Technical Glitch Leads to CIA X/Twitter Account Hijack

A cyber-security researcher was able to redirect CIA contacts to his own Telegram channel.

A cyber-security researcher this week exposed a glitch on the CIA’s official X, formerly Twitter, account and was able to hijack a channel that’s used for recruiting spies.

The US Central Intelligence Agency (CIA) features a link in its X bio that should direct informants to the messenger app Telegram. However, an issue with how the URL was displayed meant that ethical hacker Kevin McSheehan was able to redirect potential CIA contacts to his own Telegram channel.

Despite trends in social media scams and fraudulent activity continuing to rise for everyday users, McSheehan was alarmed at how simple the hijack was to undertake and how easily it was overlooked by the government organization.

The CIA “drops the ball”

To increase its work gathering intelligence information from spies across the world, the CIA launched a Telegraph channel earlier this year. Here it displays information and methods of contact for individuals in countries who don’t have access to social media or independent media, but may wish to share information with the agency. 

A link to its Telegram sat in its official X account bio, followed by almost 3.5 million users. However, due to the way the URL was truncated, McSheehan discovered the significant security flaw that could have seen hostile nations exploiting the error to gain Western intelligence. 

Surfshark logo???? Want to browse the web privately? ???? Or appear as if you're in another country?
Get TWO months of Surfshark VPN FREE using this Tech.co special offer.See deal button

Upon discovery, he said: “My immediate thought was panic. I saw that the official Telegram link they were sharing could be hijacked – and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence. The CIA really dropped the ball here”.

A Common Flaw in X’s Functionality

Around the end of September this year, the CIA had added its Telegram link https://t.me/securelycontactingcia to its profile. However, the way this was displayed on the social network was https://t.me/securelycont, which turned out to be an – at that time – unused Telegram username.

As soon as McSheehan noticed this, he registered the username which meant that anyone clicking on the link was taken to his Telegram channel. There he’d added a single message to discourage users from sharing any sensitive or secret information.

“I did it as a security precaution,” he said. “It’s a problem with the X site that I’ve seen before but I was amazed to see the CIA hadn’t noticed.”

All Telegram URLs Back to Normal

The mistake has since been corrected by the CIA, with the right Telegram URL now displayed. However, questions remain about how such a simple mistake could have been made.  

The Agency’s official Telegram channel shares content in both English and Russian, stating: “Our global mission demands that individuals be able to reach out to CIA securely from anywhere” while warning potential informants to “be wary of any channels that claim to represent the CIA”.

McSheehan concluded: “It was a perfect storm for something pretty bad to happen – and potentially in an undetected way for quite some time assuming a perfect replica of the CIA channel was produced”. 

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Ellis Di Cataldo (MA) has over 9 years experience writing about, and for, some of the world’s biggest tech companies. She's been the lead writer across digital campaigns, always-on content and worldwide product launches, for global brands including Sony, Electrolux, Byrd, The Open University and Barclaycard. Her particular areas of interest are business trends, startup stories and product news.
Explore More See all news
Back to top
close Building a Website? We've tested and rated Wix as the best website builder you can choose – try it yourself for free Try Wix today