Decent number of folks are posting stuff related. Another one that's related that takes a bit of reading to get to is the Reuters article that tipped off a lot of this type of investigation back in 2022.
The website was a supposed soccer fan website, Iraniangoals.com, and it was (opinion) criminally badly designed. Type in a search bar request and it's really your password, that then goes right to a secret messaging app...
> Marczak and Edwards quickly discovered that the secret messaging window hidden inside Iraniangoals.com could be spotted by simply right-clicking on the page to bring up the website’s coding. This code contained descriptions of secret functions, including the words “message” and “compose” – easily found clues that a messaging capability had been built into the site. The coding for the search bar that triggered the secret messaging software was labeled “password.”
> This article is about covert agent communication channel websites used by the CIA in many countries from the late 2000s until the early 2010s, when they were uncovered by counter intelligence of the targeted countries circa 2010-2013.
> This article uses publicly available information to publicly disclose for the first time a few hundred of what we feel are extremely likely candidate sites of the network. The starting point for this research was the September 2022 Reuters article "America’s Throwaway Spies" for the first time gave nine example websites, and their analyst from Citizenlabs claims to have found 885 websites in total, but did not publicly disclose them. Starting from only the nine disclosed websites, we were then able to find a few hundred websites that share os many similarities with them, i.e. a common fingerprint, that we believe makes them beyond reasonable doubt part of the same network.
Related:
The CIA Secretly Ran a Star Wars Fan Site - https://www.404media.co/the-cia-secretly-ran-a-star-wars-fan... - May 26th, 2025
Seems really unprofessional to make somebody connect to a weird niche website.
I wouldn't be surprised if Cardan Grille + HN would be preferable (even though that too should be obviously unacceptable). I think it's to the degree that the people to whom these communication methods were suggested should themselves have said no.
Nowadays at least, wonder if they could just pick a few of the most popular unblocked HTTPS websites with a private messaging system a la Twitter DM. Email possibly too. A GitHub private repo would be perfect for that as dictatorships relaly hate to block it and lose all the IT value. Maybe at the time things weren't so simple with less HTTPS adoption.
I suspect the agents knew little about the comms tech and were deeply reassured of their security.
I think the reason they should have feared as soon as they began to become familiar with the website would be that they could find the form too easily, that the website was too small-- i.e. that their visits to it would make them conspicuous once something was noticed.
If it were Google and it was a standard Google, or some kind of Github chat that was like Signal but in JavaScript embedded in a website it would become much more reasonable.
This seems fascinating yet insane, and the more you dig around the page, the more insane it looks. Some more context would be great.
Author of the research article here. https://www.404media.co/the-cia-secretly-ran-a-star-wars-fan... published today which kicked off this thread has a good summary, but let me know if anything is unclear.
I half wish you could've been more succint. I'm about 5% through according to my scrollbar, but citating every single thing you found on the topic makes for very tedious reading...
It is hard to balance both aspects. I tried to summarize more interesting things on initial sections and from "Methodology" downwards it is definitely not for casual reading. Also huge images and table, so don't be afraid of the bar.
Is this where we are intellectually? Complaining about too much proof and rigor? Just run it through chatGPT or something and ask it to read it for you
Hi, BTW
I wanted to ask you, do you know the RSS feed link for ourbigbook.com ?
Ah, I didn't implement RSS unfortunately. What you can do now is if you follow a user when they announce an article (there's an announce button), you get an email with a link. I suppose it could be modified to also put announced articles in an RSS feed. I never did much RSS for whatever reason. PRs open :-)
>The discovery of these websites by Iranian and Chinese counterintelligence led to the imprisonment and execution of several assets in those countries
>McClathy DC reported on "Intelligence, defense whistleblowers remain mired in broken system" that CIA contractor John A. Reidy had started raising concerns about the security of a communication systems used by the CIA and other sources mention that he started this in 2008 The focus of the article is how he was then ignored and silenced for raising these concerns, which later turned out to be correct and leading to an intelligence catastrophe that started in 2010
It's a rare insight into how espionage works but it was a major failiure.
>Another very interesting mention is the platform had been over extended beyond its original domain application, which is in part why things went so catastrophically bad:
Former U.S. officials said the internet-based platform, which was first used in war zones in the Middle East, was not built to withstand the sophisticated counterintelligence efforts of a state actor like China or Iran. “It was never meant to be used long term for people to talk to sources,” said one former official. “The issue was that it was working well for too long, with too many people. But it was an elementary system.”
Definitely. An OPSEC is only secure relative to the appropriate thread model. If those disconnect, it spells disaster.