One mistake by the US' notorious intelligence hub, the CIA, has exposed intelligence agents operating in China and Iran, as the agency used hundreds of websites for secret communications that were revealed to be defective. 

According to new research conducted by security experts at the Citizen Lab at the University of Toronto, the defects could have been easily identified by an "amateur" after the experts investigated the matter following a tip from reporter Joel Schectmann at Reuters that concerned the imprisonment of a CIA asset in Iran after using what Citizen Lab later determined was a “fatally insecure network."

Citizen Lab resorted to just one website and publicly available material to identify “with high confidence” a network of 885 websites reportedly used by the CIA, many of which are concerned with news, weather, and healthcare, adding, “Knowing only one website, it is likely that while the websites were online, a motivated amateur sleuth could have mapped out the CIA network and attributed it to the US government."

Surprisingly, and although the websites were active between 2004 and 2013 and probably not used by the CIA recently, Citizen Lab said a subset of the websites were still linked to active intelligence employees or assets, including a foreign contractor and a current state department employee. As this is considered a significant reveal, Citizen Lab rejected the idea of making details of its findings available to the public to prevent posing a risk to current CIA employees. 

The probe could be traced back to 2018 when Yahoo News reporters Jenna McLaughlin and Zach Dorfman reported a breach, allegedly by Iran and China, of a communication system used by the agency. 

The group's discovery casts doubts on security measures within the agency known as the "first line of defense for the United States" as it describes itself on the official website. Citizen Lab commented that “the reckless construction of this infrastructure by the CIA reportedly led directly to the identification and execution of assets, and undoubtedly risked the lives of countless other individuals. Our hope is that this research and our limited disclosure process will lead to accountability for this reckless behavior.”

In response, CIA spokesperson Tammy Kupperman Thorp said, “CIA takes its obligations to protect the people who work with us extremely seriously and we know that many of them do so bravely, at great personal risk. The notion that CIA would not work as hard as possible to safeguard them is false.”