An ISIS sympathizer going by the name CyberCaliphate took control of US Central Command’s Twitter and YouTube accounts today.
A hacker with a nearly identical signature hijacked the social-media accounts of the Albuquerque Journal and a local TV station in Maryland last week, a possible test run for Monday’s far more ambitious act of internet vandalism.
The CENTCOM breach was an asymmetrical attack in the purest sense. It closed the gap between a weak and very limited actor and a much more powerful and numerous opponent.
As the Denver Post recounted after last week’s breach of the Albuquerque Journal and a Salisbury, MD TV station, CyberCaliphate couldn’t even hack his way past the paywall of New Mexico’s Mountain View Telegraph. But single hacker of apparently modest ability was still able to spread propaganda from social-media accounts associated with the commanders of the world’s most powerful military.
The optics of it are terrible for the US and the broader effort against ISIS. And in the social-media sphere, optics can mutate into actual strategic gain. Indeed, the breach was a demonstration of what ISIS and its sympathizers are capable of, and a means of spreading their message even further.
“Nothing released was classified,” Robert Caruso, a former Department of Defence special security officer, told Business Insider of documents that CyberCaliphate tweeted from CENTCOM’s account. “Which is irrelevant, because they communicated threats to retired generals and admirals. It is a big deal.”
Importantly, the attack was not aimed at government computer systems or against CENTCOM itself. CyberCaliphate chose a much easier target: social-media websites with fewer protections than official networks that are nevertheless used by significant components of the US national-security apparatus.
“It’s important to draw the distinction between what’s called USCENTCOM being hacked, and someone compromising the @CENTCOM Twitter account,” says Caruso. “Whoever is responsible for this chose an asymmetric approach because they know the United States is still playing catchup in that arena.”
Going after social media might show that while official networks are actually quite secure against anonymous, amateur hackers like CyberCaliphate, there will always be soft targets vulnerable to troublemakers.
“The fact that the [Department of Defence] has not been hacked like this and that they did have to go after a soft target to me is not indicative,” Yinon Weiss, a former US special forces officer and co-founder of RallyPoint, a social networking website for military professionals, tells Business Insider. “This does not meant to me that this is the tip of iceberg in terms of vulnerabilities. To me it shows that there will always be risks associated with these accounts, especially when you have a lot of people engaging with them.”
As Weiss points out, this will likely be a persistent problem, absent far broader degrees of government control over the internet.
“Having a free society means there’s a certain amount of risk,” says Weiss, “which means that there will always be people who have criminal or terrorist intent who will be able to exploit certain soft targets and weakness in the system.”
CyberCaliphate exploited a fairly significant weakness, perhaps finding a common vulnerability across CENTCOM’s social media presence, like a re-used password, in order to pull off a high-profile simultaneous breach.
Even so, events like today’s hacks are one risk that organisations like CENTCOM take on in even attempting to contest the social media space. The only way to entirely eliminate the risk of breaches like this one is for the US government to leave social media altogether or impose far more restrictive controls online.
The US government may be far more vigilant about its social media security from now on. But it’s also likely that hackers with more sophistication and ability than CyberCaliphate are noting his recent series of successes.
Consequently, today’s breach is be a sign of the new age of cyberwar that’s unfolding.
Business Insider Emails & Alerts
Site highlights each day to your inbox.