Washington, Jan 13, 2015: Hackers claiming to be working on behalf of the Sunni militant group known as the Islamic State took over the Twitter and YouTube accounts of the U.S. Central Command on Monday, sending out a series of posts far different from the U.S. military’s standard fare.
"In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate continues its CyberJihad," one post on Twitter said. "American soldiers, we are coming, watch your back," said another.
The Defense Department scrambled against the attack. By early Monday afternoon, Central Command had taken down its Twitter account and suspended its YouTube feed. A defense official said that no classified material had been breached and that the military was taking steps to address the matter. The FBI was also investigating.
Josh Earnest, the White House press secretary, said the government was monitoring the extent of the hacking. He played down any comparisons between the hacking of Sony Pictures and the one of Central Command.
"There’s a pretty significant difference between what is a large data breach and the hacking of a Twitter account," Earnest said.
But for the Defense Department, the hacking was, at the very least, embarrassing. A black-and-white banner with the image of a hooded militant and "I love you ISIS" replaced Central Command’s usual banner on Twitter. Some posts listed purported names and phone numbers of U.S. military personnel, while another said the so-called cybercaliphate is "already here, we are in your PCs, in each military base."
Two posts carried links to slides depicting "scenarios" for conflicts with North Korea and China.
Central Command, which had about 113,000 followers on Twitter on Monday, oversees the U.S.-led war against the Islamic State, and has been spearheading hundreds of airstrikes on Islamic State targets in Iraq and Syria. Officials at Central Command could not immediately be reached for comment.
Many of the documents posted by the hackers appeared to be public documents, including transcripts of congressional testimony. Some documents, such as a summary of the costs of major Pentagon weapons systems, are on the Defense Department’s website.
Security experts questioned Central Command’s control of its Twitter and YouTube accounts in light of the security breach. Both Twitter and Google, which owns YouTube, offer users an additional layer of security known as two-factor authentication, which requires a second, one-time password if the user logs into the account from an unrecognized computer. It was unclear whether Central Command social media accounts included the additional security.
"While strong multi-factor login controls exist, it is normal for shared PR accounts like this to lack that additional layer of security, making them an easier target," said Trey Ford, a global security strategist at Rapid7, a Boston security firm.
Rep. Michael McCaul, R-Texas, chairman of the House Committee on Homeland Security, called the cyberattack "severely disturbing." It occurred at the start of a week in which President Barack Obama is expected to focus on cybersecurity.
On Monday, Obama called for federal legislation to force U.S. companies to be more forthcoming when credit card data and other consumer information are lost in an online breach like the kinds that hit Sony Pictures, Target and Home Depot last year.
Courtesy: NDTV