Ciro Santilli
OurBigBook.comThis article is about covert agent communication channel websites used by the CIA in many countries from the late 2000s until the early 2010s, when they were uncovered by counter intelligence of the targeted countries circa 2010-2013. The websites had been fully shutdown by 2013.
This discovery led to the imprisonment and execution of several assets in Iran and China, and subsequent shutdown of the channel. This is likely a Wikipedia page that talks about the disastrous outcome of the websites being found out: 2010–2012 killing of CIA sources in China, although it contained no mention of websites before Ciro Santilli edited it in.
Of particular interest is that based on their language and content, certain of the websites seem to have targeted other democracies such as Germany, France, Spain and Brazil.
This article uses publicly available information to publicly disclose for the first time a few hundred of what we feel are extremely likely candidate sites of the network. The starting point for this article was the September 2022 Reuters article "America’s Throwaway Spies" for the first time gave some example websites, nine of them in total, and claimed that the network consisted of "more than 350 websites".
Starting from only these nine websites we were then able to find a few hundred websites that share os many similarities with them, i.e. a common fingerprint, that we believe makes them beyond reasonable doubt part of the same network. Key parts of the fingerprint include:citizenlabs' report of exactly 885 websites being found makes it feel like they did find a better fingerprint which we have not managed to find yet.
- IP range search on viewdns.info starting from the websites reported by Reuters
- heuristic search for keywords present in domain name dumps such as the 2013 DNS Census together with Wayback Machine CDX scanning. Notably, a huge number of websites contained the word "news" on them, which was a massive flaw.
If anyone can find others websites, or has better techniques feel free to contact Ciro Santilli at: Section "How to contact Ciro Santilli". Contributions will be clearly attributed if desired. Some of the techniques used so far have been very heuristic, and that added to the limited amount of data makes it almost certain that some websites have been missed. Broadly speaking, there are two types of contributions that would be possible:
- finding new IP ranges: harder and more exiting, and potentially requires more intelligence
- better IP to domain name databases to fill in known gaps in existing IP ranges
Disclaimers:
- the network fell in 2013, followed by fully public disclosures in 2018 and 2022, so we believe it is now more than safe for the public to know what can still be uncovered about the events that took place
- Ciro Santilli's political bias is strongly pro-democracy and anti-dictatorship, but with a good pinch of skepticism about the morality US foreign policy in the last century
May this article serve as a tribute to those who spent their days making, using, and uncovering these websites under the shadows.
Tagged
Ancestors
Incoming links
- Home
- The best articles by Ciro Santilli
- Boitatech
- CIA usage of Domains by Proxy
- Directorate of Digital Innovation (CIA)
- Reactions to cirosantilli.com
- Reactions to cirosantilli.com's design
- Sources and methods
- Anonymity of the donation
- 44 new CIA websites
- 60 new CIA website screenshots discovered on CQ Counter
- CIA 2010 websites video
- Getting a list of all currencies from Wikidata with SPARQL
- Post OurBigBook job search round 2025
- viewdns.info