Enlarge image
CIA Headquarters in Langley, Virginia: "Undoubtedly risked the lives of countless people"
Photo: Kevin Wolf/AP
The US secret service CIA has apparently operated an insecure system for transmitting messages for years, thereby endangering informants in countries such as Iran.
Reuters reports, citing two security researchers, several Iranians who have been convicted and detained for espionage, and current and former CIA employees.
The existence of the corresponding communication channels, which were hidden on unsuspicious-looking websites, has been known since 2018.
According to a media report from the time, numerous informants in Iran and China were arrested in 2011 and 2012 due to weaknesses in a web-based communication system, and some of them were executed.
Reuters has now published concrete examples and the weaknesses of the system for the first time after security researchers found hundreds more set up by the CIA starting from a single web address.
Iraniangoals.com was the address used by a former informant, which he gave to the Reuters journalist.
What appeared to be a website about soccer contained a poorly hidden function for sending messages to the CIA: the search form on the site was actually a login field for entering a password, which would allow the sending function to be accessed.
Telltale clues in the source code
As Canada's Citizen Lab's Bill Marczak and Victory Medium's Zach Edwards found out, right-clicking on the site was all it took to find the feature.
In the source code, it was labeled »password«.
The terms »message« and »compose« could also be found there - clear indications of a way to send messages.
But that's not all: Based on this one football site, Marczak 350 was able to identify other websites that all contained the same system, according to the report.
Among them are supposed to have been a "Star Wars" fan page and one about talk show host Johnny Carson.
Everything that he says he needed for this can also be viewed by other experts - not least Iranian authorities: the Internet Archive's Wayback Machine, passive DNS data and data from Internet scans.
Marczak realized that the sites were sometimes located in adjacent blocks of IP addresses purchased by a fictitious US company.
So if you knew a site, you only had to look at its neighboring IP addresses to find other CIA sites.
This was especially true when the pages had very similar names.
Another site disguised as a football portal was called Iraniengoalkicks.com, writes Reuters.
In order to then catch an informant, Iranian authorities only had to observe who was visiting the site.
CIA officials, who wished to remain anonymous, confirmed to Reuters that each page was set up for exactly one informant so as not to immediately lose multiple sources in the event of a compromise.
The system was probably also used in China, Brazil, Russia, Thailand and Ghana, among other places, according to Reuters, at least the various websites and the respective language indicate this.
The system has been used for years
It was only in 2013, when many informants suddenly disappeared, that the US secret service finally realized that the system had been seen through – at that time it had been in use for at least nine years.
According to the report, it was only made available to the less valuable sources.
From the CIA's point of view, informants who were particularly worthy of protection were given special tools made at headquarters for secure and unobtrusive communication with their contacts.
The Citizen Lab criticized the CIA's actions as "careless" and "undoubtedly risked the lives of countless people."
pbe
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/OA3I6OPF4JFS7PREFAZ3GC45CU.png)
