The official Twitter account for the US Central Command was hacked earlier today by a group claiming to represent ISIS, which is currently using the account to disseminate military data. The account was suspended just after 1:10pm ET, roughly 30 minutes after the first compromised tweets. A linked Pastebin file described the attack as part of a so-called “cyberjihad,” saying “While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you. The hack also hit Centcom’s YouTube page, which posted three ISIS propaganda videos after being compromised.
The attack was accompanied by a document dump, which showed basic research on China and North Korea, including the location of major roads and power plants, along with directories of the names, ranks and phone numbers of various officers. Still, the data does not appear to be of a sensitive nature, and most of the documents involved seem to have been publicly available before the compromise.
It’s not the first time an ISIS-friendly hacker has looked to stir up trouble by targeting social media accounts, although it’s the most prominent example yet. Last week, a similar attack hit the Twitter account for The Albuquerque Journal, a local newspaper, and began to leak similarly low-value information. Because of the publicity involved, the accounts make tempting targets, and are often difficult to fully secure. As a result, attackers are often able to score a win against a military account without having to face the more severe challenges of actual military infrastructure. Ironically, the hack came just after President Obama finished up a cybersecurity speech before the Federal Trade Commission, recommending stronger security measures for US citizens’ data.