• Wednesday, April 17, 2024
businessday logo

BusinessDay

Twitter glitch helps hacker outsmart CIA

hacker

A cyber-security researcher recently exposed a significant glitch on the CIA’s official Twitter account, allowing the researcher to hijack a channel meant for recruiting spies. The US Central Intelligence Agency (CIA), with a Twitter account boasting nearly 3.5 million followers, uses its profile to promote its agency and invite individuals to help protect US national security. However, the glitch enabled Kevin McSheehan, an ethical hacker, to redirect potential CIA contacts to his Telegram channel.

Ethical hackers are computer security experts who use their skills to identify vulnerabilities, weaknesses, and potential threats in order to help organizations strengthen their security and protect against unauthorized access, data breaches, and cyberattacks.

The security breach, discovered by McSheehan, sent shockwaves through the intelligence community. The CIA’s Twitter account had been displaying a link to a Telegram channel for informants. However, the glitch allowed McSheehan to exploit the situation and redirect users to his own channel.

“The CIA really dropped the ball here,” McSheehan said, emphasising the severity of the security lapse. The CIA is renowned for its role in collecting secret intelligence information through a vast network of spies and tipsters worldwide.

The revelation came as a surprise toMcSheehan, a 37-year-old resident of Maine in the US. He recognized the security flaw earlier this week. “My immediate thought was panic,” he stated. “I saw that the official Telegram link they were sharing could be hijacked, and my biggest fear was that a country like Russia, China, or North Korea could easily intercept Western intelligence.”

Read also: Hackers hit more education institutions with ransomware

The CIA had added a link to its Telegram channel on its Twitter profile page, emphasizing the need for secure communication with the organization, according to a report by BBC. However, a flaw in how Twitter displays links resulted in the full web address being truncated to “https://t.me/securelycont” – an unused Telegram username.

McSheehan registered this username immediately, ensuring that anyone who clicked on the link was directed to his own channel. His channel carried a warning, urging users not to share any secret or sensitive information.

“I did it as a security precaution,” McSheehan explained. “It’s a problem with the Twitter site that I’ve seen before, but I was amazed to see the CIA hadn’t noticed.”

When contacted for comment by BBC News, the CIA did not respond initially. However, within an hour of the request, the security mistake had been corrected, preventing further access to McSheehan’s channel.