FBI investigates hacked US military social media accounts

The FBI investigates the hacking of the US Central Command's Twitter and YouTube accounts by a group claiming to back Islamic State

The FBI is investigating the hacking of the US Central Command's Twitter and YouTube accounts by a group claiming to back Islamic State which calls itself CyberCaliphate.

But CentCom has issued a statement describing the incident “purely as a case of cybervandalism”.

“CentCom’s operational military networks were not compromised and there was no operational impact to US Central Command,” the statement said.

According to CentCom, the social media sites were compromised for approximately 30 minutes, but reside on “commercial, non-Defense Department servers”.

Both sites were taken offline to clean up messages and internal military documents posted by the hackers, but were restored several hours later around 0300 UK time.

CentCom said an initial assessment indicated no classified information was posted and none of the information posted came from CentCom’s server or social media sites.

“We are notifying appropriate DoD and law enforcement authorities about the potential release of personally identifiable information and will take appropriate steps to ensure any individuals potentially affected are notified as quickly as possible,” that statement said.

Obama speech timing

Commentators said the hacking of the social media accounts appeared to be timed to coincide with a speech by president Barack Obama on cyber security to cause maximum embarrassment.

Obama said the recent major security breaches at US retailers and Sony Pictures Entertainment were a direct threat to the economic security of the US and had to be stopped.

A White House spokesman said the US was investigating the extent of the CentCom compromise, but said there was a significant difference between a large data breach and the hacking of a Twitter account.

An unnamed Pentagon official told Reuters the hacking was an embarrassment, but did not appear to be a security threat.

Ken Westin, senior security analyst at Tripwire, said it was no coincidence that the CentCom social media accounts were compromised as Obama announced new cyber safeguards.

“The CyberCaliphate to date has been adept in utilising website defacements as a means of propaganda in support of Islamic State,” he said.

Security concerns

According to Westin, the latest action against CentCom’s social media accounts is an escalation that should concern the US government.

“The fact they were able to compromise the accounts should force the government to re-evaluate their security policies when it comes to social media,” he said.

For example, Google and Twitter both provide two-factor authentication, but it is not clear whether this safeguard was used for the compromised CentCom accounts.

“If two-factor authentication was not used, it would show a serious lapse in security,” said Westin.

Read more on Hackers and cybercrime prevention