The CIA secretly operated a fake Star Wars fan website and dozens of other online pages to communicate with undercover agents around the world, according to new revelations by independent security researcher Ciro Santilli. The discovery, confirmed by cybersecurity experts, sheds new light on the agency's digital tradecraft in the early 2000s-and its catastrophic failures that led to deadly intelligence breaches in Iran and China.
Among the most notable domains uncovered was StarWarsWeb.net, a seemingly innocuous fan site featuring photos of R2D2, C-3PO, and advertisements for Lego sets and Star Wars video games. The site, now defunct and redirecting to the CIA's homepage, was once embedded with a covert messaging platform used by field agents. "The simplest way to put it - yes, the CIA absolutely had a Star Wars fan website with a secretly embedded communication system," cybersecurity researcher Zach Edwards told 404 Media.
Santilli located the site after combing through thousands of historic domain names, HTML code, and IP blocks, eventually identifying hundreds of pages likely used by the CIA. Using Tor bots to bypass Wayback Machine's limits, he painstakingly reviewed the archived code, noting suspicious terms like "password," "message," and "compose" embedded within basic search fields.
Other fake CIA-operated sites included fan pages for Johnny Carson, Brazilian music, extreme sports, and niche cultural interests such as Iranian soccer and Russian wrestling. Each page reportedly served a single asset to prevent wider compromise if an informant was caught.
But the system's vulnerabilities were profound. According to a 2018 Yahoo News investigation, Iranian authorities traced and dismantled the network in 2011 after discovering patterns among sites with sequential IP addresses and shared hosting servers. Bill Marczak of Citizen Lab said the design "stuck out like a sore thumb." In China, more than two dozen CIA sources were executed between 2011 and 2012.
"It reveals a much larger number of websites, it gives a broader understanding of the CIA's interests over time," Santilli said. "Unsurprisingly, the Middle East comes on top."
The CIA reportedly did not realize the network had been compromised until 2013, when agents began disappearing. The agency scrambled to extract and resettle surviving operatives, while quietly dismantling the communication system.
Internal reviews followed. A 2021 CIA memo criticized officers for poor operational security, overtrust in informants, and placing mission objectives ahead of long-term safety. Still, Reuters reported that Langley knowingly used mass-produced pages only for low-level or partially vetted assets. High-value operatives were given more secure, custom-built tools.
While the CIA declined comment, the House and Senate intelligence committees held closed-door hearings after the collapse, calling the breach "incredibly damaging," according to former officials.
Asked why he pursued the project, Santilli said his interest in spy fiction and global surveillance drew him in. "I really hope we're right about this," he wrote. "It's just cool to be able to go to the Wayback Machine and see a relic spy gadget 'live' in all its glory."
