A cybersecurity researcher was able to hijack a channel used by the CIA to recruit spies thanks to a glitch on X, the BBC reports.
The hacker, 37-year-old Maine resident Kevin McSheehan, noticed in the CIA’s X bio a recently added link to its Telegram channel used to secure sources.
But an issue on X caused the URL for the channel to be shortened from t.me/securelycontactingcia to just t.me/securelycont. McSheehan, who goes by the online moniker Pad, discovered that the incorrectly shortened URL forwarded to a Telegram channel that had never been registered.
McSheehan quickly secured the Telegram channel for himself and added a post warning the CIA of the issue.
The post on the channel stressed that the error was caused not by the CIA but by a bug with X.
“Hi, this is Pad —x.com/123456 — and I’m a US based ethical hacker from the private sector,” the post began. “The CIA updated their X bio and in doing so corrupted the full URL of their private disclosure program — linking to an unassigned Telegram URL.”
McSheehan also cited concerns over the channel’s potential compromise by foreign adversaries as why he opted to register the channel before alerting the CIA.
“The problem here is that opposition IC groups could have easily reproduced the real CIA channel after hijacking this URL — and for the purpose of intercepting CIA-bound classified information,” the post continued.
The hacker added that he had secured the channel with 2FA and was willing to turn it over to the U.S. government when requested.
The BBC notes that the CIA did not answer its requests for comment on the issue, but that the error in their X bio was fixed approximately one hour later.
The link in the CIA’s bio now directs users to the correct channel, which encourages sources to come forward in Russian text by contacting them on the dark web.
Correction: This post originally misstated McSheehan’s age. He is 37.
