If you thought 2014 was the year of security breaches, think again: 2015 is giving last year a run for its money already. On January 12, 2015, both the YouTube and Twitter accounts belonging to the US Central Command (CENTCOM) were breached by hackers. Cyber Caliphate, and Islamic terrorist group and ISIS sympathizer, has taken responsibility for the cyberattack. CENTCOM manages the US military operations abroad, including in the Middle East, so it’s easy to see why it was targeted. However, the attack wasn’t a total surprise—the first week of 2015, Cyber Caliphate completed two attacks of US news outlets and threatened more.
The group also claims to have hacked the FBI’s website or social media accounts, but that has yet to be confirmed. However, the CENTCOM social media hack was tough to miss. At 7:07pm, after regaining control of their Twitter account, CENTCOM tweeted, “We’re back! CENTCOM temporarily suspended its Twitter account after an act of cybervandalism,” along with a link to more information on the attack. There are lessons learned from every hack, but it seems like we’re still a far cry from “safe” social media usage.
CENTCOM’s official statement notes that the social media profiles were compromised for half an hour, and noted that Twitter and YouTube are both hosted via commercial sites—just like every other profile on two of the most popular social media platforms in the US. The US military has their own, private, dedicated servers and hosting that (hopefully!) are much more secure. However, the accounts were quickly taken offline after the cyberattack was noticed, but not until the terrorist group did some damage.
There were threatening messages, military documents leaked, and propaganda videos uploaded to the CENTCOM social media sites. One message, posted at 12:29pm EST on Monday, said, “American soldiers, we are coming, watch your back. ISIS,” along with the hashtag #CyberCaliphate. There was also a tweet, “ISIS is already here, we are in your PCs, in each military base.” CNBC has reported that “Later tweets included images of what were apparently spreadsheets labeled as containing the contact info and home addresses of retired US army generals. Other tweets claimed to include military plans from Pentagon networks. One such image showed a map of China with labels of different military assets. Another supposed Pentagon image featured a map of North Korea with labels for nuclear facilities.”
A More Secure Year from Here on Out
Unsurprisingly, details on CENTCOM’s security strategies are tightly sealed, even regarding social media. However, this hack mimics the ones from 2014’s Kmart, Home Depot, Sony and JP Morgan. While it’s not the same cyber attackers, they likely got “in” the same way: Thanks to a lack of two-factor authentication on the servers. That simple security measure should be foundational when choosing a web host or server.
The good news is that CENTCOM’s reported no compromising of military networks and that no classified information was made public. The FBI is working with the Department of Defense with the investigation. However, New American Foundation strategist Peter Singer says, “Let’s remember this is a social media account. This is not a military command and control network. This is not a network that moves classified or even non-classified internal information back and forth. Essentially what they did is for several minutes take control of the megaphone.”
As for the DoD, a spokesperson says, “This is clearly embarrassing, but not a security threat.” Meanwhile, President Obama’s administration is committed to “examining and investigating the extent of this incident.” However, it’s a good reminder for anyone with a social media account—you never know when a cyber attacker might take a liking to you.