The site, called StarWarsWeb.net, looked identical to any «Star Wars» fan page from the 2010 era, with one exception — it had a hidden login system that, when users entered the correct password into the search bar, unlocked access to a line of communication with CIA handlers.
The details of this story were written by the website 404media with reference to independent researcher Ciro Santilli which began its investigation back in 2022 when Reuters published an article «Disposable American Spies» mentioning several suspicious communication domains, and eventually discovered hundreds of similar sites masquerading as communities of extreme sports, music fans, or like the one mentioned above StarWarsWeb.net — under the fan portal «Star Wars» (you can see for yourself where the link leads now).
Santilli found the clues to his investigation simply from the Reuters article, where the screenshot files included in the articles in some cases contained the URLs of the CIA sites themselves. The researcher then searched for the sites on the Wayback Machine (an online service that allows you to view archived versions of websites in the past), and also found related domains through ViewDNS.info (a service that provides tools for analyzing domains and IP addresses).
Santilli created a video detailing the process of his investigation. You can watch it below:
Most of the «sites were sloppily coded by» with the reuse of consecutive IP addresses, which Santilli believes was a fatal flaw in the system. Once one was exposed, finding the rest was just a matter of basic investigative work. Iranian and Chinese counterintelligence teams apparently figured this out more than a decade ago, as Some of the exposed informants were executed in 2011-2012. Other sources lived in France, Germany, Spain, and Brazil.
The CIA has not yet publicly commented on the revelation.