This looks at a second major combative political hack since the Monday before Thanksgiving, when the Sony hack was announced. It is a follow-up to our initial coverage on the Central Command hack.
- An Awful Movie
- Twitter Threats
- Creepy Contact Information & Plans
- Obama Roasted at FTC
- Conclusion
An Awful Movie
After making critical comments following the Sony hack of an awful movie that Sony Pictures should have paid Americans to watch, The Interview, President Obama has now been drawn directly into the debate over cybersecurity.
When the studio announced that it would not be releasing the movie since the big cinema chains pulled out (after threats of attacks reminiscent of “the 11th of September 2001”) , Obama said of Sony, “I think they made a mistake.” Obama wanted a strong stance against North Korea. The FBI has said that the Sony hackers were affiliated with the North Korean government, and Slate has said that skeptics of Pyongyang involvement are misguided.
Now the Islamic State (ISIS) took the President and federal government on directly. The YouTube and Twitter accounts for US Central Command were hacked on January 12, while Obama was speaking on cybersecurity at the FTC.
Twitter Threats
Here’s a basic timeline of Twitter’s resolution of the incident, as provided by John Constine of TechCrunch:
12:29 PM EST – ISIS posted its first tweet.
12:46 PM EST – Politico’s Hadas Gold tweeted that Twitter was taking steps to dismantle the terrorists’ access.
1:05 PM EST – The fraudulent images within the account, uploaded by ISIS, were removed.
1:10 PM EST – @CentCom was completely disabled.
1:15 PM EST – Brett LoGiurato of Fusion tweeted that the Department of Defense had verified the intrusion, saying, “We can confirm that the U.S. Central Command Twitter account was compromised earlier today.”
1:35 PM EST – The YouTube account was disabled.
2:55 PM EST – Matt Navarra of The Next Web tweeted that the publication was working with the Pentagon to help it close a security loophole.
The attackers sent out five tweets as Central Command in the short window of time during which they controlled the account. Many social media experts would probably say that’s a surefire road to Twitter burnout, regardless your level of zeal and delusion.
The Twitter and YouTube hacks were claimed by Cyber Caliphate, an organization associated with the decapitation crew ISIS. Cyber Caliphate opened the year by taking over the Twitter accounts of local news outlets in New Mexico, Maryland, and Tennessee. ISIS threatened Twitter in early 2014 when its account was suspended for posting videos of journalists and aid workers being beheaded in the Middle East.
Creepy Contact Information & Plans
The tweets linked to a Pastebin page that contained a lengthier message. “We know everything about you, your wives and children,” it said in part. “US soldiers! We’re watching you!”
The message also indicated that the data had been stolen from Central Command personnel’s mobile devices.
The Pastebin page linked to documents that appear to include names of high-raking US Army officials, the military division’s budget, and details of its weapons. Many of the files were already online, and a Pentagon spokesperson said that they were not top-secret papers.
John interviewed Richard Henderson, a security specialist with FortiGuard Labs, to get his perspective on the intrusion. Richard said that the attack was probably made possible by one of two scenarios, as has been common with recent social network hacks:
- Spear phishing, in which a specific organization or specific users are sent fraudulent emails as bait for them to supply passwords
- Malware that allowed attackers to access the accounts remotely.
If the documents posted by the terrorists were in fact confidential (which now appears doubtful), that may have been made possible by “a RAT-style malware attack which allowed exfiltration of documents,” which are typical of the Syrian Electronic Army.
John also recommended two tactics to keep the terrorists out of a government agency or other enterprise:
- Two-factor authentication
- Use of an independent computer specifically for logging into social networks
Obama Embarrassed at FTC
Clearly this incident was embarrassing for Obama, who was talking about cybersecurity at the FTC when the hack occurred. We shouldn’t allow the terrorists to steamroll the Obama message, though– because he was advocating data protection legislation.
The President argued for the Personal Data Notification and Protection Act, along with the Student Data Privacy Act, noting that over 100 million Americans have had their sensitive data stolen in big hacks of companies ranging from Sony (PlayStation) to Target to Home Depot. “When these cybercriminals start racking up charges on your card,” he said, “it can destroy your credit rating.” The first act would require companies to notify affected individuals within 30 days of a breach, while the second one would prevent schools from sharing student data beyond the educational sphere.
Conclusion
This ISIS attack, which fell just 49 days after the Sony one, provides further evidence that the US needs to put up stronger defenses against its enemies in North Korea, the Middle East, and elsewhere.
Like the federal government, security should be fundamental to our customers. That’s why all of our three world-class data centers are certified to meet SSAE 16.
By Kent Roberts
Public Domain image via Wikipedia
