May 22, 2024
CIA websites so flawed that even an "amateur" could find them led to the deaths of dozens of assets in China and Iran, research has found.

CIA websites so flawed that even an “amateur” could find them led to the deaths of dozens of assets in China and Iran, research has found.

Security experts with the Citizen Lab at the University of Toronto conducted a study into a web of “covert” U.S. websites after being tipped off by a Reuters journalist. Using only information and material publicly available, the researchers found a network of 885 websites that can be measured with “high confidence” to have been used as covert communications websites for the CIA. The Chinese and Iranian governments discovered these websites in 2011 and 2012, using them to capture and execute dozens of assets, researchers said.

The Citizen Lab didn’t disclose all the details of how it discovered the websites so as to protect the lives of other sources, but researchers listed several blatant defects that made them easy to uncover.


“The websites included similar Java, JavaScript, Adobe Flash, and CGI artifacts that implemented or apparently loaded covert communications apps. In addition, blocks of sequential IP addresses registered to apparently fictitious US companies were used to host some of the websites. All of these flaws would have facilitated discovery by hostile parties,” a statement from the Citizen Lab said of the research.

“Had we conducted this research while the websites were still online, as China and Iran likely would have, we would not even have needed to rely on the Wayback Machine and other tools. Knowing only one website, it is likely that, while the websites were online, a motivated amateur sleuth could have mapped the CIA network and attributed it to the US Government,” it added.

The compromise extended well beyond networks within China and Iran’s borders, as the two governments were able to track U.S. espionage activities across the globe, which may have led to many more sources being uncovered.

The network comprised websites posing as legitimate news, healthcare, weather, sports, entertainment, and other websites in 29 languages across at least 36 countries. One publicly released, poorly designed website posed as a Johnny Carson tribute page, asking users to submit their “favorite Johnny Carson moment,” the study said.

Most of the websites were primarily in use from 2004 to 2013, and several still-active members of U.S. intelligence were identified as having used the network.


“Our hope is that this research, and our limited disclosure process, will ensure that no one connected to these websites will be in danger, and lead to accountability for this reckless behavior,” the Citizen Lab concluded.

Leave a Reply