https://www.reuters.com/investigates/special-report/usa-spies-iran/

What Hosseini didn’t know was that the world’s most powerful intelligence agency had given him a tool that likely led to his capture. In 2018, Yahoo News reported that a flawed web-based covert communications system had led to the arrest and execution of dozens of CIA informants in Iran and China.

Reuters located the secret CIA communications site identified by Hosseini, Iraniangoals.com, in an internet archive where it remains publicly available. Reuters then asked two independent cyber analysts – Bill Marczak of University of Toronto’s Citizen Lab, and Zach Edwards of Victory Medium – to probe how Iran may have used weaknesses in the CIA’s own technology to unmask Hosseini and other CIA informants. The two are experts on privacy and cybersecurity, with experience analyzing electronic intelligence operations. The effort represents the first independent technical analysis of the intelligence failure.

Marczak and Edwards quickly discovered that the secret messaging window hidden inside Iraniangoals.com could be spotted by simply right-clicking on the page to bring up the website’s coding. This code contained descriptions of secret functions, including the words “message” and “compose” – easily found clues that a messaging capability had been built into the site. The coding for the search bar that triggered the secret messaging software was labeled “password.”

Far from being customized, high-end spycraft, Iraniangoals.com was one of hundreds of websites mass-produced by the CIA to give to its sources, the independent analysts concluded. These rudimentary sites were devoted to topics such as beauty, fitness and entertainment, among them a Star Wars fan page and another for the late American talk show host Johnny Carson.

Each fake website was assigned to only one spy in order to limit exposure of the entire network in case any single agent was captured, two former CIA officials told Reuters.

But the CIA made identifying those sites easy, the independent analysts said. Marczak located more than 350 websites containing the same secret messaging system, all of which have been offline for at least nine years and archived. Edwards confirmed his findings and methodology. Online records they analyzed reveal the hosting space for these front websites was often purchased in bulk by the dozen, often from the same internet providers, on the same server space. The result was that numerical identifiers, or IP addresses, for many of these websites were sequential, much like houses on the same street.

“The CIA really failed with this,” said Marczak, the Citizen Lab researcher. The covert messaging system, he said, “stuck out like a sore thumb.”

In addition, some sites bore strikingly similar names. For example, while Hosseini was communicating with the CIA through Iraniangoals.com, a site named Iraniangoalkicks.com was built for another informant. At least two dozen of the 350-plus sites produced by the CIA appeared to be messaging platforms for Iranian operatives, the analysts found.

All told, these features meant the discovery of a single spy using one of these websites would have allowed Iranian intelligence to uncover additional pages used by other CIA informants. Once those sites were identified, nabbing the operatives using them would have been simple: The Iranians just had to wait and see who showed up. In essence, the CIA used the same row of bushes for its informants worldwide. Any attentive espionage rival would have been able to spot them all, the analysts said.

This vulnerability went far beyond Iran. Written in various languages, the websites appeared to be a conduit for CIA communications with operatives in at least 20 countries, among them China, Brazil, Russia, Thailand and Ghana, the analysts found.

CIA spokeswoman Thorp declined to comment on the system.

Reuters confirmed the nature of the intelligence failure of the CIA’s cookie-cutter websites with three former national security officials.

The agency wasn’t fully aware that this system had been compromised until 2013, after many of its agents began to go missing, according to the former U.S. officials.

Still, the CIA had never considered the network safe enough for its most prized sources. Top-tier informants receive custom-made covert communications tools, built from scratch at agency headquarters in Langley, Virginia, to seamlessly blend into the life of a spy without drawing attention, three former CIA officers said.

The mass-produced sites, they said, were for sources who were either not considered fully vetted or had limited, albeit potentially valuable, access to state secrets.

“This is for a person viewed as not worth the investment of advanced tradecraft,” one of the former CIA officials said.

The CIA declined to comment on the covert communications system and the intelligence failure.

P13103
The website looks mirrored and outdated, but atleast no bloaty javascript, right?

P13105
There's a bunch of obfuscated Javascript.
According to /watch?v=a6v3cT3b59A it launches a Java applet when you type in a password.

P13103
I'm surprised they don't just use something mainstream and based in the US like facebook or twitter.

P13257
They might. It would work well in countries where those websites are mainstream and not blocked.

P13257
Duh, Face and Twitter be like:

"Your privacy is safe with us."

P13729
Those North Korean hackers chose a great target to steal from.