By Olivier Acuña Barba • Published: 09 Jun 2025 • 0:13 • 3 minutes read The CIA set up websites for top secret messaging with informants that were too easy to access it's not funny, it turned out lethal | Credits: Shutterstock Imagine browsing a Star Wars fan website last week, only to learn the galaxy far, far away was a clever cover for covert CIA messaging. Independent researcher Ciro Santilli recently revealed that StarWarsWeb.net, a nostalgic early 2010s fan site complete with lightsaber ads and Yoda quotes, actually operated as a hidden portal for CIA agents to communicate with sources abroad. Click on it now and see where it leads to.

It wasn’t the only one. Santilli uncovered a network of over 350 websites—from Brazilian music forums to extreme sports portals—all loaded with cloaked login functions tied to the CIA’s intel network, according to 404 Media, an independent media website. A simple search phrase triggered a secure login to the handlers.

Behind every LEGO-studded page and game review lurked a hidden spy line. According to Gamespot, evidence suggests that this effort was also quite messy and potentially destructive to the agency’s efforts, contributing to the exposure of several CIA sources. This is how lame the spy network was Several research centres and media outlets have documented the case, Wired reported recently.

“However, until now, the true scope of this infrastructure remained unknown. This gap has been addressed by Santilli using only free tools to map the clandestine network successfully,” Wired added. The plan unravelled after Iranian authorities stumbled upon the scheme.

They decoded one site and traced others through sequential IP addresses and code similarities. But the consequences were severe. More than 30 CIA informants in Iran and China were reportedly exposed and executed between 2011 and 2012.

The network, once thought secure, turned into a tragic betrayal. Reuters first flagged this covert operation in its 2022 report, “America’s Throwaway Spies,” identifying dubious domains, such as these fan sites. In that in-depth article, Reuters chronicled the story of Gholamreza Hosseini, an Iranian industrial engineer working for the CIA when he was nabbed at the Imam Khomeini Airport in Tehran in late 2010.

Hosseini was beaten. He denied everything and thought he had successfully destroyed all incriminating data. Still, the Iranian intelligence officers seemed to know it all, and all he could think of was a CIA betrayal.

“These are things I never told anyone in the world,” Hosseini told Reuters. The CIA declined to comment on Hosseini’s account. The CIA’s ineptitude or lack of seriousness Hosseinie, Reuters said, fell victim because of the CIA’s ineptitude in taking their informant’s security seriously.

The CIA had created over 350 websites, such as the Star Wars fan site mentioned by 404 Media, that were not secure enough, as anybody could click right and access their messaging system. “Far from being customised, high-end spycraft, the hundreds of websites mass-produced by the CIA were rudimentary sites devoted to topics such as beauty, fitness and entertainment, among them a Star Wars fan page and another for the late American talk show host Johnny Carson,” a CIA analyst told Reuters. Each fake website was assigned to only one spy to limit exposure of the entire network in case any single agent was captured, two former CIA officials told Reuters.

Santilli’s detective work confirms the scale—hundreds of front‑end sites, many with localised content in France, Spain, Germany, Brazil and beyond, designed to blend in with niche audiences. The biggest CIA tech blunder Tech analysts describe this as one of the CIA’s biggest tech blunders. Platforms running identical code on sequential IP addresses made them easy picks for digital sleuthing.

Revelations came from the Wayback Machine archives and DNS pattern analysis, underscoring how human error can compromise top‑tier intelligence. This forensic unveiling didn’t end in embarrassment—it ended lives. When intelligence agencies like Iran’s or China’s cracked the code, informants were rounded up, arrested, or worse.

What was meant to be an elegant online safehouse turned into a lethal weakness. “The CIA really failed with this,“ Bill Marczak of the University of Toronto’s Citizen Lab told Reuters. The covert messaging system, he said, “stuck out like a sore thumb.“ Even now, years later, the remnants of that digital cloak-and-dagger operation linger online.

Visit StarWarsWeb.net today, and you’ll be rerouted to the CIA’s website. But if you dig into archived snapshots, you’ll glimpse Jedi imagery one moment and the sad aftermath of a covert miscalculation the next. Security experts warn this tale holds larger lessons for intelligence and spycraft in the digital age.

The CIA’s fan‑site gambit once placed agents in the crowd, but what looked like ordinary fun masked deadly exposure. Developers might have hidden the portal, but they couldn’t hide the patterns that emerged from it.