‘Star Wars’ Fan Site Was Part of a Covert CIA Communication Network

Little did we know that when StarWarsNewsNet came onto the scene in 2012, we would be joining a committed cohort of fans that had until just recently included some rather surprising members…like the CIA-run Star Wars site starwarsweb.net. Through the combined reporting efforts of Joseph Cox at 404media, and in particular, Ciro Santilli, an amateur security researcher, we now have convincing evidence that starwarsweb.net was used around 2010 as a covert communication tool for CIA assets around the world.

As you might expect, the site looks bizarrely convincing with links out to Star Wars Insider magazine and ads for LEGO and even Gentle Giant figures. The way it apparently worked, via a report from Reuters, was that informants would enter a password into the search function, which would then trigger a log-in screen navigating them to the page used for covert communication with the agency. And starwarsweb.net was far from the only site like it, with the University of Toronto’s Citizen Lab reporting findings that spoke to more than 800 sites with similar footprints that could plausibly have been used by the CIA for this purpose.

These sites reached an abrupt and rather ignominious end (like most CIA operations in history…) when they were initially discovered by Iranian authorities, triggering a frenzied effort by CIA authorities to reconfigure the (likely) hundreds of websites in the network, but ultimately led to the death of more than two dozen informants in China in 2011 and 2012. You can read more about the breaking of that news from Yahoo! News’s Zach Dorfman and Jenna McLaughlin in 2018 here.

Despite the sloppiness of the operation, it still required some clever back-end know-how on Santilli’s behalf to actually identify starwarsweb.net as one of the defunct CIA-run websites. Santilli put together a video on how he discovered the website, including searching within a targeted IP range, sifting through historic domain names, and reviewing the website’s HTML, among many other time-consuming methods.

404 Media was able to corroborate Santilli’s findings with the help of Zach Edwards, an independent cybersecurity researcher who told the news organization,

“The recent efforts to uncover the websites CIA used to communicate with their spies all over the world aligns with what I understood about this network. We’re now about 15 years past when these websites were being actively used, yet new information continues to drip out year after year…The simplest way to put it—yes, the CIA absolutely had a Star Wars fan website with a secretly embedded communication system—and while I can’t account for everything included in the research from Ciro, his findings seem very sound. This whole episode is a reminder that developers make mistakes, and sometimes it takes years for someone to find those mistakes. But this is also not just your average ‘developer mistake’ type of scenario.”

It all makes for a rather unusual report on this otherwise normal Tuesday. I’ll cap it off by saying…dear readers, we assure you that here at StarWarsNewsNet we’re committed to the simple mission of reporting on Star Wars news, and while we do connect fans around the globe, they are just that–fans. Well, as far as we know. Alas, no fat U.S. Defense Department checks being cashed around here.