Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
U.S. Central Command's Accounts Hacked
ISIS Sympathizers Reportedly Post Warnings, Leak Documents(This story has been updated).
See Also: Gartner Market Guide for DFIR Retainer Services
U.S. Central Command's Twitter and YouTube accounts were hacked Jan. 12, reportedly by ISIS sympathizers. Both accounts were suspended.
The account compromises came the same day President Obama proposed new cybersecurity measures, including a national data breach notification law.
CENTCOM is one of nine unified commands in the U.S. military, with responsibility for 20 countries, including Afghanistan, Iraq and Syria.
"We can confirm that the U.S. Central Command Twitter and YouTube accounts were compromised earlier today," Elissa Smith, a U.S. Defense Department spokeswoman told Information Security Media Group the afternoon of Jan 12. "We are taking appropriate measures to address the matter."
In a statement issued later on Jan. 12, CENTCOM said the compromise of its accounts lasted for approximately 30 minutes. "CENTCOM's operational military networks were not compromised, and there was no operational impact to U.S. Central Command," the statement said. The compromised Twitter and YouTube accounts will be restored as quickly as possible, according to CENTCOM.
"We are viewing this purely as a case of cybervandalism," the statement said. "In the meantime, our initial assessment is that no classified information was posted and that none of the information posted came from CENTCOM's server or social media sites. Additionally, we are notifying appropriate DoD [Department of Defense] and law enforcement authorities about the potential release of personally identifiable information and will take appropriate steps to ensure any individuals potentially affected are notified as quickly as possible."
The CENTCOM breach is an embarrassing moment for the U.S. government, says Tyler Shields, a security analyst at Forrester Research. "It's bad enough when your social media outlets are hacked and used to leak information," he says. "It's double damage when it comes the same day as your president is pushing cyber legislation."
Attack Details
At the time of the attack, a series of tweets were published with apparent warnings coming from ISIS, an extremist Islamic group that controls hundreds of square miles in the Middle East, according to CNN. The tweets also included links, images and Pentagon documents that reveal contact information for members of the military, the news report says.
The Twitter account's profile image was also changed to a black-and-white photograph of a person wearing a scarf, and contained the words "CyberCaliphate" and "I love you isis."
Source: Washington Post
CENTCOM's hacked YouTube page contained ISIS propaganda videos depicting militant fighters, according to CNN. The hackers responsible for the compromises also claimed to have obtained and released classified documents, although Defense officials told CNN that the documents were not labeled as classified.
Defense officials speaking to NBC News said that some of the information posted was out of date. Some of the leaked information included slides that purported to show plans involving China and North Korea, although officials say that some of them were produced by the Massachusetts Institute of Technology. "This is clearly embarrassing, but not a security threat," the defense official said to NBC News.
As of 3:00 p.m. ET, CENTCOM's Twitter and YouTube accounts were still suspended.
Immediately after the CENTCOM hack, the U.S. General Services Administration began a widespread distribution of guidance for preparing for and responding to social media hacking, a spokesperson tells Information Security Media Group. That guidance included "an instructional video on how to increase security with two-step verification, and asked more than 800 federal managers in the SocialGov Community to conduct independent audits of their programs and confirm the audits with their leadership," the spokesperson says.
To combat social media risks, organizations should implement strong passwords and two-factor authentication to secure their accounts, Forrester's Shields says. "It all boils down to what the particular social media site supports and what you are willing to layer on top of that out-of-the-box support," he says. "In the case of the U.S. government, they should certainly be doing quite a bit around security of these sites."