You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: cia-2010-covert-communication-websites.bigb
+18-16Lines changed: 18 additions & 16 deletions
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@
7
7
{tag=Digital preservation}
8
8
{title2=Iran, China}
9
9
10
-
This article is about <cutout (espionage)>[covert agent communication channel] websites used by the <CIA> in many countries from the late 2000s until the early 2010s, when they were uncovered by <counter intelligence> of the targeted countries circa 2011-2013, and were fully shutdown by 2013.
10
+
This article is about <cutout (espionage)>[covert agent communication channel] websites used by the <CIA> in many countries from the late 2000s until the early 2010s, when they were uncovered by <counter intelligence> of the targeted countries circa 2010-2013. The websites had been fully shutdown by 2013.
@@ -21,18 +21,20 @@ This discovery led to the imprisonment and execution of several assets in <Iran>
21
21
22
22
Of particular interest is also the fact that, based on their language and content, certain of the websites seem to have <USA spying on its own allies>[targeted other democracies such as Germany, France, Spain and Brazil].
23
23
24
-
This article uses publicly available information to publicly disclose first time a few hundred of what we feel are extremely likely candidate sites of the network. The starting point for this article was the <Reuters article>[September 2022 Reuters article] which gave for the first time gave some example websites, a totalof 9.
24
+
This article uses publicly available information to publicly disclose for the first time a few hundred of what we feel are extremely likely candidate sites of the network. The starting point for this article was the <Reuters article>[September 2022 Reuters article "America’s Throwaway Spies"] for the first time gave some example websites, <The Reuters websites>[nine of them in total], and claimed that the network consisted of "more than 350 websites".
25
25
26
-
Starting from only these 9 websites we were then able to find a few hundred websites that share os many similarities with them, i.e. a common <fingerprint>, that we believe makes them beyond reasonable doubt part of the same network. Key parts of the fingerprint include:
27
-
* rudimentary IP range search on https://viewdns.info[] starting from the websites reported by Reuters
28
-
* heuristic search for keywords in domains of the <2013 DNS Census> plus <Wayback Machine CDX scanning>
29
-
But https://citizenlab.ca/2022/09/statement-on-the-fatal-flaws-found-in-a-defunct-cia-covert-communications-system/[citizenlabs' report of exactly 885 websites being found] makes it feel like they did find a better fingerprint which we have not managed to find yet.
26
+
Starting from only these nine websites we were then able to find a few hundred websites that share os many similarities with them, i.e. a common <fingerprint>, that we believe makes them beyond reasonable doubt part of the same network. Key parts of the fingerprint include:
27
+
* IP range search on https://viewdns.info[] starting from the websites reported by Reuters
28
+
* heuristic search for keywords present in domain name dumps such as the <2013 DNS Census> together with <Wayback Machine CDX scanning>. Notably, a huge number of websites contained the word "news" on them, which was a massive flaw.
29
+
https://citizenlab.ca/2022/09/statement-on-the-fatal-flaws-found-in-a-defunct-cia-covert-communications-system/[citizenlabs' report of exactly 885 websites being found] makes it feel like they did find a better fingerprint which we have not managed to find yet.
30
30
31
-
If anyone can find others websites, or has better techniques: <contact>{full}. Contributions will be clearly attributed if desired. Some of the techniques used so far have been very heuristic, and that added to the limited amount of data makes it almost certain that some websites have been missed. Broadly speaking, there are two types of contributions that would be possible:
32
-
* finding new IP ranges: harder more exiting, and potentially requires more intelligence
31
+
If anyone can find others websites, or has better techniques feel free to contact <Ciro Santilli> at: <contact>{full}. Contributions will be clearly attributed if desired. Some of the techniques used so far have been very heuristic, and that added to the limited amount of data makes it almost certain that some websites have been missed. Broadly speaking, there are two types of contributions that would be possible:
32
+
* finding new IP ranges: harder and more exiting, and potentially requires more intelligence
33
33
* better IP to domain name databases to <Find missing hits in IP ranges>[fill in known gaps in existing IP ranges]
34
34
35
-
Disclaimer: the network fell in 2013, followed by fully public disclosures in 2018 and 2022, so we believe it is now more than safe for the public to know what can still be uncovered about the events that took place. The main author's political bias is <Ciro Santilli's campaign for freedom of speech in China>[strongly pro-democracy and anti-dictatorship].
35
+
Disclaimers:
36
+
* the network fell in 2013, followed by fully public disclosures in 2018 and 2022, so we believe it is now more than safe for the public to know what can still be uncovered about the events that took place
37
+
* <Ciro Santilli>'s political bias is <Ciro Santilli's campaign for freedom of speech in China>[strongly pro-democracy and anti-dictatorship], but with a good pinch of skepticism about the morality US foreign policy in the last century
36
38
37
39
May this article serve as a tribute to those who spent their days making, using, and uncovering these websites under the shadows.
38
40
@@ -146,12 +148,6 @@ Finally the article also gives us a cute terminology: COVCOM:
{title=Inspecting the <Reuters article> HTML source code}
151
-
{description=The <Reuters article> only gave one URL explicitly: <iraniangoals.com>. But most others could be found by inspecting the HTML of the screenshots provided, except for <Searching for Carson>[the Carson website].}
<Ciro Santilli> hard heard about the 2018 Yahoo article around 2020 while <Ciro Santilli's campaign for freedom of speech in China>[studying for his China campaign] because the websites had been used to take down the Chinese CIA network in China. He even asked on <Quora>: https://www.quora.com/What-were-some-examples-of-the-websites-that-the-CIA-used-around-2010-as-a-communication-mechanism-for-its-spies-in-China-and-Iran-but-were-later-found-and-used-to-take-down-their-spy-networks[] but there were no publicly known domains at the time to serve as a starting point. https://www.quora.com/profile/Chris-2110[Chris, Electrical Engineer and former Avionics Tech in the US Navy], even replied suggesting that obviously the <CIA> is so competent that it would never ever have its sites leaked like that:
156
152
> Seriously a dumb question.
157
153
@@ -166,6 +162,12 @@ In particular, it is fun to have such a clear and visible to anyone examples of
166
162
167
163
Given that it was reported that there were "more than 350" such websites, it would be really cool if we could uncover more of those websites ourselves beyond the 9 domains reported by Reuters!
{title=Inspecting the <Reuters article> HTML source code}
167
+
{description=The <Reuters article> only gave one URL explicitly: <iraniangoals.com>. But most others could be found by inspecting the HTML of the screenshots provided, except for <Searching for Carson>[the Carson website].}
{title=<viewdns.info> `activegameinfo.com` domain to IP}
171
173
{height=550}
@@ -4764,7 +4766,7 @@ The <Reuters article> directly reported only two domains in writing:
4764
4766
4765
4767
But by looking at the URLs of the screenshots they provided from other websites we can easily uncover all others that had screenshots, <Searching for Carson>[except for the Johnny Carson one], which is just generically named. E.g. the image for the Chinese one is https://www.reuters.com/investigates/special-report/assets/usa-spies-iran/screencap-activegaminginfo.com.jpg?v=192516290922 which leads us to domain http://activegaminginfo.com[].
4766
4768
4767
-
Also none of those extra ones have any <Google> hits except for huge domain dumps such has <Expired domain trackers>, so maybe this counts as little bit of novel public research.
4769
+
<Oleg Shakirov> later discovered that the Carson one had its domain written right on the screenshot, as part of a watermark on the original website itself. Therefore the URLs of all the websites were in one way or another essentially given on the article.
4768
4770
4769
4771
The full list of domains from screenshots is:
4770
4772
* `activegaminginfo.com`: <Chinese (language)> gaming information website.
* https://jobs.lever.co/mistral/db67d7a2-bcec-4151-9b3a-8212ddabf419 Senior Software Engineer, Data Engineering - Paris
906
+
* https://jobs.lever.co/mistral/db67d7a2-bcec-4151-9b3a-8212ddabf419 Senior Software Engineer, Data Engineering - Paris. Declined May 7th without interview, at least they said they have lots of applicants and some have more closely related qualifications.
907
907
* <Poolside AI>:
908
908
* https://poolside.ai/careers/member-of-engineering-evaluations--ba11fe78-f6f6-4165-b76b-020a46ad8fee Member of Engineering (Evaluations)
909
909
> Of all the applications of deep learning, code generation is one of those that interest me the most as they seem one of the most pertinent in order to one day achieve AGI (the others being theorem proving and robotics), and I'd like to try and get some work experience in the area.
0 commit comments