Embarrassing, sure. But classified info apparently secure
Live by the tweet, die by the tweet.
The latest cyberwar skirmish involves an embarrassing—but apparently nothing more—breach of U.S. Central Command’s social-media accounts by alleged Islamist hackers. Nonetheless, it’s a black eye for the Pentagon, with its multi-billion-dollar preoccupation with cybersecurity.
Centcom is the regional Pentagon command that oversees U.S. military action in 20 nations stretching from Egypt to Pakistan, including the wars in Afghanistan and Iraq. Centcom, which is based at MacDill Air Force Base in Tampa, Fla., began displaying messages allegedly from the Islamic State of Iraq and Greater Syria starting about 12:30 p.m. EST on its Twitter account. At least two ISIS YouTube posts also showed up in Centcom’s account on the video site.
“AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS.” the first apparently non-official Twitter message said (ISIS doesn’t refer to itself as “ISIS,” which immediately led to speculation in the Pentagon and elsewhere that the hackers might not be who they claim to be).
It was followed in quick succession by others. “ISIS is already here, were are in your PCs, in each military base,” a second tweet said. “We know everything about you, your wives and children.”
But a quick review of documents posted suggested they are unclassified. At most, they appear to fall into the category of documents the Pentagon often labels “for official use only,” which are routinely posted on the Internet by the Pentagon itself. Reporters located posted documents involving U.S. military acquisition and strategy on public Pentagon websites.
Twitter suspended Central Command’s account shortly after 1 p.m., with all the prior posts—both legitimate and otherwise—inaccessible.
About 5 p.m. Monday, Centcom issued a statement saying the breaches didn’t affect “operational military networks” and that apparently no classified data was jeopardized. “We are viewing this purely as a case of cybervandalism,” Centcom said. The social-media accounts, it added, “reside on commercial, non-Defense Department servers.”
In an interview broadcast Sunday, the chairman of the Joint Chiefs of Staff warned that while the Pentagon has an edge when it comes to firepower, it’s merely tied with prospective foes when it comes to cyber warfare. “We don’t have an advantage,” Army General Martin Dempsey told Fox News. “It’s a level playing field, and that makes this chairman very uncomfortable.”
Shortly before the hack began, President Obama was speaking at the Federal Trade Commission on computer security. “This extraordinary interconnection creates enormous opportunities but also creates enormous vulnerabilities for us as a nation and for our economy and for individual families,” he said. “If we are going to be connected, then we need to be protected.”
The White House said that a Twitter hack isn’t the same thing as a major data breach, like Sony recently experienced. “This is something that we’re obviously looking into and something that we take seriously,” White House spokesman Josh Earnest said.
As the Centcom attack unfolded, the Government Accountability Office was issuing a report warning of the soft underbelly of the U.S. government’s dependence on networked computer systems. “To further highlight the importance of the threat, on October 11, 2012, the Secretary of Defense stated that the collective result of attacks on our nation’s critical infrastructure could be ‘a cyber Pearl Harbor, an attack that would cause physical destruction and the loss of life,’” the GAO said.
Thankfully, except for a few outfits, social media doesn’t yet constitute “critical infrastructure.”
– With reporting by Zeke Miller