Revealed: CIA Using TwitterX To Recruit Spies

Uploaded on 2023-10-20 in TECHNOLOGY-Key Areas-Social Media, INTELLIGENCE--USA, FREE TO VIEW

A cyber security researcher has used a minor fault on the CIA's official X account, formerly the Twitter account, and has hijacked a channel that has been used for recruiting spies. The researcher and ethical hacker, Kevin McSheehan recently exploited a flaw on the CIA's official Twitter account, to hijack a Telegram channel used for recruiting informants.

The CIA official Twitter X account, with almost 3.5 million followers, is used to promote the agency and encourage people to get in touch to protect US national security.

McSheehan spotted that the CIA had recently added a link from its TwitterX profile page to its Telegram channel. The CIA Telegram channel contained information about contacting the organisation on the Dark Net and through other secretive means.

The CIA's account was displaying a link to a Telegram channel where people can privately contact the agency and McSheehan was able to exploit a flaw to redirect potential CIA contacts to his own Telegram channel. He hijacked the channel as a "security precaution" out of concern that adversaries like Russia, China, or North Korea could intercept sensitive Western intelligence if they exploited the flaw. "I saw that the official Telegram link they were sharing could be hijacked - and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence." 

The channel said, in Russian: "Our global mission demands that individuals be able to reach out to CIA securely from anywhere," while warning potential recruits to "be wary of any channels that claim to represent the CIA". As soon McSheehan noticed the issue, he registered the username so anyone clicking on the link was directed to his own channel, which warned them not to share any secret or sensitive information. 

The incident highlights the about potential cyber security weaknesses for corporate users in managing their online presence. 

TwitterX is undergoing rapid and experimental changes under management of its new owner, Elon Musk, and organisations and personal users of the social media platforms need to be alert to the possible risks that must be identified and addressed.

Washington Examiner:    Techround:   BBC:     BBC:     Washington Post:     cyberkendra:

You Might Also Read: 

The App At The  Frontline Of Information Warfare:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Four Key Cybersecurity Trends For Industrial Companies
Cyberwar In Israel & Gaza »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Radisys

Radisys

Radisys offers software, products, integrated systems, and professional services for communication service providers and telecom solution vendors.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

WatchGuard

WatchGuard

WatchGuard is a leader in network security, secure Wi-Fi, and network intelligence products and services for SMBs and Enterprises worldwide.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

LiveVault

LiveVault

LiveVault delivers fully automated, turnkey, backup over the Internet or a private network connection for uninterrupted remote data protection.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

TechVets

TechVets

TechVets is a non-for-profit helping UK veterans and service leavers retrain into Cyber Security and Technology jobs.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

Consensys

Consensys

ConsenSys is a global blockchain company. We develop enterprise applications, invest in startups, build developer tools, and offer blockchain education.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

IoTeX

IoTeX

Building the connected world. IoTeX is a fast, secure, and decentralized platform that connects real world devices/data to the blockchain.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies offer an advanced innovation for AI security. The Bosch AIShield is the definite answer to safeguard your business against model extraction attacks.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.