CIA secretly runs Star Wars fan site
Security researcher Ciro Santilli has reported that a Star Wars fan site created around 2010 was actually a tool used by the CIA to secretly contact informants from other countries.
CIA 2010 covert communication websites - Ciro Santilli (@cirosantilli) - OurBigBook.com
Santilli, who was interested in Chinese politics, saw the news in 2018 that many CIA collaborators had been arrested in China and wondered, 'Why did that happen?' After that, he read the article ' America's Throwaway Spies' published by Reuters in 2022, which reported that the CIA was using a secret website to exchange information, and his doubts were resolved, Santilli said.
The Reuters article details how secret communications websites used by the CIA to communicate with its Iranian allies had serious flaws: the websites ostensibly related to sports and hobbies, but actually allowed users to send and receive information via login functions.
However, the source code of the website still contained words such as 'password,' 'message,' and 'compose,' and anyone who right-clicked to check the source code could have noticed the presence of the communication function. Furthermore, these sites were generated in large numbers on the same server using consecutive IP addresses, so if one site was discovered, it was possible to identify similar sites one after another by checking nearby IP addresses. As a result, it has been reported that dozens of CIA collaborators were arrested and executed not only in Iran but also in other countries such as China.
Citizen Lab's analysis found a total of 885 related websites, but only nine were made public in the Reuters article. Using information from those nine sites, screenshots and sequential IP address structure, Santilli was able to identify hundreds of similar websites.
Many of the discovered websites were disguised as general themes such as 'news,' 'sports,' and 'health,' and used multiple communication methods such as Flash, JavaScript, and HTTPS. In addition, they were written in various languages other than English, including Portuguese, Korean, German, French, and Italian, suggesting that the targets were not only Iran and China, but also allied countries such as Brazil, Germany, France, and Italy.
Among them, the most unusual was the Star Wars fan site 'starwarsweb.net.' As you can see from the screenshot below, the appearance and structure of the site are clearly related to Star Wars. Like other websites, this site is thought to have been structured so that agents could exchange information with CIA headquarters through specific passwords and communication procedures, but detailed technical specifications have not been made public.
The Reuters article did not introduce starwarsweb.net, and Santilli commented, 'I am proud to have discovered and published this new site myself.' Santilli also said that starwarsweb.net is 'cool' compared to other websites, and that it is one of his most notable discoveries.
'The recent efforts to uncover websites used by the CIA to communicate with spies around the world are consistent with my understanding,' security researcher Zach Edwards told 404 Media. 'It's been roughly 15 years since these websites were actively used, yet new information continues to leak every year.'
'This incident reminds us that developers make mistakes and sometimes it takes years to find them, but this isn't a typical 'developer error' type of scenario,' said Edwards. 'It's fascinating to have more content available for people to see, like a museum. It's really great to be able to go to the Internet Archive and see the spy relics of that time and all of their glory in 'live',' Santilli said.
The CIA did not respond to 404 Media's request for comment.
Related Posts:
in Web Service, Movie, Security, Posted by log1i_yk