CyberSecurityBoard
Sponsor Register Login

Twitter glitch allows CIA informant channel to be hijacked

A cyber-security researcher has exploited a glitch on the CIA's official Twitter account, to hijack a channel used for recruiting spies. The US Central Intelligence Agency account on X, formerly known as Twitter, displays a link to a Telegram channel for informants. Kevin McSheehan was able to redirect potential CIA contacts to his own Telegram channel. "The CIA really dropped the ball here," the ethical hacker said. The CIA is a US government organisation known for gathering secret intelligence information, often over the internet, from a vast network of spies and tipsters around the world. Its official X account, with nearly 3.5 million followers, is used to promote the agency and encourage people to get in touch to protect US national security. Mr McSheehan, 37, who lives in Maine, in the US, said he had discovered the security mistake earlier on Tuesday. "My immediate thought was panic," he said. "I saw that the official Telegram link they were sharing could be hijacked - and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence." At some point after 27 September, the CIA had added to its X profile page a link - https://t. Me/securelycontactingcia - to its Telegram channel containing information about contacting the organisation on the dark net and through other secretive means. The channel said, in Russian: "Our global mission demands that individuals be able to reach out to CIA securely from anywhere," while warning potential recruits to "Be wary of any channels that claim to represent the CIA". A flaw in how X displays some links meant the full web address had been truncated to https://t. "I did it as a security precaution," he said. "It's a problem with the X site that I've seen before - but I was amazed to see the CIA hadn't noticed." The CIA did not reply to a BBC News request for comment - but within an hour of the request, the mistake had been corrected.

This Cyber News was published on www.bbc.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Twitter glitch allows CIA informant channel to be hijacked

Twitter glitch allows CIA informant channel to be hijacked - A cyber-security researcher has exploited a glitch on the CIA's official Twitter account, to hijack a channel used for recruiting spies. The US Central Intelligence Agency account on X, formerly known as Twitter, displays a link to a Telegram channel ...
1 year ago Bbc.com
CRN Recognizes three Check Point Channel Stars in its 2024 Women of the Channel list - CRN has recognized Check Point's Head of Americas Channel Sales, Nisha Holt, for her outstanding achievements as one of the Women of the Channel Power 100. Rebecca James and Lauren Ventura have also earned a spot on the esteemed Women of the Channel ...
7 months ago Blog.checkpoint.com
Ex-CIA software engineer sentenced to 40 years for giving secrets to WikiLeaks - A former Central Intelligence Agency software engineer who was convicted for carrying out the largest theft of classified information in the agency's history and of charges related to child abuse imagery was sentenced to 40 years in prison on ...
10 months ago Theguardian.com
What’s The Difference Between Twitter and Mastodon? - Twitter and Mastodon have been the two major players in the social media landscape for some time. Both platforms offer a way for people to share information and interact with others, and both have millions of users worldwide. Depending on your goals ...
1 year ago Welivesecurity.com
Electronic Frontier Foundation - Archiving tweets isn't just for Dril and former presidents. In its heyday, Twitter was an essential platform for activists, organizers, journalists, and other everyday people around the world to speak truth to power and fight for social justice. Its ...
10 months ago Eff.org
Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
11 months ago Bleepingcomputer.com
How to Not Get Scammed Out of $50,000 - While no one has disputed the authenticity of the threat, WIRED has learned that the leak was part of a behind-the-scenes campaign to block privacy-focused reforms of a major US surveillance program known as Section 702. The leak, instigated by an ...
10 months ago Wired.com
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
11 months ago Bleepingcomputer.com
X Value Down By 79 Percent Since Elon Musk | Silicon UK - CNN, citing estimates from investment giant Fidelity, reported that X is now worth almost 80 percent less than two years ago when Elon Musk finally concluded his controversial acquisition in late October 2022. That is down from the $19.66 million the ...
2 months ago Silicon.co.uk
Hackers Flood Dark Web Markets With Hijacked X Gold accounts - In the age of social media, verification badges hold significant power. On Twitter, the coveted blue tick signifies legitimacy and influence, commanding increased trust and engagement from followers. With the platform's recent monetization of ...
11 months ago Cybersecuritynews.com
Vault 8 Introduction To The Hive Platform - Vault 8 is a recently released a WikiLeaks publication that provides an introduction to the Hive Platform, a project created by the US Central Intelligence Agency. The Hive Platform is a complex system designed to hide malware and cyber weapons ...
1 year ago Securityaffairs.com
Trello API abused to link email addresses to 15 million accounts - An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. Trello is an online project management tool owned by Atlassian that ...
10 months ago Bleepingcomputer.com
CVE-2011-4129 - (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive ...
7 years ago
CIA Hive Malware Explained - The CIA Hive malware has been recently detected by cybersecurity experts around the world. It is sophisticated malware with the ability to monitor and control computers, phones, and other devices connected to the internet. It can be used for ...
1 year ago Securityaffairs.com
ONCD Welcomes Mr. Harry Coker, Jr. as Next National Cyber Director - Once sworn in, Mr. Coker will be the second National Cyber Director in the Office, which was established in 2021 as part of the National Defense Authorization Act. The National Cyber Director serves as principal advisor to the President on ...
1 year ago Darkreading.com
Bloomberg Crypto X account snafu leads to Discord phishing attack - The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link ...
1 year ago Bleepingcomputer.com
Security Firm Certik's Account Hijacked to Spread Crypto Drainer - A Web3 security vendor was tricked by a social media phishing attack which hijacked its account and enabled scammers to share a link to a malicious website, it has emerged. That link was up for just 15 minutes, but it's unclear whether any of the ...
11 months ago Infosecurity-magazine.com
UK politician criticizes X after account hijacked by crypto scam - Polanski's account on the social media platform was obtained over the weekend by what appeared to be a cryptocurrency scam replacing the politician's avatar and header image and posting links to an external site. Shortly after Polanski sent Recorded ...
11 months ago Therecord.media
Mandiant's Twitter account hacked to push cryptocurrency scam - The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. In tests by BleepingComputer, those who click the 'Claim Aidrop' ...
11 months ago Bleepingcomputer.com
Crypto drainer steals $59 million from 63k people in Twitter ad push - Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. According to blockchain threat analysts at ScamSniffer, they ...
1 year ago Bleepingcomputer.com
CVE-2015-5361 - Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client ...
1 year ago
Alex Ruslyakov of Acronis Appointed as CRN Channel Chief for 2023 - We are delighted to share that Alex Ruslyakov of Acronis has been named one of the 2023 Channel Chiefs by CRN®, a brand of The Channel Company. This recognition reflects the tremendous growth and success of Acronis' partner program and Ruslyakov's ...
1 year ago Acronis.com
CVE-2021-47502 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Mandiant's account on X hacked to push cryptocurrency scam - The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. In tests by BleepingComputer, those who click the 'Claim Aidrop' ...
11 months ago Bleepingcomputer.com
CVE-2023-52608 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)