Supporters of the radical Muslim movement that has captured territory in Syria and Iraq hacked the social media accounts of the U.S. Central Command (USCENTCOM) on Jan. 12 and reportedly posted messages supporting the Islamic State.
The hackers, calling themselves the CyberCaliphate, used their access to three Twitter accounts and a YouTube account belonging to USCENTCOM to post messages and public documents. The attackers portrayed the attack as a significant breach and used the forum to threaten U.S. soldiers, according to a BBC report.
Yet the attack lasted less than 30 minutes and, despite the vandals' assertions, only publicized already-public documents, Ian Amit, vice president for social media security firm ZeroFOX, told eWEEK.
"I don't think it is that serious so far," he said. "Again, we are looking at someone drawing [the equivalent of] graffiti on the wall of a compound. We are not seeing secret documents being leaked."
The Twitter accounts of USCENTCOM are currently suspended.
USCENTCOM is one of six military commands that have responsibility for military operations in a specific geographic region. USCENTCOM is responsible for' 20 nations in the Middle East and Asia, which hold 60 percent of the world's known oil reserves, and works with coalition forces in that region. The three nongeographic commands include the United States Special Operations Command (USSOCOM), the United States Strategic Command (USSTRATCOM) and the United States Transportation Command (USTRANSCOM).
The military command is not the first company or government agency to be hit by the hackers. Attackers compromised a local TV station and newspaper last week using the same sorts of techniques and posting similar content, Amit told eWEEK.
While defacements are among the most rudimentary attacks, they can have a significant impact, he said. In April 2013, attackers took control of a Twitter account for the Associated Press and announced an attack on the White House, which resulted in a sudden drop in the stock market.
"The last two years showed that you do not need to breach the internal network of The New York Times or AP to have an impact," he said. "If your target does not have two-factor authentication or some other type of security, even 23 minutes can have an impact."
The Islamic State of Iraq and the Levant is a Sunni faction that controls territory in Syria and Iraq, against which the United States and many other nations have fought. USCENTCOM has directed air strikes against ISIL positions in both nations.
"Cyber-security needs a fresh approach that includes cloud security, information sharing, and strong account and password controls," Greg Martin, chief technology officer for security intelligence firm ThreatStream, said in a statement on the hack. "This type of hack is commonplace today because passwords alone are no longer good enough to protect access to these types of tools."