The CIA's account on the social media platform, X displays a link to a Telegram channel where people can privately contact the agency.
CIA's Telegram channel link is "t.me/s/securelycontactingcia", but a flaw in how X displays some links meant the full web address had been truncated to "https://t.me/securelycont" - an unused Telegram username.
McSheehan discovered the link was truncated in a way that allowed him to register the username "securelycont" and redirect potential CIA contacts to his own Telegram channel.
McSheehan has shared the whole scenario of the flaw on its X account.
"I saw that the official Telegram link they were sharing could be hijacked - and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence." - McSheehan said.
✰ i hijacked the cia's telegram ✰
— pad (@123456) October 18, 2023
time sensitivity - no other option
i'm not in the business of making the @cia look bad - but i fell backwards into a situation where i had no option but to secure their spy onboarding funnel.
article: https://t.co/l3YuyJhiQl
they're the… pic.twitter.com/l20zTA6fdH
An ethical hacker said he hijacked the channel as a "security precaution" out of concern that adversaries like Russia, China, or North Korea could intercept sensitive Western intelligence if they exploited the flaw.
He warned users on his Telegram channel not to share any secret information intended for the CIA.
The vulnerability arose because Twitter does not fully display some unusually long links, truncating them. The CIA did not initially notice the problem with the link to their Telegram channel, which was intended to let sources "securely contact the CIA from anywhere."
Within an hour after McSheehan notified the CIA, the agency corrected the link.
The incident highlights the need for government agencies to be vigilant about potential cybersecurity weaknesses in their online presence. Social media platforms like X can introduce risks that must be identified and addressed.