The FBI is investigating the hacking of the US Central Command's Twitter and YouTube accounts by a group claiming to back Islamic State which calls itself CyberCaliphate.
But CentCom has issued a statement describing the incident “purely as a case of cybervandalism”.
“CentCom’s operational military networks were not compromised and there was no operational impact to US Central Command,” the statement said.
According to CentCom, the social media sites were compromised for approximately 30 minutes, but reside on “commercial, non-Defense Department servers”.
Both sites were taken offline to clean up messages and internal military documents posted by the hackers, but were restored several hours later around 0300 UK time.
CentCom said an initial assessment indicated no classified information was posted and none of the information posted came from CentCom’s server or social media sites.
“We are notifying appropriate DoD and law enforcement authorities about the potential release of personally identifiable information and will take appropriate steps to ensure any individuals potentially affected are notified as quickly as possible,” that statement said.
READ MORE ABOUT HACKTIVISIM
- Syrian hacktivists find new way to target Reuters
- CNN latest target of Syrian hacktivists
- Hacktivists hijack Skype social media accounts
- Syrian hacktivists target Thompson Reuters
- Hacktivists deface Australian websites over spying reports
- Pro-Palestinian hacktivists hit security sites
- Hacktivists hit Angry Birds website after spying claims
- Hacktivists target MP's website
- Syrian hacktivists down New York Times website
- The hacktivist threat to enterprise security
- Ghost Shell hacktivists publish over a million credentials
- Security intelligence firm Stratfor investigates hacktivist attack
- UK hacktivist cases should spur business to action, says lawyer
- RSA 2012: Forget about hacktivists, say security experts
- 2012 Verizon DBIR: Hacktivists make impact on data breach statistics
- Website weaknesses at fault in T-Mobile hacktivist attack
Obama speech timing
Commentators said the hacking of the social media accounts appeared to be timed to coincide with a speech by president Barack Obama on cyber security to cause maximum embarrassment.
Obama said the recent major security breaches at US retailers and Sony Pictures Entertainment were a direct threat to the economic security of the US and had to be stopped.
A White House spokesman said the US was investigating the extent of the CentCom compromise, but said there was a significant difference between a large data breach and the hacking of a Twitter account.
An unnamed Pentagon official told Reuters the hacking was an embarrassment, but did not appear to be a security threat.
Ken Westin, senior security analyst at Tripwire, said it was no coincidence that the CentCom social media accounts were compromised as Obama announced new cyber safeguards.
“The CyberCaliphate to date has been adept in utilising website defacements as a means of propaganda in support of Islamic State,” he said.
According to Westin, the latest action against CentCom’s social media accounts is an escalation that should concern the US government.
“The fact they were able to compromise the accounts should force the government to re-evaluate their security policies when it comes to social media,” he said.
For example, Google and Twitter both provide two-factor authentication, but it is not clear whether this safeguard was used for the compromised CentCom accounts.
“If two-factor authentication was not used, it would show a serious lapse in security,” said Westin.