According to security researchers, hundreds of now-defunct websites used by the US Central Intelligence Agency (CIA) could have been identified even by an “amateur sleuth”.
A report published by the University of Toronto Citizen Lab raised serious doubts about how the US intelligence agency handles security measures, after discovering that the CIA had been using “flawed” websites for secret communications for years.
Using a single website, as well as publicly available documents such as historical internet scan results and internet archives return machineCitizen Lab said it identified a network of 885 websites it attributed “with high confidence” to have been used by the CIA between 2004 and 2013.
Although the researchers said the websites were probably not used by the CIA recently, they found that a subset of them were still linked to active intelligence employees or assets, including a foreign contractor and a current State Department employee.
Researchers reported that the websites included Java, JavaScript, Adobe Flash, and similar CGI artifacts that apparently implemented or loaded covert communications applications. Additionally, blocks of sequential IP addresses registered for apparently fictitious US companies were used to host some of the websites. All of these flaws would have facilitated discovery by hostile parties.
“If we had conducted this research while the websites were still online – as China and Iran probably would have done – we wouldn’t even have needed to rely on the Wayback Machine and other tools,” Citizen Lab said in a statement.
“Knowing only one website, it’s likely that, as long as the websites were online, a motivated amateur sleuth could have mapped out the CIA network and attributed it to the US government.”
The security experts began their investigation of CIA websites in 2022, after receiving a tip from Reuters journalist Joel Schectmann, revealing that a CIA asset was captured in Iran after using a compromised network. Four years earlier, an article Posted in Yahoo News reported that a secret CIA communications system was compromised by Iran and China around 2011, resulting in the deaths of “more than two dozen sources” in China and Iran.
The group said it was not releasing a full, detailed technical report of its findings to avoid endangering CIA assets or employees, but raised concerns about the company’s handling of security measures. intelligence agency.
“The CIA’s reckless construction of this infrastructure would have led directly to the identification and execution of assets and would undoubtedly have risked the lives of countless others,” Citizen Lab added. “We hope that this research and our limited disclosure process will lead to accountability for this reckless behavior.
The websites – which were supposed to be news, weather, sports, health and other legitimate websites – appeared to be available in 29 languages and targeted at at least 36 countries. One of the published websites pretended to be a Johnny Carson tribute page, asking users to submit their “favorite Johnny Carson moment”, according to the study.
CIA spokeswoman Tammy Kupperman Thorp responded to the report saying, “The CIA takes its obligations to protect the people who work with us very seriously and we know that many do so bravely, risk to their lives. The idea that the CIA would not work as hard as possible to protect them is wrong.
In 2020, aAn internal report concluded that a 2016 breach that compromised a huge trove of CIA cyber weapons occurred due to “woefully lax” information security within the agency. The breach came to light in March 2017 when WikiLeaks released what it called the CIA’s greatest treasure trove of documents, known as “Vault 7”.
Sign up for the E&T News email to get great stories like this delivered to your inbox every day.