US Man Exploited CIA X Glitch to Reroute Informants to His Telegram | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

A flag of the CIA made using computer binary code.
Gwengoat/Getty Images

  • An American cybersecurity expert noticed a glitch on the CIA’s X account.
  • X truncated a CIA link meant for Russian informants. Kevin McSheehan claimed the Telegram username.
  • He said he exploited the glitch to stop hostile actors from intercepting Western intelligence.

An American cybersecurity researcher exploited a glitch on the CIA’s X account to redirect potential Russian informants to his own Telegram channel, according to BBC News.

Kevin McSheehan, 37, said he identified and exploited the glitch on X, formerly known as Twitter, to prevent any hostile actors from capitalizing on the mistake.

“I saw that the official Telegram link they were sharing could be hijacked — and my biggest fear was that a country like Russia, China, or North Korea could easily intercept Western intelligence,” he told BBC News.

“The CIA really dropped the ball here,” he added.

The CIA account on X, formerly known as Twitter, displayed a link at some point after September 27 to a Telegram channel containing info about how to contact the organization through the dark net or other covert methods, BBC News reported.

However, due to a flaw in how X displays certain links, the URL had been truncated to an unclaimed Telegram username, per BBC News.

McSheehan noticed the glitch, telling the news outlet: “My immediate thought was panic.”

He then registered the username so that anyone clicking the link, potentially to act as an informant, was led to his own Telegram channel, BBC News said.

It featured a message urging those who clicked through not to share any secretive information, according to the news outlet.

McSheehan told BBC News that he did what he did as a “security precaution,” adding: “It’s a problem with the X site that I’ve seen before — but I was amazed to see the CIA hadn’t noticed.”

The CIA, which did not immediately respond to Insider’s request for comment, has since corrected the error.

X also did not immediately respond to Insider’s request for a comment


Click Here For The Original Source.

National Cyber Security