Why We Shouldn’t Ignore the CENTCOM Twitter Hack

​The US Central Command's (CENTCOM) Twitter and YouTube accounts were hijacked by the self-styled CyberCaliphate yesterday, sending pro-ISIS messages and tweeting mostly-public documents for a short while before the account was ultimately suspended.

In a statement to reporters, CENTCOM dubbed the hack "cybervandalism," noting that its servers were not compromised. In the end, the "hack" amounted to a few annoying tweets and some scandalous-looking (but not really) documents being posted online.

This has led some commentators to write the hack off as "no big deal," often referencing a strip from the popular XKCD webcomic that refers to such hacks as nothing more than tearing down a poster. And they're right: The outcome of the attack has so far been revealed to be little more than embarrassment.

But Marc Rogers, the director of security operations for DEFCON, one of the world's largest hacker conferences, says ignoring the attack is a mistake. It's not what happened this time that should concern us, he told me, but what could happen next time.

"If these guys had been a little bit smarter, they could have done a lot more damage with access to that account," said Rogers. "We tend to trust accounts that belong to the military establishment. People might see things coming from the CENTCOM account and assume it's safe. If the attackers were distributing malware, they could infect a lot of people before anyone caught on to it."

In other words, if attackers with a little more foresight and wherewithal gained access to a military-run account, it would be less like tearing down a poster, and more like hijacking a radio signal to disseminate misinformation—a possibility of slightly more concern. For example, remember when a fake AP tweet caused the stock market to temporarily crash?

The real takeaway from the hack, Rogers told me, has nothing to do with what attackers did with their access. Instead, we should focus on the fact that apparently unsophisticated hackers were able to gain access at all. Moreover, Rogers said, we should ask why hijacking a government-run channel of communication is so easy in the first place.

"The conversation should be about how a high-profile military social media account had none of the industry-recommended security steps like two-step verification," Rogers told me. "It's hardly surprising that it got hacked, but whenever you have a sensitive account being broken into, it's not something to be written off."

According to a Wall Street Journal report, government officials investigating the hack noted that the CENTCOM account did not make use of basic security features like the aforementioned two-step verification, which requires users to login using a separate device as well as their desktop, and the account was apparently registered with a private email address and not a military address.

Immediately after the hack, the US General Services Administration began disseminating best security practices for government social media managers, and ordered an audit of military accounts, BuzzFeed reported.

We're back! CENTCOM temporarily suspended its Twitter account after an act of cybervandalism. Read more: — U.S. Central Command (@CENTCOM)January 13, 2015

CENTCOM re-launched hours after the account was suspended, with a blue checkmark indicating that the agency is now verified by Twitter—a basic measure that ensures the account user is who they say they are and indicates that they have already taken some corrective measures.

"If you look at all the hacks recently, they all happened because best practices were not being met—people are clicking on links that they shouldn't and storing account information on unencrypted databases," Rogers explained. "If best practices were being met, I dare say that these types of attacks wouldn't happen."