Head to the URL starwarsweb.net and you may be somewhat surprised to find yourself on the Central Intelligence Agency (CIA) homepage. But check it out on the Wayback Machine in December 2010, which is when it first appeared, and you'll find what looks to be a fairly standard Star Wars fanpage.
There's a kid with a lightsaber at the top, the tagline "beyond the unknown" as well as "May the Force be with you", links to various other Star Wars resources, and for some reason Master Yoda is recommending Star Wars Battlefront 2, Star Wars: The Force Unleashed 2, Lego Star Wars 2, and Star Wars the Clone Wars: Republic Heroes. "Like these games, you will" runs the text alongside.
This site, unearthed by security researcher Ciro Santilli and first reported on by 404Media's Joseph Cox, is one of hundreds created by the CIA from around 2010, and part of a network that was used to covertly communicate with CIA assets abroad. These sites were first discovered by the Iranian authorities, and may be linked to the killing of various CIA sources in China over the period 2010-2012.
Santilli's research throws up much more than starwarsweb.net. The majority of the sites Santilli has identified as being in this network seem to be news sites, with a smattering focused on areas like sports, music and gaming. Among the gaming urls involved are havenofgamerz.com, hitpointgaming.com, activegaminginfo.com, myonlinegamesource.com, and kings-game.net.
To take the first example, havenofgamerz.com can again be viewed on the Wayback Machine. Promising "the latest game reviews, previews and videos", it claims "nobody knows games and gamers like the Haven of Gamerz", features a sidebar of (legitimate) gaming outlets, and a few categories for reviews, trailers and previews. It's not going to be giving IGN any sleepless nights but, at a glance, does look like a generic gaming site.
Santilli says that the languages used across these sites suggest they were targeting s in , , Spain, and Brazil.
"It reveals a much larger number of websites," says Santilli. "It gives a broader understanding of the CIA's interests at the time, including more specific democracies which may have been targeted which were not previously mentioned and also a statistical understanding of how much importance they were giving to different zones at the time, and unsurprisingly, the Middle East comes on top."
The role of the websites was first brought to prominence by a Yahoo News report in November 2018, which detailed the "catastrophic" compromise of the CIA's internet communications network. A quote from that article:
"According to the former intelligence official, once the Iranian double agent showed Iranian intelligence the website used to communicate with his or her CIA handlers, they began to scour the internet for websites with similar digital signifiers or components—eventually hitting on the right string of advanced search to locate other secret CIA websites. From there, Iranian intelligence tracked who was visiting these sites, and from where, and began to unravel the wider CIA network."
This was what would ultimately lead to the deaths of CIA sources, primarily in China in 2011 and 2012. This investigation was followed-up by a Reuters report in 2022, America's Throwaway Spies, which went into further detail on how individual CIA agents were exposed by the Iranians, and included the incredible revelation that the IP addresses for the CIA's sites were sequential, meaning that once one was identified it was easy to find others that likely belonged to the same network.
Reuters identified two of the sites and described seven more examples, which was the starting point for Santilli's research. Using data like the IP addresses and domains, Santilli has identified several hundred domains that he believes were part of the CIA's network.
"We're now about 15 years past when these websites were being actively used, yet new information continues to drip out year after year," cybersecurity researcher Zach Edwards told 404 Media. "The simplest way to put it—yes, the CIA absolutely had a Star Wars fan website with a secretly embedded communication system—and while I can’t for everything included in the research from [Santilli], his findings seem very sound
"This whole episode is a reminder that developers make mistakes, and sometimes it takes years for someone to find those mistakes. But this is also not just your average 'developer mistake' type of scenario."
Santilli says it's good "to have more content for people to look at, much like a museum. It's just cool to be able to go to the Wayback Machine and be able to see a relic spy gadget 'live' in all its glory."
Gamers do love a good conspiracy theory, but there appears little doubt that back in 2010 the CIA was operating and maintaining a network that included many gaming and nerd culture sites. It's undeniably weird to think about a cartoon Yoda being used in espionage, or some CIA spook using a front to say they "know games and gamers", and even more unsettling that these were some small part of an intelligence failure that undoubtedly led to dozens of deaths.
You must confirm your public display name before commenting
Please and then again, you will then be prompted to enter your display name.
