‘The CIA dropped the ball here’: Hacker hijacked the CIA’s secure contact link for Russian informants due to Twitter flaw
>
An American hacker was able to use a flaw in the CIA’s X account (formerly known as Twitter) to direct potential informants to his private Telegram channel.
The link on the CIA’s Twitter channel provides informants with ways to secretly contact the agency – and large amounts of text are in Russian, enabling people inside the country to contact the CIA.
Kevin McSheehan, 37, said he noticed the Telegram link on Page X could be hijacked, and redirected it to his own channel to prevent hostile countries from exploiting the link.
McSheahan, who describes himself as a “pro-CIA patriot”, told the BBC: “My immediate thought was panic.
“I saw that the official Telegram link they were sharing could be hijacked – and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence.
“The CIA really dropped the ball here.”
A hacker has managed to divert people to his private Telegram channel
McSheehan is a so-called “white hat” or ethical hacker, who uses skills similar to a criminal hacker to prevent data breaches.
X’s CIA account showed a link to a Telegram channel, but because of the way X displays links, it was linked to an unclaimed Telegram username instead.
McSheahan noticed the problem, which appeared after September 27, and registered the username himself.
This means that anyone who clicks on the link is directed to McSheehan’s private channel, where he warns them not to share any sensitive information.
McSheahan told the BBC: I did this as a security precaution.
“It’s a problem with Site X that I’ve seen before — but I was amazed to see that the CIA hadn’t noticed.”
The CIA’s X page, followed by 3.4 million people, contains one link to secure ways to contact the organization.
Most notably, the Telegram channel was open to hacking for at least several days.
The link at the bottom of the page has been broken (CIA/X)
“At the CIA, we have a solemn duty to protect those who work with us around the world,” the page said. If you are contacting the CIA to share information about Russia, please do so securely through our dark web portal.
“When possible, the CIA verifies its social media accounts through each platform’s official process. This is the CIA’s official Telegram channel.
The link was automatically truncated to t.me/s/SecurelyCont – meaning anyone who registered the SecurelyCont account could hijack traffic.
McSheehan linked it to a channel that said: “This is not an official CIA channel – it does not share sensitive information with anyone.”
The information was repeated in Cyrillic.
CIA headquarters in Langley, Virginia
Talking to Motherboard“National security was the driver for this,” said the Maine-based security researcher.
“I assumed it was a very recent mistake and that a bad actor would take advantage of it at any moment.” I didn’t even need to think, I just closed it. I appointed myself the gig immediately. I am a patriot, very pro-CIA and have a documented history of defamation.
McSheehan blamed technical changes at X (formerly Twitter) for this issue.
He said: The CIA is strong. X has been buggy for months with links, text formatting, etc. Can’t really blame the CIA. Did they drop the ball? Yes, sort of, but everyone drops the ball sometimes.
The problem was quickly corrected after it was mentioned in media reports, but the CIA has not commented.
(Tags for translation)dailymail