Twitter and YouTube accounts belonging to the military’s US Central Command were hacked on Monday. Hackers supportive of the terrorist group Islamic State, also known as ISIS, took credit and issued a warning to the US military.
“AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS,” the hackers tweeted through the account for the US Central Command, which is the military command for the Middle East, North Africa, and Central Asia. The tweet included a link to a statement that read in part:
“While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you,” it read. “You’ll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now. We won’t stop! We know everything about you, your wives and children. U.S. soldiers! We’re watching you!”
The group also replaced the Twitter profile image with an image of a person wearing a black and white keffiyeh, and the text CyberCaliphate and “i love you isis.”
Forty minutes after the first hacked tweet, Twitter suspended the account.
According to news reports, the hackers also posted images of spreadsheets that purported to contain the home addresses and other contact information for retired US Army generals and other images purporting to be US military maps and plans. The Pentagon appeared to confirm the authenticity of the information, telling reporters that the exposed information was not classified and that the images came not from the government but from the Massachusetts Institute of Technology.
ISIS threatened Twitter last year, after the social networking site deleted an account it was using to publish videos showing the beheading of journalist and aid workers in the Middle East. In this case, it’s likely that the person responsible for maintaining CENTCOM’s social networking accounts was probably hacked, giving the hackers access to the Twitter and YouTube accounts.
The hack on Monday coincided with an address President Obama was giving about cybersecurity and identity theft at the Federal Trade Commission. His speech, meant to bolster cybersecurity legislation that the White House wants Congress to pass, called for better data protection and better disclosure about breaches. The White House hopes Congress will pass a bill that would require companies to notify customers within 30 days if their personal information is stolen in a breach. The president cited the recent hacks at Target, Home Depot and Sony as primary reasons why Congress should pass the Personal Data Notification and Protection Act. The bill would help unify a multitude of state breach laws that currently exist. Lawmakers have tried for nearly a decade to pass a federal bill to replace the patchwork of state laws, but have repeatedly failed, in part because either the laws didn’t go far enough or went too far.
The president also urged Congress to pass the Student Data Privacy Act, which would prevent information collected about students from being used for anything but educational purposes. The visit to the FTC is part of a week-long push to pass various legislation. The FTC visit focused on legislation to protect the privacy of consumers and reduce identity theft.
With regard to the data breach legislation, Obama said that the current patchwork of laws is confusing for consumers and companies. “In recent breaches, more than 100 million Americans have had their personal data compromised, like credit card information. When these cyber criminals start racking up charges on your card, it can destroy your credit rating. It can turn your life upside down. … Sometimes, folks don’t even find out their credit card information has been stolen until they see charges on their bill, and then it’s too late.”
On Tuesday, the president will be speaking at the Department of Homeland Security about ways to better defend ourselves against cyberattacks.