Revealed: CIA Using TwitterX To Recruit Spies

Uploaded on 2023-10-20 in TECHNOLOGY-Key Areas-Social Media, INTELLIGENCE--USA, FREE TO VIEW

A cyber security researcher has used a minor fault on the CIA's official X account, formerly the Twitter account, and has hijacked a channel that has been used for recruiting spies. The researcher and ethical hacker, Kevin McSheehan recently exploited a flaw on the CIA's official Twitter account, to hijack a Telegram channel used for recruiting informants.

The CIA official Twitter X account, with almost 3.5 million followers, is used to promote the agency and encourage people to get in touch to protect US national security.

McSheehan spotted that the CIA had recently added a link from its TwitterX profile page to its Telegram channel. The CIA Telegram channel contained information about contacting the organisation on the Dark Net and through other secretive means.

The CIA's account was displaying a link to a Telegram channel where people can privately contact the agency and McSheehan was able to exploit a flaw to redirect potential CIA contacts to his own Telegram channel. He hijacked the channel as a "security precaution" out of concern that adversaries like Russia, China, or North Korea could intercept sensitive Western intelligence if they exploited the flaw. "I saw that the official Telegram link they were sharing could be hijacked - and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence." 

The channel said, in Russian: "Our global mission demands that individuals be able to reach out to CIA securely from anywhere," while warning potential recruits to "be wary of any channels that claim to represent the CIA". As soon McSheehan noticed the issue, he registered the username so anyone clicking on the link was directed to his own channel, which warned them not to share any secret or sensitive information. 

The incident highlights the about potential cyber security weaknesses for corporate users in managing their online presence. 

TwitterX is undergoing rapid and experimental changes under management of its new owner, Elon Musk, and organisations and personal users of the social media platforms need to be alert to the possible risks that must be identified and addressed.

Washington Examiner:    Techround:   BBC:     BBC:     Washington Post:     cyberkendra:

You Might Also Read: 

The App At The  Frontline Of Information Warfare:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Four Key Cybersecurity Trends For Industrial Companies
Cyberwar In Israel & Gaza »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LogmeOnce

LogmeOnce

LogmeOnce provides users with solution to multiple Password problems, Single Sign-On (SSO), and Identity Management.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies provides artificial intelligence solutions and information security solutions.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

National Cybersecurity Preparedness Consortium (NCPC)

National Cybersecurity Preparedness Consortium (NCPC)

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

Route1

Route1

Route1 is an advanced provider of secure data intelligence solutions to drive your business forward.

CSIR Information & Cybersecurity Research Centre

CSIR Information & Cybersecurity Research Centre

The CSIR Information & Cybersecurity Research Centre focuses on research, development, and innovation of home-grown cyber and information security.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.