(José Niño, Headline USA) At first glance, starwarsweb.net looked like any other early 2010s fan site. Visitors found a cartoon Yoda, game reviews, and links to Star Wars merchandise.
However, according to findings from 404 Media, starwarsweb.net actually functionally as a covert CIA communication platform for maintaining contact with international informants. The website reportedly doubled as a sophisticated system designed for covert communication.
This website formed part of an extensive CIA network that Iranian intelligence first uncovered over a decade ago, ultimately resulting in the execution of numerous CIA assets in China during the early 2010s.
Security researcher Ciro Santilli was responsible for launching the investigation into this CIA network.
The CIA has been revealed to have once secretly ran a Star Wars fan website and used it to communicate with overseas spies.
(Source: https://t.co/au0vdcHOMm) pic.twitter.com/ca6T9aLm04
— DiscussingFilm (@DiscussingFilm) May 26, 2025
He took a particular interest into this topic owing to his fascination with Chinese political affairs (his mother-in-law is apparently involved with the Falun Gong religious movement), his enjoyment of televised spy novel adaptations, his desire for “sticking it up to the CIA for spying on fellow democracies” (identifying himself as Brazilian), and his technical expertise in web development and Linux systems.
He also candidly mentioned pursuing “fame and fortune” as additional motivation for researching this matter during an online discussion.
Santilli’s investigation uncovered additional suspected CIA-operated websites, including platforms focused on comedy, extreme sports, and Brazilian music. His analysis suggests these sites specifically targeted users in Germany, France, Spain, and Brazil based on their linguistic content and cultural references.
“It reveals a much larger number of websites, it gives a broader understanding of the CIA’s interests at the time, including more specific democracies which may have been targeted which were not previously mentioned and also a statistical understanding of how much importance they were giving to different zones at the time, and unsurprisingly, the Middle East comes on top,” Santilli explained.
Yahoo News published a comprehensive investigation in November 2018 examining the CIA’s covert communication infrastructure and its eventual discovery.
This exposure began in Iran before resulting in the deaths of over two dozen CIA sources in China between 2011 and 2012. The CIA subsequently discontinued these covert communication tools.
Reuters followed with their own investigation in September 2022, titled “America’s Throwaway Spies,” demonstrating how Iranian authorities identified CIA informant Gholamreza Hosseini through the agency’s poorly constructed covert websites.
A critical CIA error involved using sequential IP addresses for these sites, making it simple for investigators to locate additional network components after discovering just one.
The Reuters investigation revealed that entering passwords into these seemingly ordinary websites’ search functions actually initiated secure login procedures for sources to communicate with CIA handlers.
While Reuters published two specific domains and described nine total sites, their article contained clues that allowed Santilli to discover many additional platforms.
Santilli discovered that screenshot filenames within the article sometimes contained actual CIA website URLs, which he then researched using the Wayback Machine. He subsequently employed viewdns.info to identify related domains by examining IP address associations.
Santilli’s detailed research methodology involved extensive domain name analysis, HTML code examination, and deploying “a small army of Tor bots” to circumvent Wayback Machine IP restrictions. He accomplished this investigation using exclusively free online tools without purchasing any specialized data.
Citizen Lab had previously identified 885 websites following Hosseini’s disclosure of iraniangoals.com to Reuters. Santilli eventually compiled several hundred domains for manual inspection “as patience would allow.”
Independent cybersecurity researcher Zach Edwards confirmed to 404 Media: “The recent efforts to uncover the websites CIA used to communicate with their spies all over the world aligns with what I understood about this network. We’re now about 15 years past when these websites were being actively used, yet new information continues to drip out year after year.”
“The simplest way to put it—yes, the CIA absolutely had a Star Wars fan website with a secretly embedded communication system—and while I can’t account for everything included in the research from Ciro, his findings seem very sound,” Edwards added. “This whole episode is a reminder that developers make mistakes, and sometimes it takes years for someone to find those mistakes. But this is also not just your average ‘developer mistake’ type of scenario.”
Regarding his research impact, Santilli stated: “At the very least the potential public benefit of enlightening history seems to be greater than that risk now. I really hope we’re right about this.”
He concluded: “It is also cute to have more content for people to look at, much like a museum. It’s just cool to be able to go to the Wayback Machine and be able to see a relic spy gadget ‘live’ in all its glory.”
As digital footprints become increasingly permanent and searchable, the Star Wars site saga serves as a stark warning that today’s secret operations may become tomorrow’s open-source investigations.
José Niño is the deputy editor of Headline USA. Follow him at x.com/JoseAlNino
