The Monday takeover of the U.S. Central Command (Centcom) Twitter and YouTube accounts could represent the start of a new era of cyber vandalism targeting the U.S. government, security experts said.
The Islamic State in Syria and Iraq (ISIS) has taken credit for the attack, during which hackers took over the Centcom accounts for roughly 30 minutes and they tweeted out pro-ISIS messages and spreadsheets with military officials’ information. Centcom said Monday that its "operatioonal military networks" were not compromised in the attack.
It’s perhaps the most high-profile digital defacing of a U.S. government website or account to-date by a militant group, said several security experts. In prior cyber vandalism incidents, the government was usually battling hacking collectives with a political activist bent — groups such as Anonymous or LulzSec.
“It’s sort of shifting the boundaries of hacker groups,” said Jeff Williams, the chief technology officer at Contrast Security, an application security firm.
“A lot of these militant or extremist-type groups are just starting to gain these capabilities today,” said Jon Miller, vice president of strategy with cybersecurity firm Cylance. “If anything, we’re starting to see the beginning of it.”
These boundaries have been shifting for some time. The Syrian Electronic Army (SEA) — which supports Bashar al-Assad’s Syrian regime — has launched cyberattacks and cyber defacement campaigns against major media companies, hacking the Twitter accounts of the Associated Press, Reuters and The New York Times, among others.
The group even infiltrated and defaced the U.S. Marine Corps’ recruiting website in 2013, replacing the homepage with a message calling on U.S. soldiers to join in the fight against Syrian rebels in the country’s ongoing civil war.
Similarly, pro-Russian government hackers recently took down German government websites, demanding the country cut off its support of the Ukrainian government, which is at odds with Moscow.
But the connection between these groups and the governments they support is murky at best. And neither of them represented a distinct militant group with its own agenda, like ISIS.
Which is why Monday’s cyberattack stood out.
“A lot of this is all brand new,” Miller said. “That’s what is really getting scary.”
But cyber experts cautioned against drawing quick conclusions about the cyber capabilities of ISIS. Chances are the hackers were using black-market purchased malware — not custom built — and likely got in by exploiting simple vulnerabilities, Williams explained.
Social media accounts are inherently vulnerable at organizations because multiple people have to share a single log-in, exposing it across numerous computers, Williams explained. Two-factor authentication — where a log-in is backed up with a code sent to a cellphone — only works when one individual controls an account.
“There’s not much that Google and Twitter can do about that,” he said.
Centcom confirmed late Monday that its “operational military networks were not compromised” and said none of the information posted appeared to be classified as the hackers claimed.
“At the same time,” Miller said, “everyone needs to increase their vigilance dramatically.”
“The U.S. government has probably the largest attack surface of anything on the Internet,” he added, explaining that one advanced hacker could likely break into most official Twitter accounts over a long weekend.