The BBC has unveiled that a glitch on the CIA’s official Twitter account has been exploited by a cyber-security researcher to hijack a channel used for recruiting spies.
The US Central Intelligence Agency (CIA) account on X, formerly known as Twitter, displays a link to a Telegram channel for informants.
Investigating the Security Mistake
The US government organisation, known for dealing with matters of national security and gathering secret intelligence information, often over the Internet, from a vast network of spies and tipsters around the world, has had its official X account exploited to gain private information.
“My immediate thought was panic,” said Mr McSheehan, 37, who lives in the US, when he discovered the security mistake earlier on Tuesday.
“I saw that the official Telegram link they were sharing could be hijacked – and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence.”
At some point after 27 September, the CIA had added to its X profile page a link – https://t.me/securelycontactingcia – to its Telegram channel containing information about contacting the organisation on the dark net and through other secretive means.
The channel said, in Russian: “Our global mission demands that individuals be able to reach out to CIA securely from anywhere,” while warning potential recruits to “be wary of any channels that claim to represent the CIA”.
But a flaw in how X displays some links meant the full web address had been truncated to https://t.me/securelycont – an unused Telegram username.
More from Tech
- Meet Ada: The Accurate Carbon Insights Tool
- Tech And Apps For Your Blood Pressure Monitoring
- Spreadsheet SDKs and the Role they Play in Modern Retail Data Management
- How Reliable Data Access Protects Businesses From Unexpected Downtime
- UK Finance Firms At Risk Of Digital Exclusion Ahead of Global Accessibility Day
- Why Does Adtech Keep Rebranding The Same Thing?
- 5 Wearable Tech Companies To Watch in 2025
- UK 5G Hotspots For Remote Workers
“CIA really dropped the ball”
As soon as Mr McSheehan noticed the issue, he registered the username so anyone clicking on the link was directed to his own channel, which warned them not to share any secret or sensitive information.
“I did it as a security precaution,” he said.
“It’s a problem with the X site that I’ve seen before – but I was amazed to see the CIA hadn’t noticed.”
Although the mistake was quickly corrected after Mr McSheehan brought it to attention, this does little to reinforce trust in the safety of the account and the information it’s privy to.
“The CIA really dropped the ball here,” the ethical hacker said.
The organisation’s X platform has nearly 3.5 million followers, which allows it to promote the agency and encourage people to get in touch to protect US national security. However, this leaves space for a lot of damage should the platform be hijacked or exploited in any way.
Should Secret Services Have Social Media?
The recent hijacking leaves one big question hanging in the air: should secret services have social media accounts?
Government organisations around the world have, typically, garnered a reputation (out of necessity) of being the silent, everpresent tip of the spear in global conflicts and shadowy espionage campaigns.
One can’t help but feel that the introduction of our globe’s secret services on social media seems a little off-brand for spy agencies that pride themselves on covert actions.
Is this a shiny new era of these organisations’ histories, where they are more in touch with the population they’re meant to protect? Or is this, seemingly public rebranding, a disaster waiting to happen?
Should intelligence agencies, whose whole existence is based on how good it is at being an impenetrable labyrinth, need a public presence?
