Hackers sympathetic to the Islamic State in Iraq and Syria (ISIS) took over the United States Central Command’s Twitter (NYSE: TWTR) and YouTube accounts for about an hour on Monday and posted a number of inflammatory comments, photos, and videos before the Pentagon was able to disable its accounts.
Using the alias “CyberCaliphate,” the hackers tweeted repeated threats that ISIS would be coming for American soldiers and their families. The group also released several documents on Pastebin.com, including a list of work phone numbers of current Army officers as well as the email and mailing addresses of dozens of retired generals.
Most of the files appear to have already been publically available online. Noting that the pro-ISIS hackers did not compromise CENTCOM’s operational military networks and have had no operational impact, the U.S. Department of Defense said it was treating the incident “purely as a case of cybervandalism.”
While the Department of Defense’s effort to downplay the cyberattack is unsurprising, its failure to use common security measures to protect its social media accounts is troubling. According to the Wall Street Journal, the DoD manages the Twitter accounts of the nine U.S. combatant commands but the CENTCOM account allegedly did not even have two-factor verification enabled.
With Central Command responsible for overseeing the American air strikes against ISIS, the cyberattack amounts to a propaganda victory for the militants. Most embarrassing for the administration, CyberCaliphate carried out the security breach while President Barack Obama was busy giving a speech to the Federal Trade Commission on cybersecurity and identity theft.
