While the Star Wars fandom is varied—and sometimes even bizarre—few would have guessed it once included members as surprising as the CIA, who ran the secret fan site starwarsweb.net. According to journalist Joseph Cox from 404media, amateur security researcher Ciro Santilli has uncovered compelling proof that fan site starwarsweb.net was used around 2010 as a secret way for the CIA to talk to its agents all over the world.
At first glance, the site looked just like any other Star Wars fan page. It had links to Star Wars Insider magazine, ads for LEGO sets, and even Gentle Giant collectibles. But according to a Reuters report, the real purpose was hidden. Agents could enter a special password into the search box, which would then bring up a secret login page for covert messages with the CIA. Starwarsweb.net was just one of many such sites. The University of Toronto’s Citizen Lab found evidence of more than 800 similar websites that might have been used by the CIA for the same reasons.
Unfortunately, this secret network didn’t last long. Iranian authorities discovered the sites, forcing the CIA to scramble and try to change hundreds of websites in a hurry. But the damage was already done. The security breach led to the deaths of more than two dozen informants in China between 2011 and 2012, as was later reported at Yahoo! News back in 2018.
Even though the operation was sloppy in some ways, it still took real skill for Ciro Santilli to uncover starwarsweb.net as one of these old CIA sites. He made a video showing how he did it, including searching through old IP addresses, digging through historic domain names, and checking the site’s HTML code.
404 Media checked Santilli’s findings with independent cybersecurity expert Zach Edwards, who told them:
“The recent efforts to uncover the websites CIA used to communicate with their spies all over the world aligns with what I understood about this network. We’re now about 15 years past when these websites were being actively used, yet new information continues to drip out year after year…The simplest way to put it—yes, the CIA absolutely had a Star Wars fan website with a secretly embedded communication system—and while I can’t account for everything included in the research from Ciro, his findings seem very sound. This whole episode is a reminder that developers make mistakes, and sometimes it takes years for someone to find those mistakes. But this is also not just your average ‘developer mistake’ type of scenario.”
I guess in a galaxy far, far away, where even the most innocent-looking cantina can be a “wretched hive of scum and villainy,” sometimes it pays to ask: who’s really running the show? You may want to double-check that you’re not accidentally sending your messages to the Empire. Full disclosure, as far as I know, we’re not involved in any secret government business here at Bleeding Fool.
***
English (US) · 