Link Glitch in X, Hijacked CIA Informant Channel

A cybersecurity researcher, Kevin McSheehan (@123456) recently exploited a flaw on the CIA's official Twitter account, to hijack a telegram channel used for recruiting informants. McSheehan exploited the flaw of how X, formerly known as Twitter, displays the link on any user's bio section. 

The CIA's account on the social media platform, X displays a link to a Telegram channel where people can privately contact the agency. 

CIA's Telegram channel link is "t.me/s/securelycontactingcia", but a flaw in how X displays some links meant the full web address had been truncated to "https://t.me/securelycont" - an unused Telegram username.

McSheehan discovered the link was truncated in a way that allowed him to register the username "securelycont" and redirect potential CIA contacts to his own Telegram channel.

McSheehan has shared the whole scenario of the flaw on its X account. 

"I saw that the official Telegram link they were sharing could be hijacked - and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence." - McSheehan said.

✰ i hijacked the cia's telegram ✰

time sensitivity - no other option

i'm not in the business of making the @cia look bad - but i fell backwards into a situation where i had no option but to secure their spy onboarding funnel.

article: https://t.co/l3YuyJhiQl

they're the… pic.twitter.com/l20zTA6fdH

— pad (@123456) October 18, 2023

An ethical hacker said he hijacked the channel as a "security precaution" out of concern that adversaries like Russia, China, or North Korea could intercept sensitive Western intelligence if they exploited the flaw. 

He warned users on his Telegram channel not to share any secret information intended for the CIA.

The vulnerability arose because Twitter does not fully display some unusually long links, truncating them. The CIA did not initially notice the problem with the link to their Telegram channel, which was intended to let sources "securely contact the CIA from anywhere."

Within an hour after McSheehan notified the CIA, the agency corrected the link. 

The incident highlights the need for government agencies to be vigilant about potential cybersecurity weaknesses in their online presence. Social media platforms like X can introduce risks that must be identified and addressed.