U.S. Central Command (Centcom) Gets Hacked

U.S. Central Command, responsible for the military’s activities in Iraq, Afghanistan, Iran, Saudi Arabia, Syria and a number of other countries in that region was the victim of a hack earlier today.

Centcom’s Twitter feed and You Tube channel were compromised and defaced.

Twitter quickly disabled the feed but not before some charts and contact information for some military personnel was posted.  The You Tube feed had some jihadist videos posted to it and is now down with a message that says “This account has been terminated due to repeated or severe violations of our Community Guidelines.”

While some people said that classified information was posted, that does not appear to be the case.  Probably the biggest concern was the posting of personal information for some senior military personnel, including some generals.

This all happened at the same time President Obama was making a cyber security speech.

Most likely, this occurred as a result of some social media person getting their credentials phished.

What was the biggest casualty of this event was the ego of Central Command.  As a military organization responsible for hundreds of thousands of U.S. troops and the wars in Iraq and Afghanistan, it is more than a little embarrassing to have your social media presence hacked and your message compromised.

The lesson to be learned is that even though there is not a lot of sensitive information on things like Twitter and You Tube, there is a potentially significant negative press associated with your brand being on the CNN and Fox News message crawls at the bottom of the screen all day.  My guess is that Centcom will add two factor authentication before these social media feeds are turned on again.  I would also recommend that social media access be conducted from a dedicated console, separate from email and web surfing, to reduce the risk from phishing attacks.

The good news is that this will likely be forgotten in a few days.

Except for the person who had their credentials compromised.