Just about the same time that President Obama addressed the nation Monday regarding national cybersecurity efforts, the pro-ISIS hacker group called CyberCaliphate hacked the Twitter and YouTube accounts of the US Central Command (CENTCOM), and used the accounts to disseminate their propaganda and leak information on CENTCOM personnel and other documents.
One of the posts before the hacked site was taken down warned, "American Soldiers, we are coming, watch your back," adding, "we know everything about you, your wives and children. US soldiers, we are watching you."
The Pentagon said the information posted by CyberCaliphate was not "highly classified."
Other officials confirmed that nothing posted by the CyberCaliphate on Twitter was classified and consisted of publicly available open sources.
Officials further said none of the leaked materials are newer than 2008 based on embedded dates on documents, and that many of the addresses, emails, phone numbers of senior and other military personnel included on presumed hit lists are outdated. Disturbingly, though, the Social Security Numbers of some past and present personnel were included.
The CENTCOM Twitter account was live for about 45 minutes before being taken offline, and the official CyberCaliphate Twitter account, which announced the hack of CENTCOM’s Twitter account, was suspended.
Meanwhile, though, “Users on the pro-ISIS message board Jihadi Media Platform (Alplatformmedia.com) celebrated the hack and posted messages of encouragement,” said the Middle East Media Research Institute (MEMRI) which monitors jihadi social media.
User Muawhid Al-Ma’ribi wrote: "I swear by Allah, [the hack is] a great strike." He later added: "We defeated Twitter’s administration, hacked the Americans’ accounts, gathered their data, and terrified their leadership …”
Another user, Falah, wrote: "Twitter [administration] is going to go crazy."
Al Nu’man Al Jaza’iri wrote: "Allah Akbar … By Allah, a great and delighted act. Thanks to Allah."
User Mata Al Sa’a wrote: "This is the first [rain] drop, and we await the rain, Allah willing …”
According to MEMRI, said the “CyberCaliphate began operating only recently, and has already claimed responsibility for multiple cyber attacks on US targets, including, on December 24, 2014, the Albuquerque Journal and unnamed ‘official network communications.’ The group also claimed to have hacked the FBI’s New Mexico office on January 7, 2015.
The CENTCOM Twitter hack “follows the recent and growing trend of jihadi groups getting involved in hacking activities,” MEMRI Executive Director Steven Stalinsky told Homeland Security Today. “It also highlights the fact that there should be better cybersecurity on accounts belonging to government and military agencies, as well as other groups.”
Stalinsky said, “The fact that a pro-ISIS element was able to hack into a military account should serve as a warning that social media companies, notably Twitter, need to do more to not only protect accounts from being easily hacked; but more importantly, they need to address the issue of terrorists groups actively using their services. This is just another recent example – which there are countless others. It was disturbing to see the CyberCaliphate’s live Tweeting it’s hacking into CENTCOM, which was covered by just about every major news outlet before the actual account was shut down.”
"As I have repeatedly warned in the past, extremists are developing the capability to conduct cyberattacks against US interests and those of our allies. The fact that individuals claiming to be affiliated with ISIS took control of the US military’s Central Command’s social media accounts today is severely disturbing,” said Rep. Michael McCaul (R-Texas), chairman of the House Committee on Homeland Security.
McCaul said, “Assaults from cyber-jihadists will become more common unless the administration develops a strategy for appropriately responding to these cyberattacks—including those like the North Korea attack against Sony. Without laying out the rules of the game for offensive responses and having direct consequences, cyber threats and intrusions from our adversaries will continue and escalate.”
“There are many ways a social media account can be hacked. It could be one gathering enough information to find the password or it could be a software tool that utilizes the user name and algorithms. CENTCOM is an obvious target for ISIS. Social media has been a tool, but this is a turn where the group has been able to send a message with the perception of much bigger problem,” Director of Intelligence Services at MTN Government Ben Shaw told Homeland Security Today.
MTN Government’s Social Media for Threat Intelligence Services, powered by the ZeroFOX patented enterprise-security platform, can identify malicious actors, threats and targeted attacks to provide proactive, actionable analytics and intelligence prior to any network compromise.
“What does [the CENTCOM Twitter hack] mean? Firstly, this doesn’t necessarily mean that any government system was hacked. Yet, it does mean that the adversary had a way of getting a user name and a password,” Shaw said. “It would be interesting to find how that was discovered. While this hack was not a DoD command and control system or network, it still creates a public perception of vulnerability, an ever growing challenge with social media. It may also indicate that adversities have potentially been in social media accounts and trying to collect data in a passive manner.”
“What’s the way forward now? There needs to be a level of understanding, being that it was Twitter that was hacked, in this instance,” Shaw continued, noting, “It will happen again, and the way to protect organizations from social media threats is through good security policy and training. Social media is a new medium for communications. Many use it in good faith and some in an adversarial manner. A good question to pose is, do all government agencies truly need individual social media accounts? Also, who does and who does not provide value to help the war fighters?”