Hackers Able To Use Slits On CIA X Accounts To Lead Informers To Their Personal Telegram Channels
JAKARTA - A hacker from the United States managed to use a technical error on CIA's (previously known as Twitter) account to direct potential informants to his personal Telegram channel.
Links on the CIA's Twitter channel offer a way for informants to contact agencies in secret - and most of the text in Russian, which allows domestic people to contact the CIA.
Kevin McSheehan, 37, said that he noticed Telegram links on the X page could be hacked, and directed him to his own private channel to prevent enemy countries from exploiting the link.
"My first thought was panic. I saw that the official Telegram links they shared could be hacked - and my biggest fear was that countries like Russia, China, or North Korea could easily intercept Western intelligence. The CIA really made a big mistake here," McSheehan, describing himself as a 'pro-CIA diplomat', quoted from the BBC.
McSheehan is a 'white hat' hacker or ethical hacker, who uses his skills to prevent data breaches. Not the other way around.
The CIA X account displays a link to the Telegram channel, but due to the way X displays the link, the link is connected to an unclaimed Telegram username. McSheehan noticed the issue, which emerged after September 27, and registered the username itself.
That is, anyone who clicks on the link will be directed to McSheehan's channel - where he warns them not to share sensitive information. "I did it as a security measure. This is a problem with the site X I've seen before - but I'm amazed to see that the CIA hasn't paid attention to it," McSheehan said.
The CIA's X page, which has 3.4 million followers, has one link, for a safe way to contact the organization. The most notable of this is the Telegram channel - which can be hacked for at least a few days.
The page says, "At the CIA, we have a sacred duty to protect those working with us around the world. If you're contacting the CIA to share information about Russia, do it safely through our portal on the dark web."
VOIR éGALEMENT:
"If possible, the CIA has verified its social media accounts through the official process of each platform. This is the CIA's official Telegram channel," they said.
The link is automatically cut to t.me/s/SecurelyCont - which means that whoever registers a SecurelyCont account can divert traffic.
McSheehan connected it to a channel that said, "THIS IS NOT AN OFFICIAL CIA CHANNEL - DON'T SHARE SENSITIVE INFORMATION WITH ANYONE." The information was repeated in the Kiril script.
Speaking to Motherboard, Maine-based security researcher said, "I am motivated by National Security. I assume that it is a very new mistake and that the bad guys will take advantage of it every minute. I don't even have to think - I immediately secured it. I appointed myself on the spot. I am patriotic, very pro-CIA, and have a documented whitehat history," McSheehan said.
McSheehan blamed technical changes on X (formerly Twitter) for the matter. said, "CIA solid. X has been in trouble for months with links, text formats, etc.," he said.