I started this research after YouTube suggested me that video. I knew about the sites, but I had missed the Reuters articles that gave the 7 starting points.
Founder of https://viewdns.info/ here (used by and mentioned in the article a bit). If anyone is doing this kind of research, feel free to reach out at feedback@viewdns.info as I'm more than happy to extend some free API credits etc!
The Reuters story (https://www.reuters.com/investigates/special-report/usa-spie...) made this more explicit: there was a password field on the site, poorly disguised as a search feature, that would open a chat box when the right password was entered, into which the source could enter messages. On many of these sites, the password is validated by a bit of obfuscated JavaScript, which then loads a Java applet implementing the actual chat window.
Wow, these guys really did not give a damn about informants. That is some high school level amateur work. Sequential ips, password field, I wonder if they even used ssl. If they did, likely some US affiliated vendor.
I would love to know... even finding the source of those stock photos would be awesome. My initial suspicion is that the image split is just an ancient webdev thing (which they used much after it was popular) to reduce the size of each individual image. But who knows!
Come to think of it, maybe it isn’t such a good plan to give every one of your informants a unique domain to communicate on. Pretty much any government these days can survey all the internet traffic in their country. Wouldn’t it be a little tiny bit suspicious that, say, an Iranian sports news site is frequented by like 1-2 people in the whole of Iran?
The entire premise of this covert messaging system was flawed at the outset, and it’s just tragic that dozens of people lost their lives due to a system this poorly thought out.
Exactly. The best bet is to use a service that is used by a huge number of users and try to hide your traffic in it. I wonder why they didn't do gmail -> gmail for example. Maybe there are good reasons.
China is a special case in that GMail (and many other services) are blocked; most of the directly-accessible major services are operated by companies that will readily cooperate with the government. Hosting your spies in an environment where even the content would be available to the government seems like a generally bad idea. Using a VPN could subject a spy to additional scrutiny, especially if they work in a sensitive domain.
24 comments
[ 4.4 ms ] story [ 72.0 ms ] threadEdit: it does. Another channel beyond 'class="age" title='!
https://lynx.invisible-island.net/
Founder of https://viewdns.info/ here (used by and mentioned in the article a bit). If anyone is doing this kind of research, feel free to reach out at feedback@viewdns.info as I'm more than happy to extend some free API credits etc!
-Hughesey
I really wish the reverse IPs would hit even when it's not the last IP though! Many more hits would come out of that. Related mentions under: https://ourbigbook.com/cirosantilli/cia-2010-covert-communic...
And maybe they made the websites tailored to the individual asset's interests so it looks less suspicious when they visit?
Meaning if your source is a huge star wars nerd you make a star wars fan site for them to check out?
Presumably there's no way for the source to send information back through these websites right?
The entire premise of this covert messaging system was flawed at the outset, and it’s just tragic that dozens of people lost their lives due to a system this poorly thought out.
Except the previous one was at: https://cirosantilli.com/cia-2010-covert-communication-websi... which is the corresponding static website version of https://ourbigbook.com/cirosantilli/cia-2010-covert-communic...