CIA Watchlist?

August 7th, 2008

I was checking the statistics for visits to my website, and reviewed the list of referring URLs. Those are the pages from which a visitor clicked on a link to reach my website. One of them jumped right out at me: On July 5th, a few hours after I had been waving my little flag during my town’s 4th of July parade, my site got a visit from the CIA.

Specifically, the referring URL was*. I tried that with “http://” and was redirected to a page that informed me, “ is now encrypted, except for our Electronic Reading Room, to assure visitor confidentiality. As a result, the Web address for pages and documents in our site has changed from http:// to https://”. So instead I tried,, but got, “The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it.”

Next I turned to the IP address in the original log files*. A “ping -a” resolved all three to (or a slight variation based on the IP address. So apparently someone using their account at Wild Blue (a satellite broadband ISP) was reviewing and clicked a link that took them to my website. According to the logs, they only visited my site’s homepage. Guess my work doesn’t speak to spooks.

I was going to pretend this didn’t happen, but I went from freaked out to pissed off pretty quickly. Am I just being paranoid? I’ve done about all the research I can without raising any (more) red flags….

* Original log file entries: – – [05/Jul/2008:13:35:51 -0400] “GET / HTTP/1.1” 200 4049” “-” “-” – – [05/Jul/2008:13:35:52 -0400] “GET /postdiluvian.css HTTP/1.1” 200 441 www.postdiluvianphoto.com” “-” “-” – – [05/Jul/2008:13:35:54 -0400] “GET /images/mosquito.jpg HTTP/1.1” 200 85935 www.postdiluvianphoto.com” “-” “-” – – [05/Jul/2008:13:35:54 -0400] “GET /images/definition.jpg HTTP/1.1” 200 11055 “” “-” “-” – – [05/Jul/2008:13:35:54 -0400] “GET /images/spikes.jpg HTTP/1.1” 200 159183 www.postdiluvianphoto.com” “-” “-” – – [05/Jul/2008:13:36:00 -0400] “GET /favicon.ico HTTP/1.1” 200 894 www.postdiluvianphoto.com” “-” “-“

Leave a Reply