The sites were mainly a way for CIA assets abroad to access covert communication applications. Only, these were hidden using Javascript, Adobe Flash, or CGI artifacts that when interacted with in certain ways helped load the communications network. The security flaws inherent in Adobe Flash were known all the way back in 2010.

The agency reportedly made it far too easy to discover and infiltrate these networks. The sites used blocks of sequential IP addresses, many registered to fake U.S.-based companies. The websites had already been taken down by the time the researchers started investigating, but using the archived records, Citizen Lab determined that when these sites were online, even a “motivated amateur sleuth could have mapped the CIA network and attributed it to the U.S. government.”


Citizen Lab said in their statement they decided not to release a full report as that could put more CIA assets in harm’s way, especially because these websites still connect to past—and potentially present—agency informants or spies.

Gizmodo reached out to the CIA for comment but we did not immediately hear back.

This latest report makes a particularly dark incident in the CIA’s past even darker, but you likely won’t find it mentioned on the CIA’s propagandistic foray into podcasts.