SOAR Platform / Blog / Analyzing The Central Command Twitter Account Hack

Analyzing The Central Command Twitter Account Hack

Central Command’s Twitter account was recently hacked by cyber vandals. This cyber-attack appears to be specifically timed for its optimum public exposure. The hackers waited until the president of the United States publicly discussed cybersecurity with the American community. The hackers claim to have accessed Central Command’s private data. They claim to have knowledge about Central Command’s employees and their families as well. Analyzing the Central Command Twitter account hack can teach us valuable lessons in cybersecurity.

The cost of a data breach can be millions of dollars. In Central Command’s case, the hack was a big hit to their reputation. It is not certain if any military data was threatened.

But how do we effectively defend against a cyber attack?

Having an extremely strong password isn’t enough to protect against this type of data breach. It is important to understand that browsing the Internet alone can infect a computer with malware that logs all of your passwords. It doesn’t matter if you have a 50‑character password with random numbers and symbols. If there is malware on the end, hackers can access all of your credentials and critical data. It is essential to have a solid security operations management plan and process and be proactive in defending against security incidents.

Never underestimate the adversary. CyberSponse is comprehensive security operations management platform designed to proactively help your company prepare to defend against cyber-attacks.  CyOPs™ quickly mitigates any damage caused by an attack. CyberSponse is an automated security management and control platform that will identify security incidents. This helps to quickly mitigate damage caused by threats. Contact CyberSponse and visit our website today to schedule a demo.



Cory Johnson: …on the very day that the President’s talking about cybersecurity, this happens?

Phil Mallingly: Minutes, after he finished speaking, was the first time people started noticing that Central Command’s Twitter account had been hacked. The individuals or a group of individuals who say that they are sympathizers with the Islamic State. They say it’s part of a “Cyber Jihad.” They are part of a “Cyber Caliphate.”

We have a call into Central Command. No confirmation yet on what’s going on, but it’s clear that the account’s been hacked. It also looks like the YouTube account has also been hacked. Poor timing, when you think about the President’s remarks. What this week is all about for the White House, all about cybersecurity.

We need to answer some broader questions about what information they’re actually posting when analyzing the Central Command Twitter account hack. It looked like they were attempting to post addresses of military officers. They are saying that they are posting purported military plans for specific countries like North Korea and China. Once again, no confirmation on whether or not that’s actually the case.

Really poor timing and I think something that, obviously, military officials would be concerned about, going forward. As you noted up top, Cory, this Central Command is the headquarters for all of the US activities against the Islamic State in Iraq and Syria right now. That’s the base in Tampa, Florida, where that’s all coming out of right now.

Sympathizers with the Islamic State, purportedly, are who is behind this attack. At least that’s our initial word on it.

Cory: Joe, let me ask you. Maybe I’m conspiracy‑theory‑oriented, but I tend to believe this kind of thing isn’t just poor timing, that there’s no coincidence here whatsoever. When you look at this, Joe, knowing what you do about cybercrime, does this look like it’s tied into the timing of the President’s remarks?

Joe Loomis: I think it’s a calculated approach. If you’re going to compromise an account, you think about when it is the most ideal time to let the victim know about it. Once they know that they’ve been had, the campaign only. It loses its luster, shortly thereafter.

This proves the point that these things are extremely calculated, and they’re also very patient. Just because they get into an account, it’s not because of just password strength, too.

People need to understand that browsing the Internet alone can infect your computer with malware that logs all of your passwords. It doesn’t matter if you have a 50‑character password with random numbers and symbols. If they have malware on the endpoint, which is your laptop, desktop, they’re going to get all of those types of credentials. I think that by analyzing the Central Command Twitter account hack, this is a demonstration of that.

Cory: ISIS is known to use social media as a recruiting tool and as a way to get their messages out. Their cyber capabilities have not been evidenced ever before.

Phil: I was speaking with some senior Justice Department officials last month about their ability to actually engage in cyber warfare and some types of cyberattacks in the United States. Senior Justice Department officials, prosecutors, FBI folks that have looked into this said in no uncertain terms, they did not think they had that capability yet.

This doesn’t look to be anything of that nature. I think the biggest question and the biggest concern for federal authorities up to this point with the Islamic State were for propaganda purposes.

They have shown extraordinary talent and extraordinary ability to reach individuals, to get individuals interested in the organization and to try and bring those individuals either over to Syria or to try and spur lone wolf types of attacks.

The idea that the Islamic State could ever reach the capability to actually conduct a cyber attack is really the worst fear for a lot of – at least US – cyber command, things of that nature. I think if this, in any way, shows that they are one step closer to that, or hints at that, right now, that would be considered a major problem for US officials.

It would take them a step further, that at least monthly when I was talking to US officials, that they thought they had the capability of actually reaching.

Cory: Couldn’t this be just hackers trying to show off and not, indeed, ISIS in any way? Just using the threat of the day?

Joe: Yes, that is absolutely possible, but we also have to not be naive about what the capability of the organization is. If a 15‑year‑old in his underwear in the basement of his mom’s house can be somewhat effective in being a blackhat, I think that it’s a pretty fair statement to say that it doesn’t take a rocket scientist to develop malware, when it’s commercially available out in the market.

Sometimes malicious actors re-deploy current campaigns that have been previously successful. We’ve seen that before with the Sony attack and regurgitation of malware. Never underestimate the enemy, the old “Art of War” storyboard is “never underestimate” your enemy because their whole advantage of surprise is in the fact that they want to be underestimated.

Cory: While we’ve been talking, the Pentagon has suspended the CentCom Twitter account.