CIA Watchlist?

August 7th, 2008

I was checking the statistics for visits to my website, and reviewed the list of referring URLs. Those are the pages from which a visitor clicked on a link to reach my website. One of them jumped right out at me: On July 5th, a few hours after I had been waving my little flag during my town’s 4th of July parade, my site got a visit from the CIA.

Specifically, the referring URL was www.cia.gov/internalmemos/watchlist.doc2efki~4*. I tried that with “http://” and was redirected to a page that informed me, “CIA.gov is now encrypted, except for our Electronic Reading Room, to assure visitor confidentiality. As a result, the Web address for pages and documents in our site has changed from http:// to https://”. So instead I tried, https://www.cia.gov/internalmemos/watchlist.doc2efki~4, but got, “The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it.”

Next I turned to the IP address in the original log files*. A “ping -a” resolved all three to 75-106-192-56.cust.wildblue.net (or a slight variation based on the IP address. So apparently someone using their account at Wild Blue (a satellite broadband ISP) was reviewing www.cia.gov/internalmemos/watchlist.doc2efki~4 and clicked a link that took them to my website. According to the logs, they only visited my site’s homepage. Guess my work doesn’t speak to spooks.

I was going to pretend this didn’t happen, but I went from freaked out to pissed off pretty quickly. Am I just being paranoid? I’ve done about all the research I can without raising any (more) red flags….

———————-
* Original log file entries:
75.106.192.56 – – [05/Jul/2008:13:35:51 -0400] “GET / HTTP/1.1” 200 4049 www.postdiluvianphoto.com https://www.cia.gov/internalmemos/watchlist.doc2efki~4” “-” “-”
75.106.192.38 – – [05/Jul/2008:13:35:52 -0400] “GET /postdiluvian.css HTTP/1.1” 200 441 www.postdiluvianphoto.comhttps://www.cia.gov/internalmemos/watchlist.doc2efki~4” “-” “-”
75.106.192.38 – – [05/Jul/2008:13:35:54 -0400] “GET /images/mosquito.jpg HTTP/1.1” 200 85935 www.postdiluvianphoto.comhttps://www.cia.gov/internalmemos/watchlist.doc2efki~4” “-” “-”
75.106.192.56 – – [05/Jul/2008:13:35:54 -0400] “GET /images/definition.jpg HTTP/1.1” 200 11055 www.postdiluvianphoto.com “https://www.cia.gov/internalmemos/watchlist.doc2efki~4” “-” “-”
75.106.192.36 – – [05/Jul/2008:13:35:54 -0400] “GET /images/spikes.jpg HTTP/1.1” 200 159183 www.postdiluvianphoto.comhttps://www.cia.gov/internalmemos/watchlist.doc2efki~4” “-” “-”
75.106.192.56 – – [05/Jul/2008:13:36:00 -0400] “GET /favicon.ico HTTP/1.1” 200 894 www.postdiluvianphoto.comhttps://www.cia.gov/internalmemos/watchlist.doc2efki~4” “-” “-“

Leave a Reply

http://www.postdiluvianphoto.com/blog/feed/