Poorly Designed CIA Websites Likely Got Spies Killed

In a new report, Citizen Lab, a University of Toronto laboratory “focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security”, identified a network of 885 websites which the CIA used to covertly communicate with spies abroad. However, the sites were designed in an extremely flawed manner and likely enabled the Chinese and Iranian regimes to easily detect and capture individuals spying for the United States. The weakness of the network may be a key reason behind China’s success in neutralizing the US spy network in China in 2011-2012.

One example of these compromised CIA websites is Iraniangoals.com – a website disguised as a soccer blog. The search box at the bottom of the page right above the ads was actually a hidden password field. If the correct password was inputted, a chat box would open up which the undercover spy could use to talk directly with their CIA handler. Each spy had their own personal website.

Screen capture of archived Iraniangoals.com site

However, the websites were deeply flawed. Forgiving the dated graphic design of the website, one would find that typing into the search box would immediately reveal it is a password prompt by concealing the characters being typed and the word “password” was even used directly in the source code.

Even more importantly, the CIA used hundreds of near-identical websites. While they were themed to anything from fitness blogs to musical blogs, they all used the same basic design. The password prompt was always at the bottom of the page disguised as a search bar, similar design elements were used across websites, and the source code was similar. Moreover, the websites were hosted on sequential IP addresses. In other words, once a single CIA undercover website was identified it was extremely easy for government programmers to identify other CIA websites and then catch American spies.

9Examples of CIA-designed websites identified by YouTuber Seytonic

Citizen Lab identified CIA-linked websites of this type in 27 different languages and apparently configured for spies in at least 36 countries. It is extremely unlikely that the CIA still uses this type of communications; it was likely abandoned around 2013.