Tuesday 18 June 2019

Hacking social media site not the same as hacking Pentagon

President Barack Obama speaks at the National Cybersecurity and Communications Integration Center on Tuesday. Obama renewed his call for Congress to pass cybersecurity legislation, including a proposal that encourages companies to share threat information with the government and protects them from potential lawsuits if they do (AP Photo/Evan Vucci)
President Barack Obama speaks at the National Cybersecurity and Communications Integration Center on Tuesday. Obama renewed his call for Congress to pass cybersecurity legislation, including a proposal that encourages companies to share threat information with the government and protects them from potential lawsuits if they do (AP Photo/Evan Vucci)
The US Central Command Twitter feed after it was hacked (REUTERS)

Peter Foster

The Obama administration was understandably anxious to play down the significance of a hacking attack that took over the US military command's Twitter and YouTube accounts.

White House spokesman Josh Earnest insisted that there was a difference "between a large data breach and the hacking of a Twitter account".

Nonetheless a major investigation has been launched to establish how Jihadi sympathisers accessed the sites. The ability of hackers to compromise official accounts was " an escalation that should cause concern for the US government," said Ken Westin, senior security analyst at Tripwire, a US cybersecurity company.

"The fact they were able to compromise the accounts should force the government to re-evaluate their security policies when it comes to social media," he added.

A 2013 attack of the Twitter account of the news agency, the Associated Press featuring an erroneous posting about explosions at the White House triggered a stock-market decline.

As a result of that incident, Twitter revamped its security by offering a two-step authentication process, making it harder for outsiders to gain access to an account.

In addition to a password, the security measure requires a code sent via text message to a user's mobile phone, or generated on a device or software.

However - and this is seen as crucial in explaining the latest cyber breach - Twitter and YouTube accounts for large organisations such as the military are more difficult to manage because dozens of people usually need log-in credentials, according to Jeff Williams, co-founder and chief technology officer at Contrast Security, a software security company in California.

For that reason, he believes that it's doubtful that Central Command used two-factor authentication, Williams concluded.

Twitter said it was helping the Pentagon. Google, which owns YouTube, would not comment.

While the hackers reached only social-media accounts, not government websites or networks, such attacks can incite panic and cause damage.

The hackers claiming links to Isis vowed to take revenge against US soldiers serving in Syria and Iraq.

They got control of both the @CentCom Twitter and YouTube accounts for over half an hour on Monday night , posting blood-curdling messages including: "American soldiers, we are coming. Watch your back."

By doing so they scored a major propaganda coup. They replaced CentCom's usual logo with the image of a hooded fighter and the words "CyberCaliphate" and "I love you Isis".

Last night Dr Dylan Lehrke, an analyst who specialises in the Americas for Jane's Information Group -a British publishing company specialising in military topics- pointed out that several of the so called "secret" items which were revealed online were actually available in open-source forums anyway and were not classified.

"At a first glance, nothing that I see strikes me as something that is highly classified, or possibly even classified," he said. (© Daily Telegraph, London)

Telegraph.co.uk

Today's news headlines, directly to your inbox every morning.

Editors Choice

Also in World News