Security News > 2022 > September > Security Vulnerabilities in Covert CIA Websites

Security Vulnerabilities in Covert CIA Websites
2022-09-30 14:19

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by-at least-China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions.

We're now learning that the CIA is still "Using an irresponsibly secured system for asset communication."

Using only a single website, as well as publicly available material such as historical internet scanning results and the Internet Archive's Wayback Machine, we identified a network of 885 websites and have high confidence that the United States Central Intelligence Agency used these sites for covert communication.

The websites included similar Java, JavaScript, Adobe Flash, and CGI artifacts that implemented or apparently loaded covert communications apps.

Blocks of sequential IP addresses registered to apparently fictitious US companies were used to host some of the websites.

The bulk of the websites that we discovered were active at various periods between 2004 and 2013.


News URL

https://www.schneier.com/blog/archives/2022/09/security-vulnerabilities-in-covert-cia-websites.html