Posted on 09/30/2022 5:09:02 AM PDT by FarCenter
For almost a decade, the US Central Intelligence Agency communicated with informants abroad using a network of websites with hidden communications capabilities.
The idea being: informants could use secret features within innocent-looking sites to quietly pass back information to American agents. So poorly were these 885 front websites designed, though, according to security research group Citizen Lab and Reuters, that they betrayed those using them to spy for the CIA.
Citing a year-long investigation into the CIA's handling of its informants, Reuters on Thursday reported that Iranian engineer Gholamreza Hosseini had been identified as a spy by Iranian intelligence, thanks to CIA negligence.
"A faulty CIA covert communications system made it easy for Iranian intelligence to identify and capture him," the Reuters report stated.
Word of a catastrophic failure in CIA operational security initially surfaced in 2018, when Yahoo! News reporters Zach Dorfman and Jenna McLaughlin revealed "a compromise of the agency’s internet-based covert communications system used to interact with its informants."
...
"The websites included similar Java, JavaScript, Adobe Flash, and CGI artifacts that implemented or apparently loaded covert communications apps," Citizen Lab explains in its report. "In addition, blocks of sequential IP addresses registered to apparently fictitious US companies were used to host some of the websites. All of these flaws would have facilitated discovery by hostile parties."
The websites were designed to look like common commercial publications but included secret triggering mechanisms to open a covert communication channel. For example, the supposed search box on iraniangoals[.]com is actually a password input field to access such its hidden comms functionality – which you'd never guess unless you inspected the website code to see the input field identified as type="password" or unless the conversion of text input into hidden • characters gave it away.
Entering the appropriate password opened a messaging interface that spies could use to communicate.
jackcatdaily is my website and does not belong to the cie
Weird how the Ukies don’t have a CIA and here they are whipping the crap out of the Russkis. I think I see another cold war dinosaur like the U.N. that has outlived its usefulness.
Yeah they do - "ours".
LOL
Awesome video clip covering Op Mockingbird. The more I research the subject.. the more I understand the fake news.
Liberals have been in charge of the CIA, NSA, etc for decades. Liberals in general have a tendency to not care very much about security and secrecy - their mindset is that probably nobody will try to get information and if they do, they won’t misuse it. And if they do misuse it, it probably won’t be a big deal.
Go look at job listings for CIA, DHS, and USSS then Google, Apple, and Meta. Now look at the difference in salaries for comparable cyber related jobs. If your half decent in your skill set are you going to take 60/year or 250k/year + stock options. Unfortunate most of this stuff is built by the bottom of the barrel, and they use classifications and secrecy to hide their incompetence.
That’s how we got Eric Snowdon, that Transexual Marine and That Australian guy who hid in the Ecuadorian embassy for over a year.
Precisely.
Like ORYX, Bellingcat, and the warmongers at the Institute of War.....
Anyone abroad who puts their fate in the hands of the Neocons (which includes the CIA) is not in for a happy ending.
OK, who is the lowest bidder on the secret communications web site? You get the contract!
“Investigative research group Bellingcat, for example, has used the sequential numbering of passports to help identify the fake personas of Russian GRU agents.”
Crap, me and my wife have sequentially numbered passports. Maybe that’s how Tree Hugger outed me as a Russian agent, with a hot line to Comrade Putin.
Kudos with that, read the source and that is one of the lightest simplest scripts I have seen in a long time.
Well done... :)
Bet some also had their SEO metadata, RSS or Atom turned on. lol
“unless you inspected the website code”
Yeah that is hilarious.
Elementary school kids in Vladivostok could have handled the task.
;-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.