MS Risk Blog

Twitter, YouTube of US Central Command hacked by ISIS supporters

Posted on in ISIS, United States title_rule

13 January – US Central Command’s (CENTCOM) official Twitter feed and the YouTube page were hacked on Monday. CENTCOM uses its Twitter feed post regular updates on the coalition airstrikes against Islamic State in Iraq and Syria. The social media accounts were compromised for approximately 30 minutes, after which CENTCOM regained control and suspended the accounts. The feeds were resumed hours later.

The hackers left a series of threatening messages, the longest of which stated: “In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate under the auspices of ISIS continues its CyberJihad. While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you,” the message reads. “You’ll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. We won’t stop! We know everything about you, your wives and children. U.S. soldiers! We’re watching you!”

The messages also stated, “ISIS is already here, we are in your PCs, in each military base.” They added that that they had affected CENTCOM’s computers, and warned, “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS. CyberCaliphate.”

In the short time the hackers had control of the Twitter feed, they proceeded to tweet a roster of military personnel names and contact information, and then released what they claimed to be “confidential data” obtained from mobile devices. The US Army confirmed that some of the documents were from password protected sites. However, other documents appear to have been publicly available on the Pentagon website. The majority of the documents are dated 2005, with the most recent being 2008. Two other tweets called “China Scenario” and “North Korea Scenario” delivered files which appeared to displayed US surveillance or war scenarios for China and North Korea. The data within those files include PowerPoint slides that appear to have been taken from military presentations, including one entitled: Army Force Management Model. It is possible that some of the password protected information released by the group was also available publicly. CENTCOM is investigating any potential security breaches.

The missive has caused many to believe that the hackers are members or affiliates of ISIS, the terrorist organisation that has swept through Iraq and Syria over the past year. However, certain indicators suggest that the hack may have come from a person or persons who claimed to be ISIS but are not operating within the organisation. For example, the term “ISIS” itself is most commonly used in the West. The group itself changed their name to “Islamic State” (Dawla il Islamiya) in June of 2014. Further, the organisation has focused predominantly on the gain of territory and natural resources; if found to be the work of ISIS, this cyber-attack would be their first. Finally, the released documents featuring far Asian countries is not in line with the Middle Eastern focus of ISIS. It is likely that the hackers are supporters of the group but not officially affiliated with ISIS. Twitter has identified and deleted an account using the handle of CyberCaliphate, a term that appeared in some of the missives that were posted.

Tagged as: ,