June 23, 2025 • 25 mins
The digital age promised revolutionary new tools for espionage, but as the CIA discovered through catastrophic failure, technology can betray as easily as it can conceal. At the heart of this shocking intelligence disaster sits an unlikely protagonist: StarWarsWebNet, a seemingly innocent fan site that secretly served as a communication channel between CIA handlers and their informants behind enemy lines.
Across hundreds of such innocuous-looking websites, the CIA built what they believed was an impenetrable system for their assets in hostile territory to safely transmit intelligence and receive instructions. The genius lay in its ordinary appearance—who would suspect discussions of Yoda and lightsaber battles to conceal state secrets? But beneath this clever disguise lurked fatal flaws that would lead to devastating consequences.
When Iranian intelligence stumbled upon this digital spy network around 2009, they discovered elementary mistakes that exposed the entire operation. Shared IP addresses, similar code structures, and digital fingerprints connected these supposedly isolated websites like a trail of breadcrumbs. The Iranians reportedly shared their discovery with China, leading to the systematic dismantling of America's human intelligence networks in both countries. The human toll was staggering—approximately 30 informants in each country were captured, many executed or imprisoned. Years of careful intelligence cultivation vanished overnight, creating blind spots in America's understanding of these critical regions that may persist to this day.
This fascinating and tragic story serves as a stark reminder that in the shadow world of international espionage, basic security principles remain paramount even in the digital age. When lives hang in the balance, "security through obscurity" proves a dangerously inadequate shield. As intelligence agencies continue evolving their methods, the lessons from this digital disaster echo through the corridors of power: your adversaries are watching, they're clever, and they need only find one weakness to unravel even the most elaborate deception.
Curious about other shocking intelligence failures and surprising truths hidden beneath official stories? Subscribe to Grandpa's Hymn for more tales that prove reality often outstrips the wildest spy fiction!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:09):
Welcome to Grandpa's Hymn.
I'm your host, lynn Dimmick,and this is the podcast where we
peek behind the official story,lift up the rug and see what
kind of unbelievable truths areswept underneath.
You know the kind of storiesthat make you lean back and say,
hold on, did that really happen?
Because, folks, let me tell you, the world is a whole lot
(00:32):
weirder and sometimes a heck ofa lot more dangerous than any
spy movie you've ever seen.
Today we've got a doozy.
We're diving headfirst into atale where the CIA yes, that CIA
decided that the best way totalk to its secrets agents was
through, of all things, a StarWars fan website.
(00:54):
That's right, starwarswebnet.
And let me tell you, the forcewas not with them on this one.
It all went spectacularly,catastrophically wrong.
So picture this, if you will.
You're a CIA informant.
You're not exactly sippinglattes in a comfy office.
(01:15):
You're deep behind enemy lines,as they say.
Your actual life hangs by athread, and that thread is
secrecy.
So how do you get your topsecret info back to the folks in
Langley?
Your actual life hangs by athread, and that thread is
secrecy.
So how do you get your topsecret info back to the folks on
Langley?
Do you use invisible ink, acarrier pigeon with a tiny
(01:37):
fedora?
Nope, you log on to a websiteand not just any old gov address
.
We're talking StarWarsWebnet, adigital hangout plastered with
pictures of Yoda.
Maybe some heated debates aboutwhether Greedo really shot
first, Innocent as an Ewok,right?
Well, not quite.
Buried under all that Star Warsgeekery was a secret backdoor,
(02:04):
a digital version of leaving amessage under a park bench.
And StarWarsWebnet was not alone rebel, oh no, this was part
of a whole empire of theseseemingly harmless sites,
hundreds of them.
We're talking websites abouteverything from antique symbols
to the migratory patterns of thePatagonian toothfish.
Okay, I might be exaggeratingon those, but you get the idea
(02:27):
News, sports, weather, gaming,anything to look boring and
normal.
All of it designed to be acovert communication network for
spies and their sources.
But here's the kicker, and it'sa big one.
This intricate, supposedlysuper-secret web had a flaw, a
massive flaw, the kind of flawthat gets people killed, and it
(02:51):
did Dozens of them.
People who trusted the system,trusted the United States.
So today we're going to unpackthis.
How did this Rube Goldbergmachine of spycraft even work?
How in the galaxy did it getexposed?
And what happened when thisdigital Death Star finally blew
up in their faces.
(03:12):
Stick around, because this, myfriends, is one of those stories
that proves the old sayingGrandpa's him.
He's heard enough wild tales toknow that sometimes the truth
doesn't just bite, it takes awhole chunk out of you.
So let's set our time circuits.
We're back in the early 2000s,heading into the 2010s.
(03:33):
The internet isn't new anymore.
It's everywhere, and for spyagencies like the CIA, this is
like finding a shiny new toolkit.
But you know, every tool canalso be a potential banana peel
to slip on.
The big question was how do youchat securely with your assets,
your informants, your eyes andears on the ground and countries
(03:56):
that are basically running afull-time spy hunting contest?
The old school stuff chalkmarks on lampposts, a copy of
War and Peace left on aspecified park bench.
It had a certain romantic charm, I suppose.
But the digital world thatoffered speed a bit of now, you
see it, now you don't magic, orso they hoped.
A brand new cloak ofinvisibility.
(04:17):
The concept, you gotta admit,has a certain sneaky elegance.
Create a bunch of websites thatlook as exciting as watching
paint dry.
Your informant let's call himAgent X-Wing gets the secret
handshake.
Maybe he clicks on the thirdwiki from the left on
StarWarsWebnet or types theEmperor has no Clothes into a
(04:39):
search bar that isn't really asearch bar and poof, a hidden
chat room, opens up A place towhisper secrets, get new orders,
maybe upload those blurryphotos of missile silos.
It's like a digital speakeasyJoe sent me, but instead of Joe
it's Yoda sent me, and for atime it seems it worked.
(05:00):
Cia officers could be munchingon donuts in Virginia while
their sources were sendingdispatches from Tehran or
Beijing.
These weren't typical Americanspies living double lives abroad
that were using these sites dayto day.
These were mainly for talkingwith the locals, the brave or
maybe just hard-up folks who hadagreed to spy for the CIA.
(05:21):
Starwarswebnet I mean, can'tyou just see it Probably had a
scrolling marquee that says Along time ago, in a galaxy far,
far away.
The sheer, unadulteratednormalcy of it was supposed to
be its shield.
Who'd ever looked twice?
Or just Bob from accountingchecking his Star Wars for him
(05:43):
again?
Or just Bob from accountingchecking his Star Wars for him
again?
Little did they know Bob wasactually Boris downloading the
latest Rebel Alliance plans.
This sounds like a term that I'mfamiliar with in IT called
security by obscurity, and it isnever a good idea and rarely
successful.
And we're not talking a coupleof these sites like a
mom-and-pop spy shop.
(06:03):
The investigative reporters whoblew the lid off this folks at
Yahoo News and Reuters doingsome serious gum-show journalism
they uncovered that there werehundreds, a whole galaxy, of
these digital fronts.
But here's the thing aboutbuilding hundreds of anything
that's supposed to be supersecret and super separate.
(06:24):
It's really really hard not tomess it up, especially when the
bad guys on the other side arenot exactly the Keystone cops.
They've got their own techwizards and they are very
motivated and they weredefinitely looking.
You can bet your bottom dollaron that.
So you've got this huge networkof websites all trying to look
(06:46):
as innocent as a basket ofkittens.
Starwarswebnet is just ExhibitA.
But how does a system like this,a system that actual lives
depend on, just unravel?
Well, folks, it often comesdown to the usual suspects good
old human error and leaving atrail of digital breadcrumbs so
(07:07):
obvious Hansel and Gretel couldhave followed them home.
Word on the street.
The heavily red-acted,whispered-in-corridors kind of
street, is that the first alarmbells started ringing around
2009.
The Iranians, it seems caught alucky break.
Maybe a double agent spilledthe beans, maybe someone they
(07:28):
nabbed sang like a canary under,let's say, intense questioning.
The exact how is still a bitlike trying to see through
Bespin's clouds, but once theyhad a loose thread, they started
yanking Hard and what theyfound, apparently using nothing
fancier than some smart internetsearching, was that the CIA's
(07:49):
super secret websites weren'tquite as secret as they thought.
It turns out.
Building these digital hideouts, they made a few let's call
them oopsies big ones.
Think about it like this Ifyou're a spy agency setting up
safe houses, you probably don'twant to buy them all from the
same real estate agent, paintthem the same particular shade
(08:12):
of beige or, I don't know, havethem all on streets named after
characters from the Flintstones.
Digitally speaking, that's kindof what happened.
Researchers like the SharpCookies at Citizens Lab up in
Toronto later dissected what wasleft of the system, and they
pointed out some real headslappers.
For instance, it seems a wholebunch of these sites, despite
(08:36):
looking different and beingregistered to fake companies
that probably didn't even have arubber chicken for a CEO, were
hosted on servers with IPaddresses that were practically
next-door neighbors.
An IP address is like a mailingaddress for a website.
So if you found one secretwebsite and you noticed its
address is, say, 123 SecretAgent Lane, you might just check
(08:59):
out 124 and 125 Secret AgentLane and bingo, you found the
whole spy subdivision, notexactly Deep Cover, 101.
Then there were the digitalfootprints.
You know how every artist has acertain style.
Websites do too, under the hood, little bits of code.
How they handle security thingsyou don't see.
(09:21):
And it appears many of the CIAsites, despite the different
costumes Star Wars here, arecipe site there, shared some
of the same digital mannerisms.
So if Iranian counterintelflagged one, they could
basically tell their computersgo find me more sites that smell
like this one.
And the computers dutifully did.
(09:43):
Now, in reality, anytime you'rebuilding multiple websites, the
idea is to use and reuse code.
Quit reinventing the wheel.
If it works, you copy it andyou move on.
So it's not necessarily badpractice, but it's also not a
secure one.
It's kind of terrifying, isn'tit?
The internet designed toconnect everything was used to
(10:05):
connect all the CIA's dots forthem.
And if that wasn't bad enough,the story goes that once Iran
had cracked the code, they mighthave done a little
international show-and-tell,perhaps a friendly tip-off to
their pals in China.
Hey Xi, you won't believe whatthese crazy Americans are up to?
Check your Star Wars forums.
So then China, with their ownarmy of cyber sleuths, starts
(10:29):
poking around too.
So this system designed to be ashield for informants
StarWarsWebnet and all of itslittle buddies effectively
became a treasure map for thebad guys, a map leading straight
to some of the CIA's mostsensitive sources.
The irony it was thicker thanJabba the Hutt, all that
(10:50):
supposed sophistication, and itwas undone by what sounds like
some pretty basic slip-ups youcan almost hear the collective
DOH Echoing through the halls ofLangley and was undone by what
sounds like some pretty basicslip-ups you can almost hear the
collective D'oh echoing throughthe halls of Langley.
Now uncovering these flaws.
That wasn't just a fun littlecyber puzzle for the Iranians
and Chinese.
This wasn't about braggingrights at the next Hacker
(11:12):
Olympics.
This was deadly serious, andbetween 2010 and 2013, the bill
for this digital disaster camedue, and it was paid in the form
of human lives.
Once these counterintelligenceagencies could spot the CIA's
little network of websites, theycould watch them.
They could see who was visiting, maybe even read the mail, and
(11:36):
then they could pounce.
And let's be crystal clearabout who we're talking about
here.
These were primarily the CIAsources, their informants, not
usually the CIA Americanofficers with diplomatic
passports.
These were mainly the locals,iranians, chinese, folks from
other places who had taken theenormous risk of spying for
(12:00):
Uncle Sam.
Maybe they needed the money,maybe they hated the government,
maybe they just wanted to makea difference.
Whatever the reasons, they werenow out in the cold, digitally
speaking, with a big targetpainted on their backs.
The numbers that have come outare just sickening.
In China we're hearing that theCIA's informant network,
(12:24):
something that probably spentyears and millions building, was
pretty much wiped out.
Some reports say quote around30 people were caught, others
whispered, more than two dozen.
For many of them the end wasbrutal Execution, for others a
long, dark prison cell.
Can you even imagine thatmoment, the horror of realizing
(12:47):
that your secret lifeline, thatStar Wars website you thought
was so clever, was actuallyleading the wolves right to your
door?
And it wasn't much better.
In Iran, reports suggest anetwork of about 30 informants.
There were also rolled up Again, executions or long prison
sentences.
(13:08):
The CIA's ability to geton-the-ground intelligence from
these really critical, reallytough places torpedoed.
Years of dangerous work gonePoof.
Now I want to stress this Allthe public information points to
the loss of these local sources.
We haven't seen credible publicreports saying that American
(13:29):
CIA officers were directlycaptured or killed because of
these specific websites goingbelly up.
But that doesn't mean it wasn'ta terrifying time for them too,
and it certainly doesn't lessenthe tragedy for the informants
and their families.
It's not just the people lost,as horrific as that is, it's the
information they would haveprovided, it's the other
(13:49):
contacts they might have had andit's the ice cold message it
sends to anyone else in thosecountries who might even think
about helping the US.
The damage Huge, long lasting,a real black eye for the agency.
Of course there wereinvestigations inside the CIA.
You can bet there was a blamegame that would make a Super
(14:10):
Bowl pointing match look tame.
Was it sloppy tradecraft?
Did the contractors who builtthese sites cut corners?
Did they just underestimate howsmart the other guys were?
Probably a bit of all of theabove.
But for families of those whovanished, for the case officers
who recruited and ran theseresources, the why probably
(14:31):
doesn't offer much comfort.
Starwarswebnet, intended as acloak of invisibility, became a
shroud.
So when we talk about whatsecrets got out in this whole
mess.
It wasn't necessarily, you know, the launch coats for a nuke or
the Colonel's secret friedchicken recipe, but who knows
what those informants might havehad.
The biggest glaring neon signsecret that got blown wide open
(14:55):
was the method itself the factthat the CIA was running this
global network of normal-lookingwebsites with StarWarsWebnet as
the poster child forintergalactic espionage gone
wrong.
That was the real kicker.
It was like showing your entireplaybook to the opposing team.
Hey guys, look for websitesthat seem a bit too interested
(15:17):
in the weather in Minsk or havesurprisingly active forums for,
I don't know, competitiveG-sculpting.
It basically told everyadversary on the planet what to
start hunting for.
And those technical blunders wetalked about, the IP addresses,
all huddled together likepenguins in winter.
The shared digital footprints.
When those details eventuallysurfaced, thanks to journalists
(15:40):
and researchers, that wasanother layer of exposure.
It was a free master class inhow not to build your super
secret spy network.
You can almost hear the otherspy agencies scribbling notes.
Okay, note to self, don't dothat.
Were other specific pieces ofintel lost?
Oh you betcha, if an informantwas caught, anything they knew
(16:02):
that they hadn't passed on yetwas suddenly up for grabs.
If messages were being readbefore the CIA pulled the plug
on this Rube Goldberg machine,that info was compromised too.
But the nitty-gritty details ofwhat specific intelligence
reports went astray, that'slocked up tighter than Fort Knox
and frankly, we, the public,are probably better off not
(16:24):
knowing some of that.
What's absolutely clear is thestrategic gut punch Losing that
many assets in places like Iranand China, that's not like
misplacing your car keys.
That's like losing the wholecar, the garage it was in and
the map to your destination.
It created huge blind spots inthe intelligence gathering,
(16:46):
blind spots that could takeyears, maybe even decades, to
fix, if they ever get fullyfixed.
The lessons learned, or, let'sbe optimistic, the lessons that
should have been tattooed on theinside of some eyelids at
Langley.
First, digital security in thespy game is like running on a
treadmill that's constantlyspeeding up while someone throws
banana peels at you.
(17:06):
What's genius today is a gapingvulnerability tomorrow.
Second, putting all your eggsin one technological basket,
especially if that basket hasholes in it, is just asking for
trouble.
And third, the basics folks,good old operational security.
And third, the basics folks,good old operational security.
Opsec for those in the know,not leaving obvious patterns,
(17:28):
making sure your secret stuff isactually, you know, secret and
separate.
That's just as vital withlaptops as it was with lipstick
cameras.
This whole saga was a brutal,expensive wake-up call.
It made the CIA rethink howthey talk to people in dark
alleys, digitally speaking, andit was a stark reminder that
(17:52):
your opponents are not stupid,they're smart, they're motivated
.
And they've got the internettoo.
The Star Wars deception soslick on paper, so Bond.
James Bond turned out to be atrap set by their own hands.
Turned out to be a trap set bytheir own hands.
While initial reports saidhundreds, later, detailed
analysis by groups like CitizenLab actually identified a
network of nearly 900 of thesesites 885 to be precise.
(18:15):
Talk about a sprawling and, asit turned out, dangerously
flawed operation.
Now was the CIA the only oneplaying this game of digital
dress-up?
Hardly We've seen reports justas here about German
intelligence running hundreds offake social media accounts to
keep tabs on extremist groupsand Russian intelligence.
(18:36):
They've been caught red-handedcreating fake websites,
sometimes even pretending to bethe CIA fake websites, sometimes
even pretending to be the CIA,to fish for information or
target activists.
So the idea of using a digitalsmokescreen is not unique.
What was perhaps unique aboutthe CIA's mess was the sheer
scale of this particularcommunication system and how
(18:58):
spectacularly it failed.
And while intelligence agenciesare constantly engaged in a cat
and mouse game online and manyoperations by various countries
get exposed over time, the CIA'swebsite catastrophe stands out.
It wasn't just about a websitebeing identified.
It was about a fundamental flawin an entire system designed to
(19:19):
protect people, which insteadled them into a trap.
That direct link to the loss ofso many lives is what makes
this a particularly grim chapterin digital espionage.
And that, my friends, is themind-boggling story of
StarWarsWebnet and the CIA'sgreat website Wipeout, a real
(19:40):
lesson in how, in the world ofshadows and secrets, a tiny
loose thread can unravel thewhole darn sweater.
What seemed like a brilliantdigital disguise ended up being
a great big yoo-hoo over here tothe very people they were
trying to hide from Makes youwonder, doesn't it, what other
corners of the internet arecurrently playing a double life,
and it definitely makes youthink about the incredible risks
(20:02):
people take in that shadowworld and the massive
responsibility of the agencieswho sent them there.
This has been Grandpa's Hen.
I'm your host, len Dimmick.
Join me next time, won't you?
We'll dig up another storythat'll make you say you're
kidding me.
Until then, keep those eyesopen, question everything and
(20:23):
maybe, just maybe, be a littlesuspicious of that incredibly
detailed fan forum forcompetitive thumb wrestling.
You never know.
And now to comment on baseball.
(20:43):
I have three grandchildren andtheir names are William Paige
Connor.
William, do you play baseball?
Speaker 2 (20:52):
Um, yeah.
Speaker 1 (20:53):
How old are you?
Speaker 2 (20:55):
I'm seven, turning eight next month.
Speaker 1 (20:58):
Okay, and what baseball do you play?
Speaker 2 (21:01):
Machine pitch.
Speaker 1 (21:02):
Machine pitch.
Speaker 2 (21:03):
Second year Paige, have you play?
Speaker 1 (21:04):
baseball.
Speaker 2 (21:05):
Um, I did last year, but not this.
Speaker 1 (21:07):
And last year was T-ball or coach pitch.
Speaker 2 (21:09):
I don't know, probably T-ball, I think.
Speaker 1 (21:12):
Was it T-ball?
Did you hit it off the?
Did you hit it off a stick ordid the coach pitch it?
Speaker 2 (21:17):
The coach pitch.
So it was coach pitch, allright.
Speaker 1 (21:20):
So, william, what is it you like?
Do you like, first of all?
Do you like baseball?
Yes, okay, you're related to me.
Then, paige, do you likebaseball?
Yes, how come you didn't playthis year?
Um, I don't know.
Connor, do you like baseball?
Speaker 2 (21:35):
Well, I kind of like baseball.
Speaker 1 (21:37):
You kind of like baseball.
What do you like about baseball, Connor?
Speaker 2 (21:41):
Eh watching.
Speaker 1 (21:42):
You like watching baseball?
Speaker 2 (21:43):
But you played, but you had.
Connor is playing this year.
Speaker 1 (21:49):
Are you playing baseball this year?
Speaker 2 (21:51):
Yeah.
Speaker 1 (21:51):
Oh, do you like throwing?
Speaker 2 (21:53):
Paige.
I thought he was going to say Ilike the treats.
Speaker 1 (21:57):
Okay, william, what is it you like about baseball?
Speaker 2 (22:01):
I don't know, I just like it.
I have no idea why I like it.
I have no idea why Everybodyshush.
I just started playing and nowI like it.
Can everybody shush why?
Because I need to hearsomething.
Speaker 1 (22:11):
What.
Speaker 2 (22:11):
Like the belly thingy .
What belly thingy?
I need to hear it.
Speaker 1 (22:18):
The thing making all the noise?
It's you rocking the chair.
Speaker 2 (22:21):
Yeah, no, it's not.
No, the bell Last thingy Holdon, alright.
Speaker 1 (22:28):
What else should we say about baseball?
Um oh, when I was a little,when I was a little boy, I was
about Connor's age and we wereplaying baseball when I lived on
an island and they told meyou're the catcher.
And I said what does thecatcher do?
And they said just go standbehind that guy and catch the
(22:48):
ball.
So they threw the ball and Iwent to catch it and I got
smacked in the head with a batand I had a big old bump on my
head and I thought this game'sfun.
It's kind of dumb, huh.
Speaker 2 (23:05):
Yeah, my favorite base, my favorite two places, is
to play outfield and first.
Speaker 1 (23:13):
How come you like playing outfield and first.
Speaker 2 (23:16):
Because first I'm really good at catching so I can
catch a couple couple so Icould catch throws and um in
outfield.
I can run a lot and I have tolike run to more places.
I have to run around in thefield and get to the first and
(23:43):
pass it to first.
Speaker 1 (23:46):
Okay, is there anything you don't like about
baseball?
No, any other baseball storiesyou guys want to share?
Yes, what?
Speaker 2 (23:56):
More batting.
Speaker 1 (23:57):
More batting, batting fun.
Yes, you hit the ball far.
Yes, like one Like one.
Yes, you hit the ball far.
Yes, like one.
Speaker 2 (24:05):
Like one yes.
Speaker 1 (24:06):
Okay, what's the best advice you would give somebody
who wants to learn how to playbaseball?
Speaker 2 (24:11):
You've got to start practicing to catch.
Speaker 1 (24:14):
You've got to start practicing catching.
Yes, so that's what GrandmaKate used to say William, I want
to play baseball.
That's what you tell her.
Start practicing your catching,all right, thank you.
You might say that we'vecovered the highs and lows of
(24:36):
America in this episode.
First we had the failures ofthe CIA on maintaining secrecy,
and then we had commentary fromthe young generation about
baseball, america's nationalpastime.
Thank you for listening toGrandpa.
Is Him the fun podcast where wetalk about everything and
nothing.
Remember, if you like the show,please comment, let us know
(25:00):
what you do and don't like, andbe sure, and subscribe and
follow us and tell a friend.
Welcome to Grandpa's Hymn.
I'm your host, lynn Dimmick,and this is the podcast where we
peek behind the official story,lift up the rug and see what
kind of unbelievable truths areswept underneath.
You know the kind of storiesthat make you lean back and say,
hold on, did that really happen?
Because, folks, let me tell you, the world is a whole lot
(00:32):
weirder and sometimes a heck ofa lot more dangerous than any
spy movie you've ever seen.
Today we've got a doozy.
We're diving headfirst into atale where the CIA yes, that CIA
decided that the best way totalk to its secrets agents was
through, of all things, a StarWars fan website.
(00:54):
That's right, starwarswebnet.
And let me tell you, the forcewas not with them on this one.
It all went spectacularly,catastrophically wrong.
So picture this, if you will.
You're a CIA informant.
You're not exactly sippinglattes in a comfy office.
(01:15):
You're deep behind enemy lines,as they say.
Your actual life hangs by athread, and that thread is
secrecy.
So how do you get your topsecret info back to the folks in
Langley?
Your actual life hangs by athread, and that thread is
secrecy.
So how do you get your topsecret info back to the folks on
Langley?
Do you use invisible ink, acarrier pigeon with a tiny
(01:37):
fedora?
Nope, you log on to a websiteand not just any old gov address
.
We're talking StarWarsWebnet, adigital hangout plastered with
pictures of Yoda.
Maybe some heated debates aboutwhether Greedo really shot
first, Innocent as an Ewok,right?
Well, not quite.
Buried under all that Star Warsgeekery was a secret backdoor,
(02:04):
a digital version of leaving amessage under a park bench.
And StarWarsWebnet was not alone rebel, oh no, this was part
of a whole empire of theseseemingly harmless sites,
hundreds of them.
We're talking websites abouteverything from antique symbols
to the migratory patterns of thePatagonian toothfish.
Okay, I might be exaggeratingon those, but you get the idea
(02:27):
News, sports, weather, gaming,anything to look boring and
normal.
All of it designed to be acovert communication network for
spies and their sources.
But here's the kicker, and it'sa big one.
This intricate, supposedlysuper-secret web had a flaw, a
massive flaw, the kind of flawthat gets people killed, and it
(02:51):
did Dozens of them.
People who trusted the system,trusted the United States.
So today we're going to unpackthis.
How did this Rube Goldbergmachine of spycraft even work?
How in the galaxy did it getexposed?
And what happened when thisdigital Death Star finally blew
up in their faces.
(03:12):
Stick around, because this, myfriends, is one of those stories
that proves the old sayingGrandpa's him.
He's heard enough wild tales toknow that sometimes the truth
doesn't just bite, it takes awhole chunk out of you.
So let's set our time circuits.
We're back in the early 2000s,heading into the 2010s.
(03:33):
The internet isn't new anymore.
It's everywhere, and for spyagencies like the CIA, this is
like finding a shiny new toolkit.
But you know, every tool canalso be a potential banana peel
to slip on.
The big question was how do youchat securely with your assets,
your informants, your eyes andears on the ground and countries
(03:56):
that are basically running afull-time spy hunting contest?
The old school stuff chalkmarks on lampposts, a copy of
War and Peace left on aspecified park bench.
It had a certain romantic charm, I suppose.
But the digital world thatoffered speed a bit of now, you
see it, now you don't magic, orso they hoped.
A brand new cloak ofinvisibility.
(04:17):
The concept, you gotta admit,has a certain sneaky elegance.
Create a bunch of websites thatlook as exciting as watching
paint dry.
Your informant let's call himAgent X-Wing gets the secret
handshake.
Maybe he clicks on the thirdwiki from the left on
StarWarsWebnet or types theEmperor has no Clothes into a
(04:39):
search bar that isn't really asearch bar and poof, a hidden
chat room, opens up A place towhisper secrets, get new orders,
maybe upload those blurryphotos of missile silos.
It's like a digital speakeasyJoe sent me, but instead of Joe
it's Yoda sent me, and for atime it seems it worked.
(05:00):
Cia officers could be munchingon donuts in Virginia while
their sources were sendingdispatches from Tehran or
Beijing.
These weren't typical Americanspies living double lives abroad
that were using these sites dayto day.
These were mainly for talkingwith the locals, the brave or
maybe just hard-up folks who hadagreed to spy for the CIA.
(05:21):
Starwarswebnet I mean, can'tyou just see it Probably had a
scrolling marquee that says Along time ago, in a galaxy far,
far away.
The sheer, unadulteratednormalcy of it was supposed to
be its shield.
Who'd ever looked twice?
Or just Bob from accountingchecking his Star Wars for him
(05:43):
again?
Or just Bob from accountingchecking his Star Wars for him
again?
Little did they know Bob wasactually Boris downloading the
latest Rebel Alliance plans.
This sounds like a term that I'mfamiliar with in IT called
security by obscurity, and it isnever a good idea and rarely
successful.
And we're not talking a coupleof these sites like a
mom-and-pop spy shop.
(06:03):
The investigative reporters whoblew the lid off this folks at
Yahoo News and Reuters doingsome serious gum-show journalism
they uncovered that there werehundreds, a whole galaxy, of
these digital fronts.
But here's the thing aboutbuilding hundreds of anything
that's supposed to be supersecret and super separate.
(06:24):
It's really really hard not tomess it up, especially when the
bad guys on the other side arenot exactly the Keystone cops.
They've got their own techwizards and they are very
motivated and they weredefinitely looking.
You can bet your bottom dollaron that.
So you've got this huge networkof websites all trying to look
(06:46):
as innocent as a basket ofkittens.
Starwarswebnet is just ExhibitA.
But how does a system like this,a system that actual lives
depend on, just unravel?
Well, folks, it often comesdown to the usual suspects good
old human error and leaving atrail of digital breadcrumbs so
(07:07):
obvious Hansel and Gretel couldhave followed them home.
Word on the street.
The heavily red-acted,whispered-in-corridors kind of
street, is that the first alarmbells started ringing around
2009.
The Iranians, it seems caught alucky break.
Maybe a double agent spilledthe beans, maybe someone they
(07:28):
nabbed sang like a canary under,let's say, intense questioning.
The exact how is still a bitlike trying to see through
Bespin's clouds, but once theyhad a loose thread, they started
yanking Hard and what theyfound, apparently using nothing
fancier than some smart internetsearching, was that the CIA's
(07:49):
super secret websites weren'tquite as secret as they thought.
It turns out.
Building these digital hideouts, they made a few let's call
them oopsies big ones.
Think about it like this Ifyou're a spy agency setting up
safe houses, you probably don'twant to buy them all from the
same real estate agent, paintthem the same particular shade
(08:12):
of beige or, I don't know, havethem all on streets named after
characters from the Flintstones.
Digitally speaking, that's kindof what happened.
Researchers like the SharpCookies at Citizens Lab up in
Toronto later dissected what wasleft of the system, and they
pointed out some real headslappers.
For instance, it seems a wholebunch of these sites, despite
(08:36):
looking different and beingregistered to fake companies
that probably didn't even have arubber chicken for a CEO, were
hosted on servers with IPaddresses that were practically
next-door neighbors.
An IP address is like a mailingaddress for a website.
So if you found one secretwebsite and you noticed its
address is, say, 123 SecretAgent Lane, you might just check
(08:59):
out 124 and 125 Secret AgentLane and bingo, you found the
whole spy subdivision, notexactly Deep Cover, 101.
Then there were the digitalfootprints.
You know how every artist has acertain style.
Websites do too, under the hood, little bits of code.
How they handle security thingsyou don't see.
(09:21):
And it appears many of the CIAsites, despite the different
costumes Star Wars here, arecipe site there, shared some
of the same digital mannerisms.
So if Iranian counterintelflagged one, they could
basically tell their computersgo find me more sites that smell
like this one.
And the computers dutifully did.
(09:43):
Now, in reality, anytime you'rebuilding multiple websites, the
idea is to use and reuse code.
Quit reinventing the wheel.
If it works, you copy it andyou move on.
So it's not necessarily badpractice, but it's also not a
secure one.
It's kind of terrifying, isn'tit?
The internet designed toconnect everything was used to
(10:05):
connect all the CIA's dots forthem.
And if that wasn't bad enough,the story goes that once Iran
had cracked the code, they mighthave done a little
international show-and-tell,perhaps a friendly tip-off to
their pals in China.
Hey Xi, you won't believe whatthese crazy Americans are up to?
Check your Star Wars forums.
So then China, with their ownarmy of cyber sleuths, starts
(10:29):
poking around too.
So this system designed to be ashield for informants
StarWarsWebnet and all of itslittle buddies effectively
became a treasure map for thebad guys, a map leading straight
to some of the CIA's mostsensitive sources.
The irony it was thicker thanJabba the Hutt, all that
(10:50):
supposed sophistication, and itwas undone by what sounds like
some pretty basic slip-ups youcan almost hear the collective
DOH Echoing through the halls ofLangley and was undone by what
sounds like some pretty basicslip-ups you can almost hear the
collective D'oh echoing throughthe halls of Langley.
Now uncovering these flaws.
That wasn't just a fun littlecyber puzzle for the Iranians
and Chinese.
This wasn't about braggingrights at the next Hacker
(11:12):
Olympics.
This was deadly serious, andbetween 2010 and 2013, the bill
for this digital disaster camedue, and it was paid in the form
of human lives.
Once these counterintelligenceagencies could spot the CIA's
little network of websites, theycould watch them.
They could see who was visiting, maybe even read the mail, and
(11:36):
then they could pounce.
And let's be crystal clearabout who we're talking about
here.
These were primarily the CIAsources, their informants, not
usually the CIA Americanofficers with diplomatic
passports.
These were mainly the locals,iranians, chinese, folks from
other places who had taken theenormous risk of spying for
(12:00):
Uncle Sam.
Maybe they needed the money,maybe they hated the government,
maybe they just wanted to makea difference.
Whatever the reasons, they werenow out in the cold, digitally
speaking, with a big targetpainted on their backs.
The numbers that have come outare just sickening.
In China we're hearing that theCIA's informant network,
(12:24):
something that probably spentyears and millions building, was
pretty much wiped out.
Some reports say quote around30 people were caught, others
whispered, more than two dozen.
For many of them the end wasbrutal Execution, for others a
long, dark prison cell.
Can you even imagine thatmoment, the horror of realizing
(12:47):
that your secret lifeline, thatStar Wars website you thought
was so clever, was actuallyleading the wolves right to your
door?
And it wasn't much better.
In Iran, reports suggest anetwork of about 30 informants.
There were also rolled up Again, executions or long prison
sentences.
(13:08):
The CIA's ability to geton-the-ground intelligence from
these really critical, reallytough places torpedoed.
Years of dangerous work gonePoof.
Now I want to stress this Allthe public information points to
the loss of these local sources.
We haven't seen credible publicreports saying that American
(13:29):
CIA officers were directlycaptured or killed because of
these specific websites goingbelly up.
But that doesn't mean it wasn'ta terrifying time for them too,
and it certainly doesn't lessenthe tragedy for the informants
and their families.
It's not just the people lost,as horrific as that is, it's the
information they would haveprovided, it's the other
(13:49):
contacts they might have had andit's the ice cold message it
sends to anyone else in thosecountries who might even think
about helping the US.
The damage Huge, long lasting,a real black eye for the agency.
Of course there wereinvestigations inside the CIA.
You can bet there was a blamegame that would make a Super
(14:10):
Bowl pointing match look tame.
Was it sloppy tradecraft?
Did the contractors who builtthese sites cut corners?
Did they just underestimate howsmart the other guys were?
Probably a bit of all of theabove.
But for families of those whovanished, for the case officers
who recruited and ran theseresources, the why probably
(14:31):
doesn't offer much comfort.
Starwarswebnet, intended as acloak of invisibility, became a
shroud.
So when we talk about whatsecrets got out in this whole
mess.
It wasn't necessarily, you know, the launch coats for a nuke or
the Colonel's secret friedchicken recipe, but who knows
what those informants might havehad.
The biggest glaring neon signsecret that got blown wide open
(14:55):
was the method itself the factthat the CIA was running this
global network of normal-lookingwebsites with StarWarsWebnet as
the poster child forintergalactic espionage gone
wrong.
That was the real kicker.
It was like showing your entireplaybook to the opposing team.
Hey guys, look for websitesthat seem a bit too interested
(15:17):
in the weather in Minsk or havesurprisingly active forums for,
I don't know, competitiveG-sculpting.
It basically told everyadversary on the planet what to
start hunting for.
And those technical blunders wetalked about, the IP addresses,
all huddled together likepenguins in winter.
The shared digital footprints.
When those details eventuallysurfaced, thanks to journalists
(15:40):
and researchers, that wasanother layer of exposure.
It was a free master class inhow not to build your super
secret spy network.
You can almost hear the otherspy agencies scribbling notes.
Okay, note to self, don't dothat.
Were other specific pieces ofintel lost?
Oh you betcha, if an informantwas caught, anything they knew
(16:02):
that they hadn't passed on yetwas suddenly up for grabs.
If messages were being readbefore the CIA pulled the plug
on this Rube Goldberg machine,that info was compromised too.
But the nitty-gritty details ofwhat specific intelligence
reports went astray, that'slocked up tighter than Fort Knox
and frankly, we, the public,are probably better off not
(16:24):
knowing some of that.
What's absolutely clear is thestrategic gut punch Losing that
many assets in places like Iranand China, that's not like
misplacing your car keys.
That's like losing the wholecar, the garage it was in and
the map to your destination.
It created huge blind spots inthe intelligence gathering,
(16:46):
blind spots that could takeyears, maybe even decades, to
fix, if they ever get fullyfixed.
The lessons learned, or, let'sbe optimistic, the lessons that
should have been tattooed on theinside of some eyelids at
Langley.
First, digital security in thespy game is like running on a
treadmill that's constantlyspeeding up while someone throws
banana peels at you.
(17:06):
What's genius today is a gapingvulnerability tomorrow.
Second, putting all your eggsin one technological basket,
especially if that basket hasholes in it, is just asking for
trouble.
And third, the basics folks,good old operational security.
And third, the basics folks,good old operational security.
Opsec for those in the know,not leaving obvious patterns,
(17:28):
making sure your secret stuff isactually, you know, secret and
separate.
That's just as vital withlaptops as it was with lipstick
cameras.
This whole saga was a brutal,expensive wake-up call.
It made the CIA rethink howthey talk to people in dark
alleys, digitally speaking, andit was a stark reminder that
(17:52):
your opponents are not stupid,they're smart, they're motivated
.
And they've got the internettoo.
The Star Wars deception soslick on paper, so Bond.
James Bond turned out to be atrap set by their own hands.
Turned out to be a trap set bytheir own hands.
While initial reports saidhundreds, later, detailed
analysis by groups like CitizenLab actually identified a
network of nearly 900 of thesesites 885 to be precise.
(18:15):
Talk about a sprawling and, asit turned out, dangerously
flawed operation.
Now was the CIA the only oneplaying this game of digital
dress-up?
Hardly We've seen reports justas here about German
intelligence running hundreds offake social media accounts to
keep tabs on extremist groupsand Russian intelligence.
(18:36):
They've been caught red-handedcreating fake websites,
sometimes even pretending to bethe CIA fake websites, sometimes
even pretending to be the CIA,to fish for information or
target activists.
So the idea of using a digitalsmokescreen is not unique.
What was perhaps unique aboutthe CIA's mess was the sheer
scale of this particularcommunication system and how
(18:58):
spectacularly it failed.
And while intelligence agenciesare constantly engaged in a cat
and mouse game online and manyoperations by various countries
get exposed over time, the CIA'swebsite catastrophe stands out.
It wasn't just about a websitebeing identified.
It was about a fundamental flawin an entire system designed to
(19:19):
protect people, which insteadled them into a trap.
That direct link to the loss ofso many lives is what makes
this a particularly grim chapterin digital espionage.
And that, my friends, is themind-boggling story of
StarWarsWebnet and the CIA'sgreat website Wipeout, a real
(19:40):
lesson in how, in the world ofshadows and secrets, a tiny
loose thread can unravel thewhole darn sweater.
What seemed like a brilliantdigital disguise ended up being
a great big yoo-hoo over here tothe very people they were
trying to hide from Makes youwonder, doesn't it, what other
corners of the internet arecurrently playing a double life,
and it definitely makes youthink about the incredible risks
(20:02):
people take in that shadowworld and the massive
responsibility of the agencieswho sent them there.
This has been Grandpa's Hen.
I'm your host, len Dimmick.
Join me next time, won't you?
We'll dig up another storythat'll make you say you're
kidding me.
Until then, keep those eyesopen, question everything and
(20:23):
maybe, just maybe, be a littlesuspicious of that incredibly
detailed fan forum forcompetitive thumb wrestling.
You never know.
And now to comment on baseball.
(20:43):
I have three grandchildren andtheir names are William Paige
Connor.
William, do you play baseball?
Speaker 2 (20:52):
Um, yeah.
Speaker 1 (20:53):
How old are you?
Speaker 2 (20:55):
I'm seven, turning eight next month.
Speaker 1 (20:58):
Okay, and what baseball do you play?
Speaker 2 (21:01):
Machine pitch.
Speaker 1 (21:02):
Machine pitch.
Speaker 2 (21:03):
Second year Paige, have you play?
Speaker 1 (21:04):
baseball.
Speaker 2 (21:05):
Um, I did last year, but not this.
Speaker 1 (21:07):
And last year was T-ball or coach pitch.
Speaker 2 (21:09):
I don't know, probably T-ball, I think.
Speaker 1 (21:12):
Was it T-ball?
Did you hit it off the?
Did you hit it off a stick ordid the coach pitch it?
Speaker 2 (21:17):
The coach pitch.
So it was coach pitch, allright.
Speaker 1 (21:20):
So, william, what is it you like?
Do you like, first of all?
Do you like baseball?
Yes, okay, you're related to me.
Then, paige, do you likebaseball?
Yes, how come you didn't playthis year?
Um, I don't know.
Connor, do you like baseball?
Speaker 2 (21:35):
Well, I kind of like baseball.
Speaker 1 (21:37):
You kind of like baseball.
What do you like about baseball, Connor?
Speaker 2 (21:41):
Eh watching.
Speaker 1 (21:42):
You like watching baseball?
Speaker 2 (21:43):
But you played, but you had.
Connor is playing this year.
Speaker 1 (21:49):
Are you playing baseball this year?
Speaker 2 (21:51):
Yeah.
Speaker 1 (21:51):
Oh, do you like throwing?
Speaker 2 (21:53):
Paige.
I thought he was going to say Ilike the treats.
Speaker 1 (21:57):
Okay, william, what is it you like about baseball?
Speaker 2 (22:01):
I don't know, I just like it.
I have no idea why I like it.
I have no idea why Everybodyshush.
I just started playing and nowI like it.
Can everybody shush why?
Because I need to hearsomething.
Speaker 1 (22:11):
What.
Speaker 2 (22:11):
Like the belly thingy .
What belly thingy?
I need to hear it.
Speaker 1 (22:18):
The thing making all the noise?
It's you rocking the chair.
Speaker 2 (22:21):
Yeah, no, it's not.
No, the bell Last thingy Holdon, alright.
Speaker 1 (22:28):
What else should we say about baseball?
Um oh, when I was a little,when I was a little boy, I was
about Connor's age and we wereplaying baseball when I lived on
an island and they told meyou're the catcher.
And I said what does thecatcher do?
And they said just go standbehind that guy and catch the
(22:48):
ball.
So they threw the ball and Iwent to catch it and I got
smacked in the head with a batand I had a big old bump on my
head and I thought this game'sfun.
It's kind of dumb, huh.
Speaker 2 (23:05):
Yeah, my favorite base, my favorite two places, is
to play outfield and first.
Speaker 1 (23:13):
How come you like playing outfield and first.
Speaker 2 (23:16):
Because first I'm really good at catching so I can
catch a couple couple so Icould catch throws and um in
outfield.
I can run a lot and I have tolike run to more places.
I have to run around in thefield and get to the first and
(23:43):
pass it to first.
Speaker 1 (23:46):
Okay, is there anything you don't like about
baseball?
No, any other baseball storiesyou guys want to share?
Yes, what?
Speaker 2 (23:56):
More batting.
Speaker 1 (23:57):
More batting, batting fun.
Yes, you hit the ball far.
Yes, like one Like one.
Yes, you hit the ball far.
Yes, like one.
Speaker 2 (24:05):
Like one yes.
Speaker 1 (24:06):
Okay, what's the best advice you would give somebody
who wants to learn how to playbaseball?
Speaker 2 (24:11):
You've got to start practicing to catch.
Speaker 1 (24:14):
You've got to start practicing catching.
Yes, so that's what GrandmaKate used to say William, I want
to play baseball.
That's what you tell her.
Start practicing your catching,all right, thank you.
You might say that we'vecovered the highs and lows of
(24:36):
America in this episode.
First we had the failures ofthe CIA on maintaining secrecy,
and then we had commentary fromthe young generation about
baseball, america's nationalpastime.
Thank you for listening toGrandpa.
Is Him the fun podcast where wetalk about everything and
nothing.
Remember, if you like the show,please comment, let us know
(25:00):
what you do and don't like, andbe sure, and subscribe and
follow us and tell a friend.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.