A hacker has detailed how a common glitch in Musk’s X platform allowed him to “hijack” the CIA’s intelligence-gathering pipeline.
CIA’s X’s official pageThe platform, formerly known as Twitter, described the group as America’s “first line of defense.”
U.S. government organizations are known for gathering and analyzing intelligence, sometimes through online channels from a wide network of sources around the world.
X’s profile contains a link that takes users to their account on the messaging app Telegram. The Telegram account, called “Securely Contact the CIA,” allows people to provide tips or information to the intelligence agency.
However, hacker Kevin McSheehan said that due to a flaw in the way X compressed URLs posted to his website, he was able to hijack the link in order to redirect users to his own Telegram channel.
on a wednesday Post on XMcSheehan said that while he had “no intention of embarrassing the CIA,” he had recently “been put in a position where I had no choice but to secure their spy onboarding pipeline.”
On X, lengthy URLs are automatically shortened, but the compressed link should still lead users to the page the publisher intended. However, according to McSheehan, this process can produce incomplete links that are often difficult to detect, which is what he said happened with the CIA X account.
British Broadcasting Corporation The news was first reported in an interview with McSheehan published Wednesday.
Sometime after September 27, the CIA added the link on its X profile page, which was supposed to take users to its Telegram channel so people could share tips.
However, due to an X glitch, the link was compressed to the URL of an unused Telegram account. If an error is discovered, anyone can claim a link to their own Telegram channel and direct traffic from the CIA X account to their own page.
“This is a perfect storm for some very bad things to happen,” McSheahan said in a post on “This occurred undetected over time.” An ongoing attack to intercept sensitive information from CIA inboxes. The attack scene is horrific. “
McSheahan did not immediately respond. wealthAsked to be interviewed, he told the BBC that when he discovered the error, his “immediate thought was panic”.
“I saw that the official Telegram links they shared could be hijacked, and my biggest concern is that countries like Russia, China or North Korea could easily intercept Western intelligence,” he said.
Unclaimed Telegram username
To stop the bug from being dangerously misused, McSheehan said he registered unclaimed Telegram usernames so that anyone who clicked on them would land in his own Telegram channel, which he used to warn people not to share sensitive information .
Despite the potential consequences, McSheain insisted in X’s post on Wednesday that it was “largely X’s fault, not the CIA’s” and that the platform’s link shortening could create incomplete links that are difficult to spot. , so he “will not make any serious accusations against the CIA.”
X did not respond wealthA CIA spokesman was not immediately available for comment when reached outside normal business hours.
However, the BBC reported that the error on its X profile had been corrected within an hour of contacting the CIA.
In a post posted on May 15, weeks after the CIA Telegram channel was established, officials outlined their reasons for building a presence on the platform.
“The CIA’s global mission requires individuals to be able to securely contact us from anywhere in the world,” the post reads. “That’s why the CIA first established a presence on Telegram — to reach those who feel the need to engage with the CIA. people and making sure they know how to do so as safely as possible… We value those who are willing to talk to us and your safety is our top priority.”
In another Telegram post written in Russian, the CIA warned potential aides to “be wary of any channels claiming to represent the CIA.”
Svlook
