Cyber Insecurity

The troubling implications of the Central Command social media hacking.

800px-Cyber_Security_at_MoD_MOD_45156131In a coincidence many Americans may see as emblematic of the administration’s approach to global terror, President Obama was addressing the nation regarding cyber security Monday while hackers claiming to represent ISIS assumed control over the media accounts of the U.S. military’s Central Command (CENTCOM). “ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now,” said one tweet sent from CENTCOM’s account.

The hacking of the command’s Twitter and YouTube accounts began Monday afternoon and lasted approximately 30 minutes before the accounts were taken offline. But that window offered the hackers the opportunity to post a string of tweets in support of ISIS, threats against U.S. military forces and their families, and military documents that included contact information for senior military personnel.

CENTCOM downplayed the entire incident. “CENTCOM’s operation military networks were not compromised and there was no operational impact to U.S. Central Command,” a statement said. “CENTCOM will restore service to its Twitter and YouTube accounts as quickly as possible. We are viewing this purely as a case of cybervandalism.”

The statement further explained the sites in question “reside on commercial, non-Defense Department servers.”

Motherboard, self-described as “an online magazine and video channel dedicated to the intersection of technology, science and humans,” reveals otherwise. "Some of the documents are from password protected sites,” said Army Public Affairs Office spokeswoman Alayne Conway. “You either need to work with the organization or you need to have a common access card, they're called TacCard, to get into those websites to gain that information. You have to work with that office, and have a need for that information, to receive that information. Some of it may be personal addresses, phone numbers, information of that sort, so it's not something that we'd make publicly available.”

The hack began at approximately 12:30 p.m. when the background and profile photo of the Twitter account were changed and an image of a militant appeared along with the words “CyberCaliphate” and “i love you isis.” Two other tweets were more to the point. “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK,” stated one. "In the name of allah NUCLEAR BOMBS will explode in your weak heads,” stated another.

Other content posted on Twitter included the aforementioned contact info, as well as scenarios for engagements with China and North Korea, and details dealing with the use of intelligence, surveillance and reconnaissance assets.

On the YouTube account, a number of videos were uploaded, including one entitled, “O Soldiers of Truth Go Forth,” urging viewers to “rally the soldiers of the Islamic State.”

CENTCOM’s Facebook account remained unaffected.

Conway addressed where the Army was going from here. "I'm working closely with our social media division to take a look at the items, and then if we need to take next steps—for example, to notify someone and say that this information has been released—we're doing that,” she explained. “Some of the stuff is common sense, making sure that passwords are changed out so someone can't hack into these accounts, these are the corrective measures we're taking at this point.”

White House Press Secretary Josh Earnest revealed the Obama administration was taking the breach “seriously," but insisted that there is a “pretty significant difference” between “a large data breach and the hacking of a Twitter account.”

His sentiments were echoed by Peter Singer, a strategist and analyst with the New American Foundation in Washington. “Let’s remember this is a social media account,” he insisted. “This is not a military command and control network. This is not a network that moves classified or even non-classified internal information back and forth. Essentially what (the hackers) did is for several minutes take control of the megaphone.”

Singer did admit the breach was a public relations coup for ISIS even if they aren’t directly involved. "The propaganda impact of this hack is real," he said. "It's this meme of a powerful institution embarrassed by the little guy. It's a meme that resonates.”

He further noted that no matter who’s responsible, ISIS’s cause is enhanced, much like it was when their flag was displayed in Sydney, Australia, and during the Paris attacks last week. "It's a hanging question over the Paris attacks—when someone says 'I pledge my allegiance to ISIS,' does that mean they had contact with an organized group run out of ISIS's territory or does it mean they were inspired by or sympathized with ISIS?” Singer wondered. "Or is it someone saying 'This is a group I'm a fan of, and I'm joining in? It's a question in the real world and it is even more applicable in the cyber world, because you have all these other groups out there and individuals who might be sympathizers or they might just be people who do these kinds of things for the lulz (laughs).”

Many believe the hack may have been perpetrated by a group known as CyberCaliphate, who claimed responsibility for a similar series of pro-ISIS tweets  and images affecting the feeds of the Albuquerque Journal, CBS and Fox affiliates, and a Tennessee station earlier this month. But J.M. Berger, an analyst and non-resident fellow with the Brookings Institution, insists someone directly involved with ISIS could be the perpetrator. “ISIS has a team of hackers who are very deeply involved in ISIS the organization,” he explained. “They have been practicing and recruiting for a while, and this has been going on for months and months.”

The FBI is investigating the breach. "Additionally, we are notifying appropriate DoD and law enforcement authorities about the potential release of personally identifiable information and will take appropriate steps to ensure any individuals potentially affected are notified as quickly as possible,” CENTCOM said.

As is often the case with the most “transparent administration in history," the truth remains elusive. Nonetheless, the media remains reliably in its corner. Time Magazine’s Mark Thompson, who labeled the incident "embarrassing—but apparently nothing more" assured us that classified info was “apparently” secure. The Washington Post’s Brian Fung and Andrea Peterson insist that "it doesn't appear” the hackers inflicted any lasting damage on our national security apparatus. Such qualifiers stand in stark contrast to Conway’s assertion that some of the information was stored on "password protected sites”—meaning it’s possible the hack went further than accessing the commercial servers associated with Twitter and YouTube.

Or maybe not. Yesterday, President Obama was poised to announce legislation that would shield companies from litigation if they shared computer data with the government in order to prevent cyber attacks. Opponents of the measure insist adequate safeguards are already in place. “We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a group dedicated to defending privacy rights. He cited disclosures about the scope of the NSA’s reach as evidence that “the agencies already have a tremendous amount of unnecessary information.”

Does the CENTCOM hack justify the further expansion of the federal government's surveillance apparatus, or is it a conveniently exploitable moment? It would be far easier to determine the answer were it not for this president’s extra-constitutional urges, and the reservoir of ill-will built up by an administration mired in numerous scandals. Unfortunately, the line between legitimate national security needs and America’s devolution into a police state is getting increasingly blurred.

Freedom Center pamphlets now available on Kindle: Click here.   

Subscribe to Frontpage’s TV show, The Glazov Gang, on YouTube and LIKE it on Facebook.

Share