What you need to know about the CentCom hack

Evan Bartlett@ev_bartlett
Tuesday 13 January 2015 10:40
Science and Tech

What happened?

The Twitter and YouTube accounts of the United States government Central Command were hacked last night by a group claiming to be associated with Isis (who call themselves Islamic State).

Personal information about senior officers was posted on the organisation's Twitter page along with death threats and claims that the Pentagon's servers had been hacked.

Among the messages were: "You'll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. With Allah's permission we are in CentCom now."

What is CentCom?

Central Command, shortened to CentCom, is the part of the US military that is responsible for combat in the Middle East, North Africa, and Central Asia - including countries like Afghanistan, Iran, Iraq and Syria.

How serious was the breach?

Much of the information posted on the accounts appeared to be publicly-available, including the names and addresses of retired officers.

US government officials were quick to play down the attack. A US Defence Department spokesperson said nothing in the trove of information was classified. A Pentagon official said that while the breach was certainly an embarrassment to the US government, it was “not a security threat”.

Many commentators on Twitter have pointed to the public sources of the information posted:

Nevertheless, the fact that such a public-facing body of the Pentagon - CentCom has 119k followers - can be breached is still being described as an embarrassment, particularly with its multi-billion dollar defence budget.

The fact that former officers were also singled out with personal information published widely could also be a security concern. CentCom has said it will work with the Department of Defence and police authorities to protect those involved.

Do we know for sure it was Isis?

Those who hacked the account said they represented the militant group that has taken control of swathes of land in Iraq and Syria and claimed it was part of the "CyberCaliphate".

However, some critics have pointed out that the style of the hack and some of the terminology used was more reminiscent of the anti-Isis, pro-Assad Syrian Electronic Army (SEA). SEA was responsible for the cyber-attacks on a number of international media websites, including this one, in November.

Other theories are that it could simply be a disgruntled former employee in an act of vengeance.

Are things back to normal now?

Yes. CentCom issued a statement explaining the sites "reside on commercial, non-Defence Department servers" and both that sites had temporarily been taken down while they fixed the issue.

"In the meantime," they explained, "our initial assessment is that no classified information was posted and that none of the information posted came from CentCom's server or social media sites."

Both the Twitter and YouTube accounts are back up and running. The Facebook, Flickr and Pinterest pages were all unaffected and as Gawker's Adam Weinstein - a former military PR man - points out: "Why the hell the theater-level headquarters for military operations across 20 countries needs a Pinterest page flummoxes even me."

More: This is what happened with the Syrian Electronic Army hack

Trending