, split image
2010. JAR. Split header.
2011. JAR unarchived. Split header.
2011. JAR. a.newslink, a.newslinkalt.
2011. Arabic. RSS.
web.archive.org/web/20110129115400/http://kmirano.com/ shallow but off style? Has a kmirano.sfw... viewdns.info/iphistory/?domain=kmirano.com says 211.1.224.71 Japan NTT SmartConnect Corporation 2012-01-11
2011. JAR. Copyright 2008. Split header and other images. They are obsessed about CDMA (2G).
2011. JAR. split header, RSS.
2010. Suspicious. But no clear fingrenprint. Also not as shallow as others. Also Joomla based which would be novel.
2010. JAR.
newspapergateway.com/ web.archive.org/web/20110208070309/http://newspapergateway.com/ hard to tell but generally off. Has both JAR and SWF.
2011 Farsi. JAR. RSS.
2010 JAR. Split header, rss.
2011. English. Split header, RSS.
sandstormnews.com 2011, SWF Arabic. ul.rss-items > li.rss-item, split header
zerosandonesnews.com 2011. SWF Split header, ul.rss-items > li.rss-item
lasthournews.com web.archive.org/web/20100513182623/http://lasthournews.com/. Urdu. JAR at: web.archive.org/web/20100513182724/http://lasthournews.com/recent.jar. Split header images.
mynepalnews.com, split header images, ul.rss-items > li.rss-item, Unarchived jar:
Read the full article
CIA 2010 covert communication websites / Backlinks by Ciro Santilli 37 Updated 2025-08-08
View more
Announcements and updates by self:
Pings by self:
Reactions by others:
Notable reactions to the websites themselves:
Read the full article
AnsaBio by Ciro Santilli 37 Updated 2025-07-16
View more
Read the full article
Camena Bioscience by Ciro Santilli 37 Updated 2025-07-16
View more
Read the full article
Regeneration (biology) by Ciro Santilli 37 Updated 2025-07-16
View more
Read the full article
Misogyny by Ciro Santilli 37 Updated 2025-07-16
Read the full article
DNS database by Ciro Santilli 37 Updated 2025-08-08
Read the full article
École Polytechnique student culture by Ciro Santilli 37 Updated 2025-07-16
Read the full article
Work (human activity) by Ciro Santilli 37 Updated 2025-07-16
Read the full article
Embryonics by species by Ciro Santilli 37 Updated 2025-07-16
Read the full article
BIOS by Ciro Santilli 37 Updated 2025-07-16
Read the full article
AI generated porn by Ciro Santilli 37 Updated 2025-07-16
View more
This is going to be the most important application of generative AI. Especially if we ever achieve good text-to-video.
Image generators plus human ranking:
www.pornhub.com/view_video.php?viewkey=ph63c71351edece: Heavenly Bodies Part 1: Sister's Mary First Act. Pornhub title: "AI generated Hentai Story: Sexy Nun alternative World(Isekai) Stable Diffusion" Interesting concept, slide-narrated over visual novel. The question is how they managed to keep face consistency across images.
Read the full article
Generative AI by modality by Ciro Santilli 37 Updated 2025-07-16
Read the full article
Git design rationale by Ciro Santilli 37 Updated 2025-07-16
View more
The fundamental insight of Git design is: a SHA represents not only current state, but also the full history due to the Merkle tree implementation, see notably:
This makes it so that you will always notice if you are overwriting history on the remote, even if you are developing from two separate local computers (or more commonly, two people in two different local computers) and therefore will never lose any work accidentally.
It is very hard to achieve that without the Merkle tree.
Consider for example the most naive approach possible of marking versions with consecutive numbers:
  • Local 1:
  • Local 2:
    • 0: root commit
    • 1: commit 1
    • 2: commit 2 by local 2
    • 3: commit 3 by local 2
  • Remote
If Local 1 were to push to Remote first, how could Local 2 notice that when it tries to push itself? The navie method of just checking: "does Remote have commit "2"" does not work, because Local 2 has a different version of commit 2 than local 1.
Read the full article
Git command by Ciro Santilli 37 Updated 2025-07-16
Read the full article
Git internals by Ciro Santilli 37 Updated 2025-07-16
Read the full article
Git implementation by Ciro Santilli 37 Updated 2025-07-16
Read the full article

Unlisted articles are being shown, click here to show only listed articles.