US Military’s Social Media Accounts Hacked
Timing is everything, so it was unfortunate that as President Barack Obama was giving a speech January 12 about the importance of cyber security, the US military command’s Twitter and YouTube accounts were hacked.
A group claiming to support the Islamic State posted threatening messages and propaganda images and videos, along with some contact information for Army personnel, from the social media accounts for the US Central Command. CentCom is behind the US military campaign against the Islamic State in Iraq and Syria, and the accounts that were attacked frequently post videos of airstrikes there.
The accounts were suspended shortly afterward while authorities investigated the incident. Officials said no classified information was released and none of what was posted came from a government server. From The Washington Post:
“CENTCOM’s operation military networks were not compromised and there was no operational impact to U.S. Central Command,” a military statement said. “CENTCOM will restore service to its Twitter and YouTube accounts as quickly as possible. We are viewing this purely as a case of cybervandalism.”
White House Press Secretary Josh Earnest said the administration is looking into the extent of the hacking. While he said officials are taking the incident seriously, he added that there is a “pretty significant difference” between a large data breach and the hacking of a Twitter account.
Though the episode does essentially amount to little more than an annoyance, it’s still a bit of an embarrassment for the US government. It’s not yet been verified if the hackers are actually with the Islamic State, are sympathizers with the militant group, or are people just pulling a prank, but the incident should lead to an investigation into whether there are any more vulnerabilities in the administration's online accounts and profiles.
After a hack in 2013, Twitter now offers a two-factor authentication process to sign into an account, but it is not a mandatory feature. Without it, logging in requires only an email address and a password. Large organizations typically have many people managing their social media accounts, so security can become a more difficult task because of the number of those who need access to log-in credentials. Consequently, many don’t use the two-step verification process.
It is not clear what level of security any of the government organizations use for their social media accounts. But after these activities, it would be advisable to step up whatever precautions they’re taking, Ken Westin, senior security analyst at cyber security firm Tripwire Inc., told Bloomberg in an email.
“The fact [hackers] were able to compromise the accounts should force the government to reevaluate their security policies when it comes to social media,” he said.
