Revealed: CIA Using TwitterX To Recruit Spies

Uploaded on 2023-10-20 in TECHNOLOGY-Key Areas-Social Media, INTELLIGENCE--USA, FREE TO VIEW

A cyber security researcher has used a minor fault on the CIA's official X account, formerly the Twitter account, and has hijacked a channel that has been used for recruiting spies. The researcher and ethical hacker, Kevin McSheehan recently exploited a flaw on the CIA's official Twitter account, to hijack a Telegram channel used for recruiting informants.

The CIA official Twitter X account, with almost 3.5 million followers, is used to promote the agency and encourage people to get in touch to protect US national security.

McSheehan spotted that the CIA had recently added a link from its TwitterX profile page to its Telegram channel. The CIA Telegram channel contained information about contacting the organisation on the Dark Net and through other secretive means.

The CIA's account was displaying a link to a Telegram channel where people can privately contact the agency and McSheehan was able to exploit a flaw to redirect potential CIA contacts to his own Telegram channel. He hijacked the channel as a "security precaution" out of concern that adversaries like Russia, China, or North Korea could intercept sensitive Western intelligence if they exploited the flaw. "I saw that the official Telegram link they were sharing could be hijacked - and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence." 

The channel said, in Russian: "Our global mission demands that individuals be able to reach out to CIA securely from anywhere," while warning potential recruits to "be wary of any channels that claim to represent the CIA". As soon McSheehan noticed the issue, he registered the username so anyone clicking on the link was directed to his own channel, which warned them not to share any secret or sensitive information. 

The incident highlights the about potential cyber security weaknesses for corporate users in managing their online presence. 

TwitterX is undergoing rapid and experimental changes under management of its new owner, Elon Musk, and organisations and personal users of the social media platforms need to be alert to the possible risks that must be identified and addressed.

Washington Examiner:    Techround:   BBC:     BBC:     Washington Post:     cyberkendra:

You Might Also Read: 

The App At The  Frontline Of Information Warfare:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Four Key Cybersecurity Trends For Industrial Companies
Cyberwar In Israel & Gaza »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BCS, The chartered Institute for IT

BCS, The chartered Institute for IT

BCS provides IT professionals with up to date and relevant certifications enabling them to manage IT security effectively within their budget.

InformationWeek

InformationWeek

InformationWeek is the world's most trusted online community for business technology professionals like you.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

ITConnexion

ITConnexion

From cloud migration to ransomware protection, our managed IT services can be customised to address the most prevalent IT issues for your business.

TXOne Networks

TXOne Networks

TXOne Networks offer cybersecurity solutions to protect your industrial control systems to ensure their reliability and safety from cyberattacks.

Quantum eMotion (QeM)

Quantum eMotion (QeM)

Quantum eMotion is a Montreal-based advanced developer leading the way towards a new generation of quantum-safe encryption for the quantum computing age.

Training.com.au

Training.com.au

Training.com.au is a comparison website through which those looking to learn about different aspects of cyber security can compare learning courses from training providers from across Australia.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

Eleos Labs

Eleos Labs

Eleos Labs' suite of security tools prevent Web3 cyber attacks, reduce economic risks, and protect digital assets.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

ESProfiler

ESProfiler

Enterprise Security Profiler. Empowering CISOs with clarity & confidence in their security programme by visualising capabilities, usage and spend against their key threat priorities.