News + Trends
Trouble over "Star Citizen": Community criticises developers' pay-to-win decision
by Debora Pape
A Star Wars website for CIA agents was only a good idea on the surface
28.5.2025
Translation: machine translated
Around 2010, the CIA used sloppily programmed websites as a communication network for its foreign sources. Now hundreds of these sites are coming to light.
The research findings of Brazilian web developer Ciro Santilli read like an espionage thriller. It's about the CIA, its agents in the Middle and Far East and a Star Wars website. And in the end, people die.
Apparently, around 2010, the CIA, the USA's foreign intelligence agency, used hundreds of news and fan websites for disguised communication with its sources on the ground. Negligent programming and hosting of the websites enabled enemy intelligence services to uncover them and expose domestic agents. This was more than a decade ago, but only now is the extent of this communication network becoming public.
The CIA and its Star Wars fan site
Santilli went in search of the hidden CIA websites and came across a fan site about Star Wars, among other things. It was accessible at the address starwarsweb.net. Today, the URL redirects to the CIA's homepage. Santilli used publicly available information for his research, including the online tool Wayback Machine, which can be used to view earlier versions of various websites.
An image of starwarsweb.net exists from 30 December 2010, which is still accessible. The site does not appear to offer much added value. It is a collection of links and recommendations on Star Wars topics, for example «Master Yoda's favourite games». The site didn't need to offer any more depth, as it was only intended to keep up a superficial appearance. In fact, it served as communication between the source and the CIA contact.
Source: starwarsweb.net/Wayback Machine
Exposed through the publicly visible source code
A report by Yahoo had already drawn attention to this in 2018. This was followed in 2022 by a Reuters report, which made it clear how the agents were successfully unmasked. It shows that the CIA's negligence between 2010 and 2013 uncovered the identity of agents in Iran. They had passed on information about the locations of uranium enrichment facilities in Iran to the US authorities. Their arrest was followed by long prison sentences or even executions.
The CIA websites are at the centre of this negligence. The communication system apparently worked like this, among other things: There was a search field on the websites, but it actually served as an input field for a password. By logging in correctly, the sources were able to enter messages in a newly opened field, which were transmitted to the website operator - the CIA.
The problem: The page source code, which is visible to everyone, makes the true purpose of the search bar clear. In the source code, the input type for the search bar is «password». This means that the server knows that the input is not a search term, but a login attempt.
For outsiders, the agent is simply visiting a random website. However, anyone who knows its purpose can gain access to the communication channels by entering the password. From the point of view of security experts, this is a disaster. In China, the exposure led to the killing of numerous agents.
More evidence for the verification of CIA websites
Santilli points out that the search box is just one of several clues that suggest the use of a site in the service of the CIA. The Star Wars page, for example, has no search field at all. However, the site has several features that match those of other CIA sites, such as a similar structure, similarities in the domain name and in the communication mechanisms used: Java JAR, JavaScript, Adobe Flash SWF and CGI.
According to Santilli, the CIA's most serious operational security failure is the use of consecutive IP addresses for multiple websites. Once a site has been exposed, possible CIA candidates can also be found in the neighbouring IP range.
During his research, Santilli found hundreds of other Internet addresses that could be assigned to the communications network. The list of websites and his approach are documented here. Based on the language of the website, it is possible to narrow down where the sources involved were active - including in German- and Italian-speaking countries.
Header image: starwarsweb.net/Wayback Machine
Feels just as comfortable in front of a gaming PC as she does in a hammock in the garden. Likes the Roman Empire, container ships and science fiction books. Focuses mostly on unearthing news stories about IT and smart products.
Movies and series
Follow topics and stay updated on your areas of interest
6 comments
later