CENTCOM’s Twitter, YouTube accounts hacked – USA TODAY
The Twitter feed of the U.S. Central Command appeared to be hacked by supporters of the extremist militant group, ISIS on Monday. This unfolded while President Obama spoke on the topic of cyber security.
WASHINGTON — The Twitter and YouTube accounts of the Pentagon’s command for its forces in the Middle East were hacked Monday, according to U.S. Central Command.
The command’s Twitter and YouTube sites “were compromised for approximately 30 minutes,” a statement released by CENTCOM said. “These sites reside on commercial, non-Defense Department servers, and both sites have been temporarily taken offline while we look into the incident further. CENTCOM’s operational military networks were not compromised, and there was no operational impact to U.S. Central Command.”
“We view this as little more than a prank,” said Army Col. Steve Warren, a Pentagon spokesman. “No (Pentagon) systems or computers were compromised.”
Tampa-based Central Command oversees U.S. forces battling militants in Iraq and Syria, as well as its troops in Afghanistan. Along with the U.S. Special Operations Command, it is located at MacDill Air Force Base.
A group calling itself the CyberCaliphate claimed responsibility for the hack.
A Twitter account from a group identifying itself as Anonymous said Monday it had tracked the source of the hack to Maryland, but that was not confirmed by official sources.
Social media accounts, such as those on Twitter or YouTube, are routinely hacked, said Tim Junio, a Stanford University information security expert. “It is usually the result of guessing at passwords or the answers to security questions,” he said.
Though a Twitter account is easier to break into than a Pentagon computer, it’s not trivial, said Jim Penrose, a former National Security Agency computer security expert now with Darktrace, a British security firm.
“There’s been a lot of effort to increase Twitter’s security in the past few months,” he said. A user coming in from a different Internet address would have to answer multiple security questions to be able to change the password on the account and keep legitimate CENTCOM staffers out.
Answering those questions “is quite a complex endeavor,” Penrose said. He wondered whether other CENTCOM systems were compromised, which allowed the hackers into the agency’s Twitter and YouTube accounts.
“I’d be suspicious that it was more than just security question guessing that happened here,” he said.
Ken Westin, senior security analyst for Tripwire, said much of the data posted on the Twitter account were “posted publicly elsewhere, so the claims that the CyberCaliphate has compromised military and government devices may not be true.”
Junio agreed, adding that “the most concerning aspect is probably the potential for propagation of a false myth that ISIS (the Islamic State) or their allies were successful in breaching U.S. CENTCOM or (Pentagon) systems.”
Vanden Brook reported from Washington; Weise reported from San Francisco.