Two US Central Command social media accounts – those for its YouTube and Twitter –were hacked on Monday, January 12. Claiming to represent the Islamic State, a.k.a. ISIS, the intruders made a bold and disconcerting threat, as covered by Kim Zetter of Wired.
We will look at the incident as follows:
- What Did the Beheaders Post?
- Pentagon Response & ISIS Background
- Obama’s Legislative Security Agenda
What Did the Beheaders Post?
The terrorist group, famous for beheading Western journalists and humanitarian workers, targeted Central Command because it is the division of the Department of Defense responsible for the Middle East, North Africa, and Central Asia (a region that includes Iraq and Afghanistan).
After accessing the Twitter account, the cybercriminals tweeted as Central Command, in all capital letters (although I will spare you the SHOUTING): “American soldiers, we are coming, watch your back. ISIS.”
The tweet linked to fuller comments from the organization, since we are all eager to hear the life philosophy behind people who publicly decapitate objective and nonviolent citizens. The statement explained that in response to actions by the United States and its allies in Afghanistan, Iraq, and Syria, the Islamic State has infiltrated the networks and computers of the US military. It threatened violence toward nonbelievers. “ISIS is already here, we are in your PCs, in each military base,” it continued in a rambling diatribe, “with Allah’s permission we are in CENTCOM now.” The basic tone of the statement matched what the NSA might sound like if it were screaming, arrogant, and delusional.
Additionally, the hackers removed the Central Command seal in favor of a figure in a black and white keffiyeh, along with the handle CyberCaliphate and the boy-crazy message “i love you isis.” John Constine of TechCrunch reported that Cyber Caliphate is the name of the hacker group that may or may not actually represent ISIS.
The message accessed through the Twitter link, posted on Pastebin, contained links to various US Army files that it intends as evidence of a Pentagon hack. However, the documents aren’t really as top-secret as the intruders wanted them to appear. It’s believed that the files were either already publicly available or weren’t particularly sensitive.
Specifically, the files were a collection of images. Some of them showed spreadsheets that seem to contain home addresses for retired generals of the US Army. Others appeared to show military maps and strategies.
Pentagon Response & ISIS Background
The Pentagon said that the documents were real but that they were not top-secret. They didn’t even come from the Defense Department’s servers but apparently from those of MIT.
Although the document seemed to suggest that the attackers may have feigned an intrusion of the Pentagon, John is still not impressed: “Even if only the CENTCOM social accounts were compromised, it shows the sorry state of cybersecurity in the US government.” Plus, if the terrorists did indeed get into a confidential system, it’s evidence that the Islamic State is more equipped technologically then we had assumed.
Kim reports that Twitter deactivated the account 40 minutes following the initial tweet.
ISIS warned the social network in 2014 when it deactivated an account through which the militants were posting videos of American reporter and nonprofit personnel decapitations. Probably what happened with this hack is that the intruders breached the computer of the individual who maintains social networking for Central Command, thereby gathering the passwords from an individual rather than the government.
Obama’s Legislative Security Agenda
The hack was obviously intended to occur at a very specific time. It took place while Obama was speaking about cybersecurity at the FTC. His address was intended to promote new and improved data safeguards and faster notification when breaches occur. The President is urging Congress to pass the Personal Data Notification and Protection Act, which would make businesses responsible for alerting affected parties within 30 days if any of their sensitive data is compromised. In his speech, Obama mentioned the high-profile intrusions of Sony, Home Depot, and Target as key examples of the need for updated regulations. The bill would integrate the existing breach notification rules that vary from state to state. “Lawmakers have tried for nearly a decade to pass a federal bill to replace the patchwork of state laws, but have repeatedly failed,” explains Kim, “in part because either the laws didn’t go far enough or went too far.”
Obama also advocated for the Student Data Privacy Act, which would disallow schools to share student information beyond any legitimate academic needs. The FTC appearance is one stop on a week that the White House has dedicated to pushing certain bills from various agencies.
Even if we don’t agree with their perspectives, hackers demand our attention. One of the best ways that companies can protect themselves is by adhering to nationally recognized standards Choose Superb with confidence..
By Kent Roberts
Image labeled for re-use via The Mirror