The Cyber Caliphate, a hacker group claiming association with terrorist group ISIS, today seized control of the @CENTCOM Twitter and YouTube accounts that represents U.S. central military command.
The hackers tweeted a Pastebin message titled “Pentagon networks hacked. AMERICAN SOLDIERS WE ARE COMING, WATCH YOUR BACK. ISIS. #CyberCaliphate”. The message includes links to supposedly confidential US Army files, though there’s indication that some of these files may have previously been made public or aren’t highly confidential.
Even if only the CENTCOM social accounts were compromised, it shows the sorry state of cybersecurity in the US government. And if the hackers were able to access confidential documents, it could show that ISIS is a more formidable cyber-opponent than some expected.
Politico reporter Hadas Gold tweeted at 9:46AM PST that “Twitter spox tells me they are aware of Centcom hack and are working on it”.
Update 10:05AM PST: Twitter has now removed the profile image and cover image of @CENTCOM.
Update 10:10AM PST: Twitter has suspended the @CENTCOM account.
Update 10:15AM PST: A defense official has reportedly confirmed the attacks to Fusion reporter Brett LoGiurato, who tweeted “Defense official: “We can confirm that the U.S. Central Command Twitter account was compromised earlier today.”
Update 10:35AM PST: YouTube has suspended CENTCOM’s hacked YouTube account.
Update 11:55AM PST: The Next Web’s Matt Navarra tweeted “Pentagon has requested our assistance with an account security issue, and we’re working with them to resolve it – @Twitter”
Prior to being shut down, the hacked @CENTCOM account tweeted:
The Cyber Caliphate claimed to take control of US media affiliates of Fox and CBS News in Tennessee last week.
In the anonymous text post left on Pastebin, the attackers write:
“In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate under the auspices of ISIS continues its CyberJihad. While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you.
You’ll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now. We won’t stop! We know everything about you, your wives and children. U.S. soldiers! We’re watching you!
Here’s a part of confidential data from your mobile devices:
[Links redacted]
There is no God but Allah and Muhammad is his Prophet! There is no law but Sharia!”
The redacted links lead to files claiming to include a “List of US Army Officers”, “US Army Budget” “US Army Forces” and more. We’re currently looking through the files to determine if they’ve been published elsewhere first. There are reports that many of these files were already available. The Wall Street Journal tweeted “Senior Pentagon official said information posted by hackers on Twitter didn’t appear to be highly classified”.
Here is a screenshot of one file claiming to be an “Army 2020 Leader Book”:
Another supposedly shows how the Army hopes its campaigns will evolve over the next 10 years:
This image from the “War Scenarios” file purportedly shows US plans for using India as a base to deal with simultaneous conflicts in the Middle East and China. However, these files are dated from 2004, 2005, and 2008. The War Scenarios folder includes files named “China Scenario IPB and Collection Needs”, “North Korea Update”,”Caspian Scenario”, “SOCOM Africa Scenario”, and “SOCOM Indonesia Scenario”.
Fortinet’s FortiGuard Labs’ security strategist Richard Henderson tells TechCrunch that “As with many high-profile social media breaches in recent years, it’s highly likely this attack was the result of a targeted spear phishing attack in order to capture social media credentials or deliver malware that provided remote access.”
Henderson says that if confidential files were leaked, “a RAT-style malware attack which allowed exfiltration of documents” may be responsible. He says attacks like this are “the bread and butter of the Syrian Electronic Army”, and that any significant company or government agency should be using two-factor authentication and a separate computer for social media to prevent these kind of hacks.
The ISIS attack shows that the United States may need to significantly step up its cybersecurity as it faces increasing threats from around the world. Between nationally backed hackers from countries like North Korea, and independent terrorists groups, there are more cybersoldiers than ever gunning for America.
To add to the embarrassment, the attack came at the same moment that President Barack Obama was delivering a speech to the FTC on…the importance of cybersecurity.
Comment