ISIS “Cyber Caliphate” Hacks U.S. Military Command Accounts | TechCrunch

The Cyber Caliphate, a hacker group claiming association with terrorist group ISIS, today seized control of the @CENTCOM Twitter and YouTube accounts that represents U.S. central military command.

The hackers tweeted a Pastebin message titled “Pentagon networks hacked. AMERICAN SOLDIERS WE ARE COMING, WATCH YOUR BACK. ISIS. #CyberCaliphate”. The message includes links to supposedly confidential US Army files, though there’s indication that some of these files may have previously been made public or aren’t highly confidential.

Even if only the CENTCOM social accounts were compromised, it shows the sorry state of cybersecurity in the US government. And if the hackers were able to access confidential documents, it could show that ISIS is a more formidable cyber-opponent than some expected.

via ISIS “Cyber Caliphate” Hacks U.S. Military Command Accounts | TechCrunch.

The government spends billions upon billions on IT, and yet is always terribly far behind the curve, with obsolete infrastructure and burdensome, yet ineffective security.

8 thoughts on “ISIS “Cyber Caliphate” Hacks U.S. Military Command Accounts | TechCrunch”

  1. As long as it’s only youtube & twitter accounts I don’t worry too much. Hopefully most of the IT security budget is allocated to more sensitive areas. Of course with an idiotic security structure that allows folks like Bradley Manning access to almost everything it probably doesn’t matter much.

    1. I look askance at any reports that “it was just twitter”. The culprits of this little venture wanted specifically to be noticed. The ones to worry about are the ones you cannot find. And there are plenty of those. Uncle Sam knows of some of them, but we think we know more than we do. That sort of arrogance portends bad things.

    2. There are always people snooping around the internet, with a variety of motives. That is a given. That is why, to paraphrase Goldwater, paranoia in the defense of network security is no vice. It should probably be a job requirement.

  2. This is stupid, why the hell does the Army even have twitter and youtube accounts? There’s no good reason to do so, its not as though people aren’t going to know its there if they don’t get the word out in social media. Nothing but a potential vulnerability, apparently.

  3. To log into any of the 37 training systems DoD uses I have to supply a 15 character password with at least three upper case, three lower case, three numbers – including the last digit of a transcendental number, three special characters, and three characters from a language that hasn’t even been invented yet. Your password expires every 2pi/e minutes and you cannot use a password used anytime in the last 65 million years. Of course nobody remembers these, so they either write them down or just reset it the one time a year we have to log in for our stupid “don’t rape the coworkers” or “don’t cut yourself” training. And then we use Windows and Internet Explorer. Outdated Internet Explorer – we just upgraded to Windows 7 last year and IE10 last month. NMCI must have learned security from the same guy who built Mr. Burns’ vault.

    Hire 100 hackers for 6 months to build a custom Linux distro specific to DoD, then have them start trying to infiltrate other US systems leaving behind detailed instructions on how they got in in a MORON.txt file.

    1. 1. DOD won’t hire the hackers. Can’t have competent people when there are big donors with rice bowls to be filled.
      2. DOD will never do, or be able to do, the right thing in this. FedGov has simply become utterly incompetent. Lincoln’s creation is on its last legs.

    2. You would have to hire another 100 hackers to find all the back doors the first 100 left. And so forth.

Comments are closed.