CIA 2010 covert communication websites / Possible HTML information leaks

This section is about possible "real-world" information leaks found in the HTML of the pages. Domain DNS metadata may of course expose more, and is more likely to do so, this section is only about in-page findings, notably in the HTML.

We haven found anything too mind-blowying so far, but the ones we have are curious.

The HTML <title> of webofcheer.com is cryptically set as:rather than a more natural title like "Web of cheer" as is the case for the other website. This feels like a forgotten placeholder for an internal page identifier, e.g. "page 1C" sounds plausible. At Section "HTML title element" we riefly inspected the <title> of every other hit with a wayback machine archive, and unfortunately none other seemed to have any such interesting title.

The 2010 archive of europeantravelcafe.com has a "plan your trip" link links to a different domain: secure-cert.net/~etc/transport.html. This appears to have been a link to the system used by CIA operators to manage the website. Furthermore, the link then was later removed from the 2011 version, so it was almost certainly a leak! "secure-cert.net" is obscure, the only other surviving online mention of it is www.leewillis.co.uk/wordpress-plugins/#comment-6513 to
secure-cert.net/~sayitint/products-page/bags-totes/duffel-bag/ We've grepped all the HTML downloaded as HTML analysis but no other links to it were found.

A similar thing happened to alljohnny.com Starting December 2004 the "Submit your favorite carlson quote" was mind blowingly switched to point to https://washington.serversecured.net/~alljohnn/cgi-bin/memlog.cgi thus likely leaking the control site URL. Beauty. It previously pointed to the more sensible: web.archive.org/web/20040901162621/https://secure.alljohnny.com/cgi-bin/memlog.cgi