This article originally appeared at The WHIR
The Twitter and YouTube accounts of US Central Command (CENTCOM) were hacked on Monday by the Islamic terrorist group Cyber Caliphate. CENTCOM oversees US military operations in the Middle East.
Cyber Caliphate threatened additional attacks in the US after hacking two US news outlets a week ago. The group claimed to have already hacked the FBI at that time.
US Central Command posted to its Twitter account at 7:07 pm saying, “We’re back! CENTCOM temporarily suspended its Twitter account after an act of cybervandalism. Read more:http://t.co/hiwvSp3uWt” According to the statement, US Central Command Twitter and YouTube sites were compromised for about 30 minutes. Both accounts, hosted by commercial sites, not military networks, were taken offline so the agency could investigate the incident.
The group posted pictures posted threatening messages, propaganda videos, and military documents beginning at 12:29 pm EST with the statement, “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS.” using the hashtag “#CyberCaliphate. Another tweet said, “ISIS is already here, we are in your PCs, in each military base.”
“Later tweets included images of what were apparently spreadsheets labeled as containing the contact info and home addresses of retired US army generals,” according to CNBC. “Other tweets claimed to include military plans from Pentagon networks. One such image showed a map of China with labels of different military assets. Another supposed Pentagon image featured a map of North Korea with labels for nuclear facilities.”
It’s unclear what level of security measures are active on the CENTCOM social media accounts. Often hacks such as those in the last year at JP Morgan, Kmart, Dairy Queen,Home Depot, Xbox, ICANN and Sony are the result of simple security measures being ignored. For example, the hack at JP Morgan was due to two-factor authentication missing from one of it’s servers.
Two-factor authentication is a simple security measure that can thwart many attacks. Just having a stolen password is not enough when this measure is in place since a second one-time password is needed to gain access. Hackers stole an employee password at JP Morgan and had simple two-factor authentication been installed on all servers, this could have been prevented.
Two-factor authentication is available on Twitter accounts and on YouTube through the Google sign-in process.
CENTCOM said no military networks were compromised and that no classified information was posted. The agency notified the Department of Defense and law enforcement. The FBI said on Monday that it was working with the DoD to investigate.
“Let’s remember this is a social media account,” Peter Singer, a strategist and analyst with the New American Foundation in Washington, told the Washington Post on Monday. “This is not a military command and control network. This is not a network that moves classified or even non-classified internal information back and forth. Essentially what they did is for several minutes take control of the megaphone.”
A US Department of Defense official told NBC News “this is clearly embarrassing, but not a security threat.”
The Obama administration is “examining and investigating the extent of the incident,” White House Press Secretary Josh Earnest told reporters on Monday. “This is something we are obviously looking into and something we take seriously.” However, he made the distinction that the hacking of a Twitter account is much different than a large data breach.
This article originally appeared at: http://www.thewhir.com/web-hosting-news/us-military-social-media-accounts-hacked-isis-sympathizers-cyber-caliphate