Twitter page display flaw led to CIA informant's channel being hijacked by white hat hackers

A cybersecurity researcher exploited a vulnerability on the CIA's official Twitter account to hijack a channel used to recruit informants.

The CIA's account on X (formerly Twitter) shows a link to the informant's Telegram channel. But Kevin McSheehan was able to direct potential CIA contacts to his Telegram channel.

"The CIA is really out of control here," said the white-hat ethical hacker.

The CIA is a U.S. government organization known for collecting secret intelligence information, often through the Internet from a vast network of spies and informants around the world.

Its official X account, which has nearly 3.5 million followers, is used to promote the agency and encourage people to get in touch with it to protect U.S. national security.

Mike Sheehan, 37, who lives in Maine, said he discovered the security error early Tuesday.

"My first reaction was panic," he said. "I saw that the official Telegram link they shared could be hijacked - my biggest concern was that countries like Russia, China or North Korea could easily intercept Western intelligence."

Sometime after September 27, the CIA added a link to its X-Files page — https://t.me/securelycontactingcia — that led directly to its Telegram channel, which contained information about contacting the organization through the dark web and other clandestine means.

"Our global mission requires individuals to be able to securely contact the CIA from anywhere," the channel said in Russian, while warning potential new members to "be wary of any channel claiming to represent the CIA."

But there's a flaw in the way X displays certain links, meaning the full URL is truncated to https://t.me/securelycont - an unused Telegram username.

Once McSheain noticed the problem, he immediately registered the username so that anyone who clicked on the link would be directed to his own channel, which warned them not to share any secret or sensitive information.

"I do it to be on the safe side," he said. "This is an issue I've seen with site X before, but I'm surprised the CIA didn't notice it."

The CIA did not respond to BBC News' request for comment, but the error was corrected within an hour of the request.