Why the CENTCOM Hack Was No Big Deal
On September 11, 2014, the Daily Mail posted an article stating that ISIS is recruiting skilled hackers to develop cyber attack capabilities. ISIS was said to be building what they called a “Cyber Caliphate.”
On January 12, 2015, the Cyber Caliphate appeared to have struck by hacking into the Twitter and YouTube accounts of CENTCOM, the U.S. Central Command, one of nine unified commands in the United States military that’s responsible for the Middle East and parts of central Asia. The group posted what appeared to be leaked military documents, and touted “We broke into your networks and personal devices and know everything about you.”
The question is, how serious is this attack, and how serious is this new threat calling itself the “Cyber Caliphate”? Is there reason to panic?
First, it’s important to note that there are two aspects of this attack: the hacked Twitter and YouTube accounts, and the leaked documents. While it’s embarrassing that CENTCOM’s Twitter and YouTube accounts were hacked, this type of incident is stupendously common. From Russia’s Prime Minister Dmitry Medvedev to the Israeli Defense Forces Spokesperson, famous individuals’ and organizations’ social media accounts are often targeted by hackers trying to embarrass or spread propaganda. In most of these cases, the breach is a standalone event made possible by a weak password. It does not suggest the hacker was able to get his hands on truly sensitive materials.
But the CENTCOM case is different, because the attackers posted on CENTCOM’s accounts what they claim to be sensitive documents. For this reason, it’s important to take a closer look at this group’s activities in order to discern whether there’s need for panic.
Cyber Army, or Hacktivist group?
Although ISIS claims to be developing a capable “Cyber Army,” this attack shares similar characteristics with one a Hacktivist group may carry out. First, the attackers have rather childishly changed CENTCOM’s Twitter background to an image of a Jihadist with the wording “I love you ISIS.” This message has also been posted on Pastebin.com, the website of choice for Hacktivists publishing their messages.
Second, the same group that hacked into CENTCOM’s Twitter account has also breached and defaced the Twitter account of a local news organization using the exact same graphics, further suggesting this was an attack performed by a Hacktivist group and not a “Cyber Army.”
Hacktivists don’t have the best reputation for accuracy. In many incidents where Hacktivists claimed to have breached an organization, it turned out they simply got hold of information that had already been available to the public or they downright falsified data and claimed it was part of a “breach.” Hacktivism is more often about propaganda and less about causing actual damage.
What about the breached documents?
Any claim by a hacking group regarding breached documents should always be authenticated. There have been quite capable Hacktivist groups in the past, such as LulzSec, and the “Cyber Caliphate” may be no different. While their warnings that they are “in each military base” are most likely pure propaganda, the question remains: was the leaked data in this attack real? Has it been obtained from an actual breach?
Once the hackers published the documents, experts around the world began checking whether or not they were publicly available prior to the breach. Thankfully, it seems the documents posted in the CENTCOM attack were previously available, as confirmed by Steve Regan. What this means is that the damage caused by this attack is mainly embarrassment, and the “Cyber Caliphate” is yet another player in the already-crowded Hacktivist space.
Making the distinction between a “Cyber Army” and “Hacktivist Group” here is important because the “Cyber Caliphate” that attacked CENTCOM may not be the same “Cyber Caliphate” ISIS has threatened to be building. Alternatively, it may mean that this is what we can expect from ISIS—Hacktivist level attacks and not the much more dangerous “Advanced Persistent Threat” attacks carried out by government organizations around the world (the likes of which have breached or attempted to breach Google, Lockheed Martin and many other companies).
So, should we worry about this “Cyber Caliphate”?
Hacktivist tactics like hacking into Twitter accounts seems to be the modus operandi of the “Cyber Caliphate,” and we can only expect these types of attacks to continue going forward. Considering that the damage from these types of attacks is limited, the threat of this group to governments and militaries should remain relatively small. Still, these hacker groups are an opportunistic and ambitious lot, and they may use their abilities to try to gain control over other accounts belonging to militaries, organizations or even ordinary users in order to spread their propaganda. This propaganda can become dangerous if it is used to induce panic or incite violence. While the threat level is not high we should remain vigilant. Once again, we’re reminded to secure our online identity. There are always those who would wish to exploit it.
Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.