Monday afternoon, a group claiming to be supportive of ISIS gained control of the US Central Command's Twitter and YouTube accounts for roughly 40 minutes, tweeting out a series of seemingly-sensitive files. Most of the files can be easily found by Googling, but the Army suggested that some may have been taken from a password-protected drive.
It's not a good look, but what has this hacker group accomplished? Not much of anything, according to cybersecurity experts.
The majority of the documents tweeted and "leaked" on the anonymous site PasteBin appear to be publicly available somewhere, despite the group's suggestion that it was "confidential data from [soldiers'] personal devices." In fact, many of the documents (there are about 20) can be found elsewhere on the internet with a quick search.
But others may be from somewhere else, the Army told Motherboard.
"Some of the documents are from password protected sites,” Alayne Conway, a spokesperson for the Army's Public Affairs Office told us. [Update: We've added additional comments from the Army and CENTCOM below.]
“You either need to work with the organization or you need to have a common access card, they're called TacCard, to get into those websites to gain that information,” she said. “You have to work with that office, and have a need for that information, to receive that information. Some of it may be personal addresses, phone numbers, information of that sort, so it's not something that we'd make publicly available."
Information that was already publicly available included everything from letters from the White House to members of Congress, budget information, and speeches, to scenarios should the US go to war with North Korea or China, which are branded with logos of MIT’s Lincoln Laboratory, a group that does contracting and research for the military.
There’s also a list of military officers’ addresses—current soldiers’ addresses appear to be official office addresses, while retired officers appear to point to private residences. None of the documents appear to be classified.
"It's hugely embarrassing, but let's distinguish between actual military networks used to command and control forces and a social media feed used by a public affairs officer," said Peter W. Singer, a cybersecurity expert with the New America Foundation who has testified about cyberwarfare issues to Congress.
"In all likelihood, this is an embarrassing failure of some kind of quite easy security measure," he added. "Right now there's probably some first lieutenant somewhere with his or her head on the desk going 'oh no, oh no, oh no' right now."
CENTCOM said in a statement to Motherboard that its accounts were, indeed, compromised:
"We can confirm that the CENTCOM Twitter and YouTube accounts were compromised earlier today. We are taking appropriate measures to address the matter. We have no further information to provide at this time."
Conway said the Army is currently thinking about next steps.
"I'm working closely with our social media division to take a look at the items, and then if we need to take next steps—for example, to notify someone and say that this information has been released—we're doing that,” she said. “Some of the stuff is common sense, making sure that passwords are changed out so someone can't hack into these accounts, these are the corrective measures we're taking at this point."
Physical danger or no, it's not exactly ideal that someone was able to hack the military's social media accounts. And if, indeed, these were taken from a password-protected drive, that’s concerning as well. It’s possible, even likely, however, that these documents were posted online in disparate locations and then archived together.
While there's nothing to suggest that the hack is making anyone any less safe, it's still, from a public relations-standpoint, a huge mess.
"The propaganda impact of this hack is real," Singer said. "It's this meme of a powerful institution embarrassed by the little guy. It's a meme that resonates."
the end result is a lot of attention, no actual physical effect
And whether or not the hack was perpetrated by the Islamic State or by a sympathetic group, it does help further their cause. In that way, it's very similar to the Paris terrorist attacks of last week and the displaying of an ISIS flag in Sydney.
"It's a hanging question over the Paris attacks—when someone says 'I pledge my allegiance to ISIS,' does that mean they had contact with an organized group run out of ISIS's territory or does it mean they were inspired by or sympathized with ISIS," Singer said.
"Or is it someone saying 'This is a group I'm a fan of, and I'm joining in?'” he added. “It's a question in the real world and it is even more applicable in the cyber world, because you have all these other groups out there and individuals who might be sympathizers or they might just be people who do these kinds of things for the lulz."
The same image that CENTCOM’s Twitter avatar was changed to—a man wearing a keffiyeh with the message “i love isis” superimposed—appeared during those attacks. Documents from secure municipal government servers were also leaked, including personal employee information.
So, how did this happen? We don't really know. But while the military has all sorts of security measures that protect secure systems, its Twitter and YouTube accounts, in this case, appear to have little more than a password behind it.
The Twitter account and YouTube account were both quickly disabled, and there's nothing really to suggest any more data or hacks are forthcoming or imminent. It was embarrassing, but what really happened? Not much.
"OK, so they took it and what did they post? A picture of a female officer with a goat, and public supposed war plans with China and North Korea that have the MIT Lincoln Labs logo on them," Singer said. "The content is rather weak—you had the feed and this is what you were pumping up? In terms of the impact, the end result is a lot of attention, no actual physical effect."
"It's weird to say, but in a lot of ways, this mirrors the problems other organizations have with Twitter," he added. "The hackers thought so much about the medium, but didn't think about the message."
Update, 1/12/15, 5:20 pm:
The Army has clarified its earlier statement: "We can confirm the U.S. Central Command Twitter and YouTube accounts were compromised earlier today. We are taking appropriate measures to address the matter. We are still assessing the issue but in general terms, we don't post documents with personally identifiable information (PII) on public websites."
CENTCOM has also sent an updated statement: "We are viewing this purely as a case of cybervandalism ... our initial assessment is that no classified information was posted and that none of the information posted came from CENTCOM's server or social media sites."