Founder of https://viewdns.info/ here (used by and mentioned in the article a bit). If anyone is doing this kind of research, feel free to reach out at feedback@viewdns.info as I'm more than happy to extend some free API credits etc!
Come to think of it, maybe it isn’t such a good plan to give every one of your informants a unique domain to communicate on. Pretty much any government these days can survey all the internet traffic in their country. Wouldn’t it be a little tiny bit suspicious that, say, an Iranian sports news site is frequented by like 1-2 people in the whole of Iran?
The entire premise of this covert messaging system was flawed at the outset, and it’s just tragic that dozens of people lost their lives due to a system this poorly thought out.
Exactly. The best bet is to use a service that is used by a huge number of users and try to hide your traffic in it. I wonder why they didn't do gmail -> gmail for example. Maybe there are good reasons.
China is a special case in that GMail (and many other services) are blocked; most of the directly-accessible major services are operated by companies that will readily cooperate with the government. Hosting your spies in an environment where even the content would be available to the government seems like a generally bad idea. Using a VPN could subject a spy to additional scrutiny, especially if they work in a sensitive domain.
I started this research after YouTube suggested me that video. I knew about the sites, but I had missed the Reuters articles that gave the 7 starting points.
The Reuters story (https://www.reuters.com/investigates/special-report/usa-spie...) made this more explicit: there was a password field on the site, poorly disguised as a search feature, that would open a chat box when the right password was entered, into which the source could enter messages. On many of these sites, the password is validated by a bit of obfuscated JavaScript, which then loads a Java applet implementing the actual chat window.
Wow, these guys really did not give a damn about informants. That is some high school level amateur work. Sequential ips, password field, I wonder if they even used ssl. If they did, likely some US affiliated vendor.
I would love to know... even finding the source of those stock photos would be awesome. My initial suspicion is that the image split is just an ancient webdev thing (which they used much after it was popular) to reduce the size of each individual image. But who knows!
Founder of https://viewdns.info/ here (used by and mentioned in the article a bit). If anyone is doing this kind of research, feel free to reach out at feedback@viewdns.info as I'm more than happy to extend some free API credits etc!
-Hughesey