It was reported yesterday that social media accounts belonging to the U.S. Military were hijacked by ISIS supporters.
The message “American soldiers, we are coming, watch your back, ISIS,” was posted on the U.S. Central Command Twitter feed.
In a statement, CENTCOM was quick to point out that it did not believe that any sensitive information had been posted to the either account and it was purely a case of “cybervandalism”:
U.S. Central Command’s Twitter and YouTube sites were compromised for approximately 30 minutes. These sites reside on commercial, non-Defense Department servers and both sites have been temporarily taken offline while we look into the incident further. CENTCOM’s operational military networks were not compromised and there was no operational impact to U.S. Central Command. CENTCOM will restore service to its Twitter and YouTube accounts as quickly as possible. We are viewing this purely as a case of cybervandalism.
In the meantime, our initial assessment is that no classified information was posted and that none of the information posted came from CENTCOM’s server or social media sites. Additionally, we are notifying appropriate DoD and law enforcement authorities about the potential release of personally identifiable information and will take appropriate steps to ensure any individuals potentially affected are notified as quickly as possible.
Embarrassingly, the hack happened as President Barack Obama was giving a speech on cyber-security.
Reflecting on recent major breaches, like the hack of Sony Pictures, Mr. Obama said in his speech the US had been reminded of “enormous vulnerabilities for us as a nation and for our economy.”
Ken Westin, Security Analyst of Tripwire had this to say on the matter:
It is not a coincidence that this attack occurred just as Obama announced new cyber safeguards. The CyberCaliphate to date has been adept in utilizing website defacements as a means of propaganda in support of ISIS. The compromise of both the Central Command Twitter and Youtube accounts is an escalation that should cause concern for the U.S. Government. The fact they were able to compromise the accounts should force the government to reevaluate their security policies when it comes to social media. Google and Twitter both provide two-factor authentication, it would be interesting to know if this was deployed on these accounts. If not, it would show a serious lapse in security.
Looking at the data that was posted on the Twitter account, much of it appears to be data that was posted publicly elsewhere, so the claims that the Cyber Caliphate has compromised military and government devices may not be true. However, even if military systems and devices have not been compromised, the objectives of the Cyber Caliphate are still achieved thanks to the media frenzy that the compromise and data posted generates.