IS Hack of US Central Command's Twitter and YouTube accounts

[Garth]

This is the most disturbing news US Central Command's Twitter and YouTube accounts have been hacked by a group claiming to back Islamic State.

Firstly are we sure it is the IS?

Secondly how did they do it, and surely the military/government ought to be on top of the game with security?

Thirdly what damage might the hackers do? i.e. What is the threat?

Garth

 

[Bystander]

Thirdly what damage might the hackers do?

On Twitter? And YouTube? Damage?

 

[DrClaude]

Firstly are we sure it is the IS?

Is there a difference between IS doing it and someone doing it in its name?

Secondly how did they do it, and surely the military/government ought to be on top of the game with security?

As the article itself states, they did not need to hack into any military computer to do this. They hacked into Twitter and YouTube accounts.

Thirdly what damage might the hackers do? i.e. What is the threat?

Bad PR for the US.

 

[Dotini]

This is the most disturbing news US Central Command's Twitter and YouTube accounts have been hacked by a group claiming to back Islamic State.

Firstly are we sure it is the IS?

Secondly how did they do it, and surely the military/government ought to be on top of the game with security?

Thirdly what damage might the hackers do? i.e. What is the threat?

Garth

According to at least two reports today on CNBC, IS has obtained a list of addresses of retired US generals from the hacked accounts.

 

[Greg Bernhardt]

According to at least two reports today on CNBC, IS has obtained a list of addresses of retired US generals from the hacked accounts.

Why on Earth would youtube and twitter accounts contain such information?

 

[Garth]

As the article itself states, they did not need to hack into any military computer to do this. They hacked into Twitter and YouTube accounts.
Bad PR for the US.

I hope that's all it is.

From the BBC report above:

Some internal military documents also appeared on the Centcom Twitter feed.

Garth

 

[Choppy]

I bet this is all because someone didn't use a password that included a number and a special character.

 

[DrClaude]

From the Guardian:

Other messages from the “CyberCaliphate” implied that the hackers had captured military secrets, but the documents which were disseminated contained widely available and non-official information.

Central Command said it viewed the hack as “purely an act of vandalism,” adding that no classified information divulged or operational networks had been affected. None of the documents tweeted by the “CyberCaliphate” came from the command’s servers or social-media accounts, it said in a statement.

 

[Garth]

From the Guardian:

Other messages from the “CyberCaliphate” implied that the hackers had captured military secrets, but the documents which were disseminated contained widely available and non-official information.
Central Command said it viewed the hack as “purely an act of vandalism,” adding that no classified information divulged or operational networks had been affected. None of the documents tweeted by the “CyberCaliphate” came from the command’s servers or social-media accounts, it said in a statement.

"Well he would say that, wouldn't he?"
(Mandy Rice-Davies - While giving evidence at the trial of Stephen Ward, charged with living off the immoral earnings of Keeler and Rice-Davies)

In the military, as in politics, you broadcast your strengths and hide your weaknesses.

Garth

 

[DrClaude]

"Well he would say that, wouldn't he?"
(Mandy Rice-Davies - While giving evidence at the trial of Stephen Ward, charged with living off the immoral earnings of Keeler and Rice-Davies)

In the military, as in politics, you broadcast your strengths and hide your weaknesses.

Garth

I would agree with respect to the comments of Cencom. But the first quote, that "the documents which were disseminated contained widely available and non-official information," I took to be coming from the reporter.

 

[Garth]

I would agree with respect to the comments of Cencom. But the first quote, that "the documents which were disseminated contained widely available and non-official information," I took to be coming from the reporter.

CNBC

Government officials told NBC News that the Twitter and YouTube accounts are not classified, and that none of the information posted by the hackers was actually classified—the names and contact information are "official use only," they said.

We just don't know how serious the breach was at present.

Garth

 

[SixNein]

On Twitter? And YouTube? Damage?

There is more embarrassment than damage.

 

[Dotini]

In a CNBC interview yesterday with a talking head security expert, it was said that even though the US rules the world in terms of military hardware and fighting force, in the realm of cyber warfare "we are dealing with peers".

http://www.reuters.com/article/2015/01/12/us-cybersecurity-centcom-hack-idUSKBN0KL1UZ20150112
The Twitter account published a list of generals and addresses associated with them, titled "Army General Officer Public Roster (by rank) 2 January 2014."

Subsequent posts read, "Pentagon Networks Hacked! China Scenarios" and "Pentagon Networks Hacked. Korean Scenarios."

Central Command said it was notifying Pentagon and law enforcement authorities about the potential release of "personally identifiable information" and work to make sure the people "potentially affected" are notified quickly.
-----------------------------
After the hacking, the heading of the Central Command Twitter account showed a figure in a black-and-white head scarf and the words "CyberCaliphate" and "I love you ISIS."

Central Command's YouTube account featured videos posted by the U.S. military of air strikes on Islamic State targets in Syria and Iraq. It was hacked to add two videos titled "Flames of War ISIS Video" and "O Soldiers of Truth Go Forth."

Some of the slides posted on the Twitter account by the hackers apparently were created by Lincoln Laboratory, a federally funded research center at the Massachusetts Institute of Technology that studies national security problems.

Lincoln Lab did not immediately respond to questions about the background and sensitivity of the slides, some of which dealt with intelligence and reconnaissance that might be needed in a conflict scenario involving China.

 

[lisab]

Why on Earth would youtube and twitter accounts contain such information?

Good question. I'm not sure we'll get a straight answer, unfortunately.

 

[Garth]

At least somebody agrees with my OP: From that Dotini's Reuters link

http://www.reuters.com/article/2015/01/12/us-cybersecurity-centcom-hack-idUSKBN0KL1UZ20150112

But the chairman of the U.S. House of Representatives Committee on Homeland Security, Republican Michael McCaul of Texas, called the incident "severely disturbing."

It's not the hacked material published on the Twitter and YouTube accounts for the U.S. military command that is particularly worrying, it is the fact that they were able to infiltrate it in the first place and the content of other material that they might have been able to obtain.

Garth

 

[Dotini]

Great news!

The president has declared a national emergency and signed an executive order which gives the Treasury Department the authority to apply sanctions and freeze the assets of anyone in the world, either with his fingers on the keyboard or standing alongside him, who threatens the security, foreign policy, economy or finances of the United States.

http://abcnews.go.com/International/national-emergency-us-slap-sanctions-hackers/story?id=30045263

https://www.whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats

"the President announced a new sanctions program that authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to sanction malicious cyber actors whose actions threaten the national security, foreign policy, or economic health or financial stability of the United States."

(Bolding by the National Security Council.)

 

[Garth]

Great news!

The president has declared a national emergency and signed an executive order which gives the Treasury Department the authority to apply sanctions and freeze the assets of anyone in the world, either with his fingers on the keyboard or standing alongside him, who threatens the security, foreign policy, economy or finances of the United States.

http://abcnews.go.com/International/national-emergency-us-slap-sanctions-hackers/story?id=30045263

https://www.whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats

"the President announced a new sanctions program that authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to sanction malicious cyber actors whose actions threaten the national security, foreign policy, or economic health or financial stability of the United States."

(Bolding by the National Security Council.)

Has the fact that they were both posted yesterday anything to do with it?

Garth

 

[Dotini]

Has the fact that they were both posted yesterday anything to do with it?

Garth

IMO, by injecting some doubt and humor, it inoculates the posts against being taken too seriously, to pass more lightly under the radar of a weary public.