The FBI is investigating the hacking of the US Central Command’s Twitter and YouTube accounts by a group claiming to back Islamic State which calls itself CyberCaliphate.
But CentCom has issued a statement describing the incident “purely as a case of cybervandalism”.
“CentCom’s operational military networks were not compromised and there was no operational impact to US Central Command,” the statement said.
According to CentCom, the social media sites were compromised for approximately 30 minutes, but reside on “commercial, non-Defense Department servers”.
Both sites were taken offline to clean up messages and internal military documents posted by the hackers, but were restored several hours later around 0300 UK time.
CentCom said an initial assessment indicated no classified information was posted and none of the information posted came from CentCom’s server or social media sites.
“We are notifying appropriate DoD and law enforcement authorities about the potential release of personally identifiable information and will take appropriate steps to ensure any individuals potentially affected are notified as quickly as possible,” that statement said.
Obama speech timing
Commentators said the hacking of the social media accounts appeared to be timed to coincide with a speech by president Barack Obama on cyber security to cause maximum embarrassment.
Obama said the recent major security breaches at US retailers and Sony Pictures Entertainment were a direct threat to the economic security of the US and had to be stopped.
A White House spokesman said the US was investigating the extent of the CentCom compromise, but said there was a significant difference between a large data breach and the hacking of a Twitter account.
An unnamed Pentagon official told Reuters the hacking was an embarrassment, but did not appear to be a security threat.
Ken Westin, senior security analyst at Tripwire, said it was no coincidence that the CentCom social media accounts were compromised as Obama announced new cyber safeguards.
“The CyberCaliphate to date has been adept in utilising website defacements as a means of propaganda in support of Islamic State,” he said.
According to Westin, the latest action against CentCom’s social media accounts is an escalation that should concern the US government.
“The fact they were able to compromise the accounts should force the government to re-evaluate their security policies when it comes to social media,” he said.
For example, Google and Twitter both provide two-factor authentication, but it is not clear whether this safeguard was used for the compromised CentCom accounts.
“If two-factor authentication was not used, it would show a serious lapse in security,” said Westin.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK