A hacker has detailed how a common glitch on Elon Musk’s X platform allowed him to “hijack” a CIA channel used to gather intelligence.
The CIA’s official page on X, the platform formerly known as Twitter, describes the organization as America’s “first line of defense.”
The U.S. government organization is known for gathering and analyzing intelligence, sometimes via online channels, from a wide network of sources all over the world.
Included in its brief bio on X is a link that directs users to an account on the messaging app Telegram. The Telegram account, titled “Securely Contacting CIA,” allows people to reach out to the intelligence agency with tips or information.
However, Kevin McSheehan—who refers to himself as a "white hat" or ethical hacker—said he was able to hijack the link so that users would be redirected to his own Telegram channel, thanks to a flaw in the way X condenses URLs posted to its site.
In a Wednesday post on X, McSheehan said that while he was “not in the business of making the CIA look bad,” he had recently “fallen backwards into a situation where I had no option but to secure their spy onboarding funnel.”
On X, lengthy URLs are automatically shortened—but the condensed links should still send users to the poster’s intended web page. However, according to McSheehan, the process can produce incomplete links that are often difficult to spot—which is what he said had happened on the CIA’s X account.
The BBC first reported the news in an interview with McSheehan that was published on Wednesday.
At some point after Sept. 27, the CIA added the link https://t.me/securelycontactingcia to its X profile page, which should have taken users to its Telegram channel for people wanting to share tips.
However, because of the X glitch, the link was condensed to https://t.me/securelycont—which was a URL for an unused Telegram account. If the error was noticed, anyone could have claimed the link for their own Telegram channel and had the traffic from the CIA’s X account directed to their own page.
“It was a perfect storm for something pretty bad to happen—and potentially in an undetected way for quite some time assuming a perfect replica of the CIA channel was produced,” McSheehan said in his post on X. “This could have [allowed] a sustained attack run for the purpose of intercepting sensitive information meant to land in the CIA’s inbox. The attack scenarios are dreadful.”
He told the BBC that when he spotted the error, his “immediate thought was panic.”
“I saw that the official Telegram link they were sharing could be hijacked—and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence,” he said.
Unclaimed Telegram username
In a bid to stop the error being dangerously misused, McSheehan said he registered the unclaimed Telegram username so that anyone who clicked on it would land on his own Telegram channel—which he used to warn people not to share sensitive information.
"I only registered it before baddies did," he told Fortune in an email on Wednesday. "While both of them dropped the ball, it was more of an X mistake than a CIA mistake. I think it also showcases how simple bugs can be dangerous."
X did not respond to Fortune’s request for comment, and a spokesperson for the CIA was not immediately available for comment when contacted outside of usual business hours.
However, the BBC reported that within an hour of it reaching out to the CIA, the mistake on its X bio had been corrected.
In a May 15 post—shared weeks after the CIA’s Telegram channel was set up—officials outlined why they had established a presence on the platform.
“CIA’s global mission requires that individuals be able to contact us securely from anywhere in the world,” the post read. “That’s why, for the first time, CIA is establishing a presence on Telegram—to reach those who feel compelled to engage CIA and ensure they know how to do so as securely as possible… We value those willing to talk with us, and your safety is our priority.”
In another Telegram post, written in Russian, the CIA warned potential aides to “be wary of any channels that claim to represent the CIA.”