Hackers scored a propaganda victory for the Islamic State of Iraq and Syria on Monday when they hijacked the Twitter and YouTube accounts belonging to the U.S. military command leading the war against the extremist group.
U.S. Central Command acknowledged the “cybervandalism” and said “operational military networks were not compromised and there was no operational impact to U.S. Central Command.”
The White House also downplayed the attack, with spokesman Josh Earnest saying “there’s a significant difference over what is a large data breach and the hacking of a Twitter account,” referring to the large cyberattacks against Target, Home Depot, JPMorgan Chase and, most recently, Sony Pictures Entertainment.
But even if its impact on data security were minimal, the cyberattack was an embarrassing reminder that the United States remains vulnerable, even after years of effort to shore up its defenses. Central Command controls U.S. forces in the Middle East and south Asia, and its social media accounts play a major role in one of the most important theaters of the fight against the Islamic State: the battle of ideas, where the extremists continue to have a level of success that disturbs many officials and experts worldwide.
“The United States and its allies can wait no longer for a comprehensive strategy to fight extremists’ unfettered abuse of social media platforms. The threat is now at the doorstep of our government,” said the Counter Extremism Project, a private group working to fight the spread of radical Islamist ideologies.
Just a day before the hackers struck, Joint Chiefs of Staff Chairman Gen. Martin Dempsey noted that cyber is one area where “we don’t have an advantage. It’s a level playing field. And that makes this chairman very uncomfortable.”
On Twitter, the hackers posted a message: “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS,” and then posted rosters of what appeared to be a list of home addresses, phone numbers and email addresses of retired U.S. Army generals, with slides of intelligence collection priorities in China and possible war scenarios on the Korean peninsula.
Hackers also posted pro-jihadi videos on the command’s YouTube account.
The networks targeted by the hackers were private, and Central Command officials said “no classified information was posted and … none of the information posted came from CENTCOM’s server or social media sites.” Officials also said any individuals whose personal information was leaked would be notified and the breach would be investigated by the appropriate authorities.
“I am very concerned about the potential safety risk this hacking poses to our servicemembers,” said Rep. Michael Turner, R-Ohio, a senior member of the House Armed Services Committee. “The issue here is not social media. The issue is what other systems may have been compromised.”
But even if other systems weren’t compromised, the attack should be seen as a wake-up call that many of the threats the U.S. faces — such as terrorism and cyberattacks — are converging, said Blaise Misztal, director of foreign policy for the Bipartisan Policy Center.
“I think we’ll really see all these battlefields merging into one in ways that we’re not set up to deal with yet,” he said.
The fact that a breach in a private network could hurt the military is the latest sign of how cybersecurity concerns are intertwined, he said.
Legislation in Congress to deal with those concerns by allowing more information-sharing between government and private industry died in Congress last year over concerns about privacy and confidentiality, even though it passed the House with bipartisan support. It was the second time in a row that such legislation had failed to advance.
Rep. C.A. “Dutch” Ruppersberger, D-Md., reintroduced the bill on Thursday, saying that the recent hack of Sony Pictures Entertainment, which was blamed on North Korea, showed that the legislation is urgently needed.
“We must stop dealing with cyberattacks after the fact,” he said.
