An ”Ethical Hacker” Helped Fix a Major Flaw in the CIA’s X/Twitter | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

  • The CIA was accidentally directing potential spies and informants to the wrong communications channel through their Twitter.
  • The issue was first spotted by a “ethical hacker,” who stepped in and claimed the incorrectly-linked-to account in the hopes of stopping bad actors.
  • The issue has since been fixed, but the link was reportedly wrong starting at the beginning of this month.

Well, Twitter—apologies, X—has screwed up again. A link did not go where it was meant to go, and it caused a big cybersecurity flaw. You would think that, if anyone knew how to deal with a breach of cybersecurity, it would be the CIA.

But apparently, according to recent reporting by the BBC, you would be wrong. The news outlet revealed that on Tuesday, due to a flaw in X’s linking code, a man being referred to by various outlets as an “ethical hacker” was able to functionally hijack the Telegram messaging channel used by the CIA to recruit spies and gather intel from informants.

“My immediate thought was panic,” the hacker, Kevin McSheehan, told the BBC. He added that the CIA “really dropped the ball here.”


On the CIA’s X profile, there is a link to a channel hosted by the Telegram messaging service at the top of the page. This serves as a first step for people to begin to reach out to the agency over the internet. Once there, people would be met with instructions on how to actually reach someone within the intelligence service and share sensitive information through safe and secure channels. The link was meant to lead to

However, the link didn’t lead there at all. Because of some of X’s display settings, the web address had been truncated so that it would fit on the screen more cleanly. But the issue was this: not only the display link was truncated. The actual hyperlink was shortened, so instead of navigating to when you clicked that link, you were taken to

When McSheehan noticed this bug, no one had registered with Telegram. This was a link to a messaging channel that no one owned, being pointed to by the CIA as a safe and secure place to begin exchanges of information that have the potential to be incredibly sensitive and dangerous. Anyone who registered that account would have been able to see anything that anyone sent their way, and the link had been wrong since the beginning of this month.

In an attempt to stop bad actors from gaining access to this channel, McSheehan registered the account himself and put up a warning not to share any information with this non-government-affiliated channel. “I did it as a security precaution,” he told the BBC. “It’s a problem with the X site that I’ve seen before—but I was amazed to see the CIA hadn’t noticed.”

The CIA reportedly fixed the problem within an hour of the BBC reaching out to ask them for comment on the situation. The link now directs to the intended source, and hopefully, no one was able to garner any information through the bad link before McSheehan stepped in.

McSheehan himself, according to Motherboard, places the blame for this issue on X, rather than the CIA. “The CIA is solid. X has been buggy for months with links, text formatting, etc,” he told the site. “Blame really can’t be placed on the CIA. Did they drop the ball? Yes kind of—but everyone drops the ball sometimes. Even in the [intelligence community].”

Hopefully, no one was hurt when that ball fell.

Headshot of Jackie Appel

Associate News Editor

Jackie is a writer and editor from Pennsylvania. She’s especially fond of writing about space and physics, and loves sharing the weird wonders of the universe with anyone who wants to listen. She is supervised in her home office by her two cats.


Click Here For The Original Story From This Source.

National Cyber Security