The key advantages of lasers over other light sources are:
- lasers emit a narrow spectrum
- it can be efficient collimated, while still emitting a lot of output power: Section "Why can't you collimate incoherent light as well as a laser?"
- can be phase and polarization coherent, though it is not always the case? TODO.
One cool thing about lasers is that they rely on one specific atomic energy level transition to produce light. This is why they are able to to be so monchromatic. Compare this to:As such, lasers manage to largely overcome "temperature distribution-like" effects that create wider wave spectrum
- incandescent bulbs: wide black-body radiation spectrum
- LED: has a wider spectrum fundamentally related to an energy distribution, related: Why aren't LEDs monochromatic
- TODO think a bit about fluorescent lamps. These also rely on atomic energy transitions, but many of them are present at once, which makes the spectrum very noisy. But would individual lines be very narrow?
en.wikipedia.org/w/index.php?title=Andr%C3%A9-Marie_Amp%C3%A8re&oldid=1211946256:TODO find the source for this.
Jean-Jacques Ampère, a successful merchant, was an admirer of the philosophy of Jean-Jacques Rousseau, whose theories of education (as outlined in his treatise Émile) were the basis of Ampère's education. Rousseau believed that young boys should avoid formal schooling and pursue instead a "direct education from nature." Ampère's father actualized this ideal by allowing his son to educate himself within the walls of his well-stocked library.
One more more electrical wires surrounded by an insulator.
He participated in the development of the electrical telegraph, and he did some good modeling work that improved the foundations of the field, notably creating the telegrapher's equations.
He was one of those idealists who just want to do some cool work even if they have to starve for it, people had to get a state pension for him for his contributions. Nice guy. en.wikipedia.org/w/index.php?title=Oliver_Heaviside&oldid=1230097796#Later_years_and_views:He also never married: www.nndb.com/people/627/000204015/
In 1896, FitzGerald and John Perry obtained a civil list pension of £120 per year for Heaviside, who was now living in Devon, and persuaded him to accept it, after he had rejected other charitable offers from the Royal Society.
2013 DNS census secureserver.net MX records intersection 2013 DNS Census virtual host cleanup by Ciro Santilli 35 Updated 2024-12-15 +Created 2023-07-19
We intersect 2013 DNS Census virtual host cleanup with 2013 DNS census MX records and that leaves 460k hits. We did lose a third on the the MX records as of 260 hits since secureserver.net is only used in 1/3 of sites, but we also concentrate 9x, so it may be worth it.
Then we Wayback Machine CDX scanning. it takes about 5 days, but it is manageale.
We did a full Wayback Machine CDX scanning for JAR, SWF and cgi-bin in those, but only found a single new hit:
- 63.130.160.50 theglobalheadlines.com. Just barely missed with our 2013 DNS Census virtual host cleanup heuristic keyword searches as we did think of both "global" and "headlines" in the "news" themes!
The Reuters article directly reported only two domains in writing:
- iraniangoals.com. Iranian language football website. As of 2023, the domain had been bought by Reuters and redirects to their website.
- iraniangoalkicks.com. Iranian language football website. Available in GoDaddy as of 2023.
But by looking at the URLs of the screenshots they provided from other websites we can easily uncover all others that had screenshots, except for the Johnny Carson one, which is just generically named. E.g. the image for the Chinese one is www.reuters.com/investigates/special-report/assets/usa-spies-iran/screencap-activegaminginfo.com.jpg?v=192516290922 which leads us to domain activegaminginfo.com.
Also none of those extra ones have any Google hits except for huge domain dumps such has Expired domain trackers, so maybe this counts as little bit of novel public research.
The full list of domains from screenshots is:
activegaminginfo.com
: Chinese gaming information website.2011 archive: web.archive.org/web/20110208113503/http://activegaminginfo.com/. Contains mentions of 2010.Domain available in GoDaddy as of 2023.- As of 2023, it seemed to be an actual legit photography website by German (amateur?) photographer Klaus Wägele. Archive: web.archive.org/web/20230323102504/https://www.capture-nature.com/Ciro Santilli actually sent him a message to let him know about the CIA thing in case he didn't, and he replied that he wasn't aware of it.
www.headlines2day.com
: Iranian language news website.2011 archive: web.archive.org/web/20110201164741/https://www.headlines2day.com/. Dated "Copyright 2009".As of 2023, this was a completly broken-looking news website but in English entitled:2023 archive: web.archive.org/web/20230121191348/https://www.headlines2day.com/. It makes one wonder if the CIA still operates it!Today's Headlines
fitness-dawg.com
: English fitness website.2021 archive: web.archive.org/web/20110207104044/http://fitness-dawg.com/.Domain available as of 2023.rastadirect.net
: English Rastafari culture website.2010 archive: web.archive.org/web/20100429002010/http://rastadirect.net/ dated as "Copyright 2008".Domain available as of 2023.fightwithoutrules.com
: Russian fighting website.2011 archive: web.archive.org/web/20110203021315/http://fightwithoutrules.com/. Contains mentions of 2009 news.Domain available as of 2023.alljohnny.com
: Johnny Carson fansiteDomain available as of 2023.
This brings up to 8 known domain names with Wayback Machine archives, plus the yet unidentified Johnny Carlson one, see also: Section "Searching for Carson", which is also almost certainly is on Wayback Machine somewhere given that they have a screenshot of it.
From The Reuters websites and others we've found, we can establish see some clear stylistic trends across the websites which would allow us to find other likely candidates upon inspection:The most notable dissonance from the rest of the web is that there are no commercial looking website of companies, presumably because it was felt that it would be possible to verify the existence of such companies.
- natural sounding, sometimes long-ish, domain names generally with 2 or 3 full words. Most in English language, but a few in Spanish, and very few in other languages like French.
- shallow websites with a few tabs, many external links, sometimes many images, and few internal pages
- lots of rectangular images make up the top bar banner image. Stock images are often used to make the full image, and then the full image is split. An example
- common themes include:
- news
- hobbies, notably sports, travel and photography. Golf seems overrepresented. Must be a thing over there in Langley.
- .com and .net top-level domains, plus a few other very rare non .com .net TLDs, notably .info and .org
- each one has one "communication mechanism file": communication mechanisms
- narrow page width like in the days of old, lots of images
- each hit domain is the only domain for its IP, i.e. the websites are all private hosted, no shared web hosting service examples have been found so far
- split images images: many of the website banners are composed of several images cut up. Stock images were first assembled into the banner, and then the resulting image was cut. Possibly this was done to make reverse image search to their stock image provider harder. But it somewhat backfired and serves as a good marker that confirms authorship. Maybe it is some kind of outdated web design thing, which they took much further in time than the average website, like the JAR. It would be fun to actually reverse search into one of their stock image provider's original images. Their websites do appear to follow common style guidelines form earlier eras, around the early 2000s notably, some legit sites that look a lot like hits:
- many of the websites use the following pattern in their news summaries:
ul.rss-items > li.rss-item
, e.g.: web.archive.org/web/20110202092126/http://beamingnews.com/
One promising way to find more of those would be with IP searches, since it was stated in the Reuters article that the CIA made the terrible mistake of using several contiguous IP blocks for those website. What a phenomenal OPSEC failure!!!
The easiest way would be if Wayback Machine itself had an IP search function, but we couldn't find one: Search Wayback Machine by IP.
viewdns.info was the first easily accessible website that Ciro Santilli could find that contained such information.
Our current results indicate that the typical IP range is about 30 IPs wide.
E.g. searching: viewdns.info/iphistory and considering only hits from 2011 or earlier we obtain:
- capture-nature.com
- 65.61.127.163 - Greenacres - United States - TierPoint - 2013-10-19
- activegaminginfo.com
- 66.175.106.148 - United States - Verizon Business - 2012-03-03
- iraniangoals.com
- 68.178.232.100 - United States - GoDaddy.com - 2011-11-13
- 69.65.33.21 - Flushing - United States - GigeNET - 2011-09-08
- rastadirect.net
- 68.178.232.100 - United States - GoDaddy.com - 2011-05-02
- iraniangoalkicks.com
- 68.178.232.100 - United States - GoDaddy.com - 2011-04-04
- headlines2day.com
- 118.139.174.1 - Singapore - Web Hosting Service - 2013-06-30. Source: viewdns.info
- 184.168.221.91 2013-08-12T06:17:39. Source: 2013 DNS Census grep
- fightwithoutrules.com
- 204.11.56.25 - British Virgin Islands - Confluence Networks Inc - 2013-09-26
- 208.91.197.19 - British Virgin Islands - Confluence Networks Inc - 2013-05-20
- 212.4.17.38 - Milan - Italy - MCI Worldcom Italy Spa - 2012-03-03
- fitness-dawg.com
- 219.90.62.243 - Taiwan - Verizon Taiwan Co. Limited - 2012-01-11
Neither of these seem to be in the same ranges, the only common nearby hit amongst these ranges is the exact
68.178.232.100
, and doing reverse IP search at viewdns.info/reverseip/?host=68.178.232.100&t=1 states that it has 2.5 million hostnames associated to it, so it must be some kind of Shared web hosting service, see also: superuser.com/questions/577070/is-it-possible-for-many-domain-names-to-share-one-ip-address, which makes search hard.Ciro then tried some of the other IPs, and soon hit gold.
Initially, Ciro started by doing manual queries to viewdns.info/reversip until his IP was blocked. Then he created an account and used his 250 free queries with the following helper script: cia-2010-covert-communication-websites/viewdns-info.sh. The output of that script can be seen at: github.com/cirosantilli/media/blob/master/cia-2010-covert-communication-websites/viewdns-info.sh.
Ciro then found 2013 DNS Census which contained data highly disjoint form the viewdns-info one!
Summaries of the IP range exploration done so far follows, combined data from all databases above.
This is a dark art, and many of the sources are shady as fuck! We often have no idea of their methodology. Also no source is fully complete. We just piece up as best we can.
Some links of interest:
- bushart.org/topic/ip
- archive.org/details/internet-mapping
- stackoverflow.com/questions/307553/possible-to-download-entire-whois-database-list-of-registered-domains (deleted question, see archives)
- www.reversedns.ch/en/ has some OK reverse IPs, but you have to do them one by one with CAPTCHA, and we were already past that point when that source was found, so nothing new was found on it yet
- www.zone-h.org/archive/ip=208.76.80.93/page=11?hz=1 mentions
newsupdatesite.com
and mentions "defacement", the "Mass Deface III" pastebin comes to mind. No other nearby hits on quick inspection.
In this section we document the outcomes of more detailed inspection of both the communication mechanisms (JavaScript, JAR, swf) and HTML that might help to better fingerprint the websites.
Google searches for known domains and IPs by Ciro Santilli 35 Updated 2024-12-15 +Created 1970-01-01
Googling most domains gives only very few results, and most of them are just useless lists of expired domains. Skipping those for now.
Googling
"dedrickonline.com"
has a git at www.webwiki.de/dedrickonline.com# Furthermore, it also contains the IP address "65.61.127.174" under the "Technik" tab!Unfortunately that website appears to be split by language? E.g. the English version does not contain it: www.webwiki.com/dedrickonline.com, which would make searching a bit harder, but still doable.
But if we can Google search those IPs there, we might just hit gold.
IP search did work! www.webwiki.de/65.61.127.174
But doesn't often/ever work unfortunately for others.
Googling "activegaminginfo.com" has a git at: cqcounter.com/whois/site/activegaminginfo.com.html which actually contains the IP 66.175.106.148! But I can't find a reverse IP search method. And perhaps due to having lots of CAPTCHAs, Google doesn't seem to index that website very well... it even has a tiny screenshot! And it also shows some more metadata beyond IP, e.g. HTTP response headers, which notably contain stuff like
Server: Apache-Coyote/1.1
.Forward search of expired domains appears to often work however, and contains correct IPs and the screenshots. Note that direct access as follows does not work for some reason, you have to type them into the search bar manually:OMG so close. If only Google would index that website we'd be done!!!
- cqcounter.com/siteinfo/?activegaminginfo.com/
- cqcounter.com/siteinfo/?capture-nature.com/
- cqcounter.com/siteinfo/?conquermstoday.com/
- cqcounter.com/siteinfo/?elcorreodenoticias.com/
- cqcounter.com/siteinfo/?factorforcenews.com
- cqcounter.com/siteinfo/?feedsdemexicoyelmundo.com/
- cqcounter.com/siteinfo/?fightwithoutrules.com/
- cqcounter.com/siteinfo/?fitness-dawg.com/
- cqcounter.com/siteinfo/?information-junky.com/
- cqcounter.com/siteinfo/?iraniangoalkicks.com
- cqcounter.com/siteinfo/?iraniangoals.com: not present
- cqcounter.com/siteinfo/?kanata-news.com
- cqcounter.com/siteinfo/?negativeaperture.com/
- cqcounter.com/siteinfo/?nouvellesetdesrapports.com/
- cqcounter.com/siteinfo/?pangawana.com/
- cqcounter.com/siteinfo/?rastadirect.net
- cqcounter.com/siteinfo/?recuerdosdeviajeonline.com/
- cqcounter.com/siteinfo/?tee-shot.net/
- cqcounter.com/siteinfo/?www.dedrickonline.com/
- cqcounter.com/siteinfo/?www.easytraveleurope.com/
- cqcounter.com/siteinfo/?www.headlines2day.com/
- cqcounter.com/siteinfo/?www.kessingerssportsnews.com/
Apparently also mirrored at "dawhois":
Searching on github.com: github.com/DrWhax/cia-website-comms from September 2022 contains some of the links to some of the ones reported by Reuters.
Summary: this is just a red herring. Wakatime owner likely registered the domains just after this article was published as a publicity stunt. Fair play though.
As raised at: news.ycombinator.com/item?id=36280666, many, but not all, of the domains currently redirect to wakatime.com/ as of 2023, and apparently they were taken up in 2013 (TODO how to confirm that). TODO what is the explanation for that? Some examples that do:But some failed resolution examples:Even more suspiciously, according to his LinkedIn: www.linkedin.com/in/alanhamlett/, the owner of Wakatime, Alan Hamlett, worked at WhiteHat Security, Inc from Aug 2011 - Sep 2013. The company was then acquired by Synopsys in 2022. Holy crap!!! As shown at: web.archive.org/web/20131013193406/https://www.whitehatsec.com/ that company made website security tools. Did that dude use the tools to find the vulnerabilty and then just gobble up all the domains??? What a fucking legend if he did!!!
Let's try:
Running e.g.gives:so we see that he must have setup redirection with Namecheap as mentioned at: www.namecheap.com/support/knowledgebase/article.aspx/385/2237/how-to-redirect-a-url-for-a-domain/
curl -vvv dedrickonline.com
* Trying 162.255.119.197:80...
* Connected to dedrickonline.com (162.255.119.197) port 80 (#0)
> GET / HTTP/1.1
> Host: dedrickonline.com
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 12 Jun 2023 20:30:19 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 55
< Connection: keep-alive
< Location: https://wakatime.com
< X-Served-By: Namecheap URL Forward
< Server: namecheap-nginx
<
<a href='https://wakatime.com'>Moved Permanently</a>.
* Connection #0 to host dedrickonline.com left intact
Let's also try DNS history
- whoisrequest.com/history/:
- dedrickonline.com: registered: 1 Nov, 2010, dropped: 24 Nov, 2013
- activegaminginfo.com : registered: 1 Feb, 2010, dropped: 1 Apr, 2012
- tools.whoisxmlapi.com/whois-history-search
- dedrickonline.com:
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
- Created Date: October 27, 2010 00:00:00 UTC
- Updated Date: October 28, 2013 00:00:00 UTC
- Expires Date: October 27, 2014 00:00:00 UTC
- Alan (namecheap):
- Created Date: June 11, 2023 09:59:25 UTC
- Expires Date: June 11, 2024 09:59:25 UTC
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
- activegaminginfo.com:
- CIA (Network Solutions, registrant name: LLC. Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions)
- Created Date: January 26, 2010 00:00:00 UTC
- Updated Date: November 27, 2010 00:00:00 UTC
- Expires Date: January 26, 2012 00:00:00 UTC
- Alan:
- Created Date: June 11, 2023 09:59:40 UTC
- Expires Date: June 11, 2024 09:59:40 UTC
- CIA (Network Solutions, registrant name: LLC. Corral, Elizabeth|ATTN ACTIVEGAMINGINFO.COM|care of Network Solutions)
- iraniangoalkicks.com:
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
- Created Date: April 9, 2007 00:00:00 UTC
- Updated Date: March 2, 2011 00:00:00 UTC
- Expires Date: April 9, 2011 00:00:00 UTC
- Alan:
- Created Date: June 11, 2023 09:59:20 UTC
- Expires Date: June 11, 2024 09:59:20 UTC
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com)
- iraniangoals.com:
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com):
- Created Date: March 6, 2008 00:00:00 UTC
- Updated Date: March 7, 2011 00:00:00 UTC
- Expires Date: March 6, 2014 00:00:00 UTC
- Reuters:
- Created Date: September 29, 2022 11:16:09 UTC
- Updated Date: September 29, 2022 11:16:09 UTC
- Expires Date: September 29, 2023 11:16:09 UTC
- CIA (registrar: Godaddy, registrant name: domainsbyproxy.com):
- dedrickonline.com:
So these suggest Alan might have just come along in 2023 way after the 2022 Reuters article and did the same basic IP range search that Ciro is doing now, so possibly no new tech. Let's ask... twitter.com/cirosantilli/status/1668369786865164289
The domain name history presented is however of interest, and could lead to patterns being found.
Searching tools.whoisxmlapi.com/reverse-whois-search with term "Corral, Elizabeth" gave no results unfortunately.
Basic search under tools.whoisxmlapi.com/reverse-whois-search for "Corral" also empty. They can't see their own data? Ah, need advanced. Marked "Historic" and selected "Corral, Elizabeth", ony one hit, activegaminginfo.com.
Some dumps from us looking for patterns, but could not find any.
This is the one used on MLperf v2.1 ResNet, likely one of the most popular choices out there.
2017 challenge subset:
- train: 118k images, 18GB
- validation: 5k images, 1GB
- test: 41k images, 6GB
There are unlisted articles, also show them or only show them.