Security researchers claim that the United States Central Intelligence Agency (CIA) utilised hundreds of seriously defective websites for secret communications that even an “amateur sleuth” might have discovered.
Dozens of US sources in China in 2011 and 2012 are said to have died as a result of the vulnerabilities, while Iran is said to have executed or imprisoned other CIA operatives as a result of the problems.
Security specialists at the Citizen Lab at the University of Toronto, who began looking into the issue after receiving a tip from Reuters reporter Joel Schectmann, conducted the latest study.
Citizen Lab said that it was able to trace “with high confidence” the use of a network of 885 websites to the CIA using just one website and publicly accessible information. It was discovered that the websites gave the impression of being about news, the weather, healthcare, and other respectable websites.
A motivated amateur sleuth could have identified the CIA network and linked it to the US government with the knowledge of just one website, according to a statement from Citizen Lab.
The CIA apparently stopped using the websites between 2004 and 2013, but Citizen Lab reported that a subset of them was still connected to active intelligence personnel or assets, including a current foreign contractor and a state department employee.
The story’s beginnings may be traced back to 2018 when Yahoo News writers Jenna McLaughlin and Zach Dorfman revealed that Iran and China had infiltrated a system used by the CIA to interact with assets, which resulted in the deaths of over 20 dozen sources in China in 2011 and 2012. People with knowledge of the incident expressed worry to Yahoo News that those at fault had never been held accountable.
(with inputs from agencies)