CIA exposed to potential intelligence interception due to X's URL bug

2023-10-18 13:00

An ethical hacker has exploited a bug in the way X truncates URLs to take over a CIA Telegram channel used to receive intelligence.

Kevin McSheehan, who uses the online handle "Pad," spotted the issue after hovering over the link to the CIA's Telegram channel displayed on its X social media profile.

After the CIA updated its profile at some point after September 27, the Telegram link shortened, cutting off part of the full username, allowing McSheehan to register the new, unregistered handle.

Instead of just shortening the URL in the X profile, X shortened it in a way that completely changed the link's path, which could have left the CIA vulnerable to espionage campaigns.

The Telegram URL in the fake profile would also have appeared in the same way as it would on the genuine CIA X profile due to the way X truncates URLs.

The CIA has since changed its profile to display the correct Telegram URL, which publishes messages in English and Russian, pointing individuals to information on how to securely contact the agency.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/18/cia_x_url_bug/

#CIA #URL