A cyber-security researcher this week exposed a glitch on the CIA’s official X, formerly Twitter, account and was able to hijack a channel that’s used for recruiting spies.
The US Central Intelligence Agency (CIA) features a link in its X bio that should direct informants to the messenger app Telegram. However, an issue with how the URL was displayed meant that ethical hacker Kevin McSheehan was able to redirect potential CIA contacts to his own Telegram channel.
Despite trends in social media scams and fraudulent activity continuing to rise for everyday users, McSheehan was alarmed at how simple the hijack was to undertake and how easily it was overlooked by the government organization.
The CIA “drops the ball”
To increase its work gathering intelligence information from spies across the world, the CIA launched a Telegraph channel earlier this year. Here it displays information and methods of contact for individuals in countries who don't have access to social media or independent media, but may wish to share information with the agency.
A link to its Telegram sat in its official X account bio, followed by almost 3.5 million users. However, due to the way the URL was truncated, McSheehan discovered the significant security flaw that could have seen hostile nations exploiting the error to gain Western intelligence.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this Tech.co Black Friday offer.
Upon discovery, he said: “My immediate thought was panic. I saw that the official Telegram link they were sharing could be hijacked – and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence. The CIA really dropped the ball here”.
A Common Flaw in X's Functionality
Around the end of September this year, the CIA had added its Telegram link https://t.me/securelycontactingcia to its profile. However, the way this was displayed on the social network was https://t.me/securelycont, which turned out to be an – at that time – unused Telegram username.
As soon as McSheehan noticed this, he registered the username which meant that anyone clicking on the link was taken to his Telegram channel. There he’d added a single message to discourage users from sharing any sensitive or secret information.
“I did it as a security precaution,” he said. “It's a problem with the X site that I've seen before but I was amazed to see the CIA hadn't noticed.”
All Telegram URLs Back to Normal
The mistake has since been corrected by the CIA, with the right Telegram URL now displayed. However, questions remain about how such a simple mistake could have been made.
The Agency’s official Telegram channel shares content in both English and Russian, stating: “Our global mission demands that individuals be able to reach out to CIA securely from anywhere” while warning potential informants to “be wary of any channels that claim to represent the CIA”.
McSheehan concluded: “It was a perfect storm for something pretty bad to happen – and potentially in an undetected way for quite some time assuming a perfect replica of the CIA channel was produced”.