Revealed: CIA Using TwitterX To Recruit Spies

A cyber security researcher has used a minor fault on the CIA's official X account, formerly the Twitter account, and has hijacked a channel that has been used for recruiting spies. The researcher and ethical hacker, Kevin McSheehan recently exploited a flaw on the CIA's official Twitter account, to hijack a Telegram channel used for recruiting informants.

The CIA official Twitter X account, with almost 3.5 million followers, is used to promote the agency and encourage people to get in touch to protect US national security.

McSheehan spotted that the CIA had recently added a link from its TwitterX profile page to its Telegram channel. The CIA Telegram channel contained information about contacting the organisation on the Dark Net and through other secretive means.

The CIA's account was displaying a link to a Telegram channel where people can privately contact the agency and McSheehan was able to exploit a flaw to redirect potential CIA contacts to his own Telegram channel. He hijacked the channel as a "security precaution" out of concern that adversaries like Russia, China, or North Korea could intercept sensitive Western intelligence if they exploited the flaw. "I saw that the official Telegram link they were sharing could be hijacked - and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence." 

The channel said, in Russian: "Our global mission demands that individuals be able to reach out to CIA securely from anywhere," while warning potential recruits to "be wary of any channels that claim to represent the CIA". As soon McSheehan noticed the issue, he registered the username so anyone clicking on the link was directed to his own channel, which warned them not to share any secret or sensitive information. 

The incident highlights the about potential cyber security weaknesses for corporate users in managing their online presence. 

TwitterX is undergoing rapid and experimental changes under management of its new owner, Elon Musk, and organisations and personal users of the social media platforms need to be alert to the possible risks that must be identified and addressed.

Washington Examiner:    Techround:   BBC:     BBC:     Washington Post:     cyberkendra:

You Might Also Read: 

The App At The  Frontline Of Information Warfare:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Four Key Cybersecurity Trends For Industrial Companies
Cyberwar In Israel & Gaza »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

8MAN

8MAN

8MAN is a leading Access Rights Management (ARM) solution in Microsoft and virtual server environments.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

ENLIGHTENi

ENLIGHTENi

ENLIGHTENi are the platform to develop next-gen talent in Technology, Risk, and Cybersecurity. Our mission is to develop next-gen talent through challenge-based learning and team collaboration.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

Senserva

Senserva

Senserva delivers a deep analysis for security user accounts and applications within the Microsoft cloud environment.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

Nitel

Nitel

Nitel is a leading next-generation technology services provider. We simplify the complex technology challenges of today’s enterprises to create seamless and integrated managed network solutions.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.