U.S. Central Command Hit by Hackers

Command Central Hackers

Photo courtesy of US CENTCOM/Dept. of Defense

U.S. Central Command Hit by Hackers
| published January 13, 2015 |

By Thursday Review staff

 

Cyber-attacks and hacking has been in the news a lot of late, and the news has not been good.

Sony took a beating twice—in late November in a cyber-attack on its huge Sony Pictures Entertainment unit in Culver City, California, then, a few weeks later, when its platform for online gaming was shut down for about four days. And for much of last year, the talk never stopped regarding data security and identity theft. Major data breaches during the 2013 shopping season at Target, Michael’s and Neiman Marcus were followed in the spring by cyber-attacks against Home Depot and JPMorgan Chase.

But this week, a more troubling event occurred, one which brought embarrassment to a major U.S. military operation and raised the hackles of members of Congress already concerned that the United States is unprepared for cyber war.

On Monday, the U.S. Central Command, also known in military parlance and in government circles as CENTCOM, found its social media accounts hacked by a group calling itself The Cyber Caliphate. The hackers claim to have direct associations to both ISIS and al Qaeda.

The hackers seized control of CENTCOM’s Twitter feed, Facebook page, You Tube accounts, and other social media platforms, replacing some images and videos with material the hackers chose. The social media sites were also hijacked to include warnings and text message threats. Anonymous posts claimed that the Cyber Jihadists had broken into the networks to steal information about soldiers and officers, harvesting personal data and crucial information—including, though the Pentagon would not confirm this, full names and home addresses of top generals and other military staff.

CENTCOM and Pentagon spokespersons quickly assured reporters that no crucial military information had been stolen. Most of the data which the Cyber Caliphate reposted was apparently declassified, or information never classified in the first place. The hacked material circulating on the internet in the hours after the cyber-attack seemed to be largely innocuous, generalized information—charts, graphs, spreadsheets, world maps—which did not include sensitive data or top secret information.

The hacked Twitter and You Tube accounts were cancelled, then, reconstructed. Stolen data included links to files called “lists of U.S. Army Officers” and “U.S. Army Budget,” but most military and security analysts have said the files shared from the Central Command’s social media sites are not classified and contain mostly information already available through a variety of other websites, publications, and government materials.

“CENTCOM’s operational military networks,” a Pentagon statement read, “were not compromised and there was no operational impact to U.S. Central Command. CENTCOM will restore service to its Twitter and You Tube accounts as quickly as possible.”

The statement concluded by characterizing the attack as “a case of cyber-vandalism.”

But the cyber assault did raise troubling questions for security experts, and some members of Congress, concerned that the data breach against the Central Command may be the first in a series of increasingly penetrative attacks against the U.S. military and government agencies. The FBI said it was already investigating the breach, but offered no additional information about the attack.

Among CENTCOM’s primary missions is to direct military operations in the Middle East, a broad range of responsibility which currently includes airstrikes against ISIS targets in Syria and Iraq, as well as the military drawdown in Afghanistan. CENTCOM would also have operational responsibility for any areas of U.S. military engagement in the wider Middle East, including Pakistan, Jordan, Saudi Arabia, and the Persian Gulf.

Related Thursday Review articles:

U.S. Formally Ends Afghanistan War; Thursday Review staff; Thursday Review; December 29, 2014.

Hacker Versus Hacker; R. Alan Clanton; Thursday Review; December 31, 2014.