A cartoon Yoda, Lego ads, and Xbox game links were just a surface. Behind them, the CIA was secretly communicating with spies around the world.
-
Starwarsweb.net, a seemingly ordinary fan site, was revealed to be a covert CIA communication tool with spies around the globe.
-
Brazilian researcher Ciro Santilli uncovered the site while investigating a broader network of CIA-run domains. Many of these domains appeared tailored to specific regions, such as Europe, Brazil, and the Middle East, and disguised as fan pages for comedians, extreme sports, or Brazilian music.
-
The case highlights how intelligence agencies repurpose everyday web infrastructure, including pop culture fan sites, for espionage.
A website that looked like an early 2010s Star Wars fan page with images of Yoda, C-3PO, and links to video games and Lego sets was actually a covert communications tool run by the Central Intelligence Agency (CIA).
The site, starwarsweb.net, appeared unremarkable on the surface.
“Like these games you will,” reads a caption beside a cartoon Yoda, promoting Star Wars Battlefront II and The Force Unleashed II. Another section advertises a Lego Star Wars kit.
But according to the findings by amateur researcher Ciro Santilli, reported by 404 Media, the website was part of a now-defunct network of CIA-operated sites used to covertly communicate with US intelligence sources overseas.
Santilli, a Brazilian software developer and self-described open web enthusiast, uncovered starwarsweb.net while investigating digital remnants of the CIA’s hidden communication systems.
The tool itself worked by hiding a secure login mechanism inside what looked like an ordinary search bar. Informants would enter a prearranged password, which would trigger the covert access system.
What he found, he says, was a broader network than previously reported – one that included fan pages for comedians, extreme sports, Brazilian music, and other innocuous interests, many of them tailored to different languages and countries.
Much of the content and language on the pages indicated target regions such as Germany, France, Spain, and Brazil. Many sites were focused on the Middle East.
CIA is leaking its own secrets
A central problem with the communications network at the time was that the domains of the CIA websites were sometimes located on consecutive IP addresses. Anyone who found one site could relatively easily track down others.
The Canadian research institute Citizen Lab had also previously discovered a total of 885 potentially CIA-controlled websites using this error. Santilli was able to manually examine several hundred domains based on this error.
The CIA’s use of public-facing websites for spy communications first came to light in 2018, when Yahoo News published an investigation revealing that a digital backchannel used by the agency had been compromised. That breach, which began in Iran, ultimately led to the deaths of more than two dozen CIA sources in China between 2011 and 2012.
In 2022, Reuters published further details, revealing how Iranian intelligence services were able to uncover one of the sites, iraniangoals.com, which a captured informant said he had used to communicate with the CIA. From there, researchers and adversarial governments could identify other linked domains.
Zach Edwards, an independent cybersecurity researcher, said Santilli’s findings are consistent with what’s known about the compromised CIA network.
“The simplest way to put it – yes, the CIA absolutely had a Star Wars fan website with a secretly embedded communication system,” Edwards told 404 Media. “This is also not just your average ‘developer mistake’ type of scenario.”
Your email address will not be published. Required fields are markedmarked