24 comments

[ 4.4 ms ] story [ 72.0 ms ] thread
Let's see if HN preserves whitespacing, even though it doesn't display it.

Edit: it does. Another channel beyond 'class="age" title='!

Based on the choice of fonts and colors, you know this is a serious hacker website ;p
Heya,

Founder of https://viewdns.info/ here (used by and mentioned in the article a bit). If anyone is doing this kind of research, feel free to reach out at feedback@viewdns.info as I'm more than happy to extend some free API credits etc!

-Hughesey

So my assumption is that spies in foreign countries would periodically visit these websites to receive coded instructions in the news updates?

And maybe they made the websites tailored to the individual asset's interests so it looks less suspicious when they visit?

Meaning if your source is a huge star wars nerd you make a star wars fan site for them to check out?

Presumably there's no way for the source to send information back through these websites right?

The Reuters story (https://www.reuters.com/investigates/special-report/usa-spie...) made this more explicit: there was a password field on the site, poorly disguised as a search feature, that would open a chat box when the right password was entered, into which the source could enter messages. On many of these sites, the password is validated by a bit of obfuscated JavaScript, which then loads a Java applet implementing the actual chat window.
Wow, these guys really did not give a damn about informants. That is some high school level amateur work. Sequential ips, password field, I wonder if they even used ssl. If they did, likely some US affiliated vendor.
Anyone with better skills is in the private market making a lot more money.
Yeah. They just didn't have the patience to setup separate ranges for each of their ~900 sites. It's quite sad.
[flagged]
(comment deleted)
(comment deleted)
Was steganography used in the images? It's one of those techniques that we learn about years ago but never seen it being used in the wild.
I would love to know... even finding the source of those stock photos would be awesome. My initial suspicion is that the image split is just an ancient webdev thing (which they used much after it was popular) to reduce the size of each individual image. But who knows!
Come to think of it, maybe it isn’t such a good plan to give every one of your informants a unique domain to communicate on. Pretty much any government these days can survey all the internet traffic in their country. Wouldn’t it be a little tiny bit suspicious that, say, an Iranian sports news site is frequented by like 1-2 people in the whole of Iran?

The entire premise of this covert messaging system was flawed at the outset, and it’s just tragic that dozens of people lost their lives due to a system this poorly thought out.

Exactly. The best bet is to use a service that is used by a huge number of users and try to hide your traffic in it. I wonder why they didn't do gmail -> gmail for example. Maybe there are good reasons.
China is a special case in that GMail (and many other services) are blocked; most of the directly-accessible major services are operated by companies that will readily cooperate with the government. Hosting your spies in an environment where even the content would be available to the government seems like a generally bad idea. Using a VPN could subject a spy to additional scrutiny, especially if they work in a sensitive domain.